Hi Linus, The following changes since commit ae90f6a6170d7a7a1aa4fddf664fbd093e3023bc: Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf (2024-10-24 16:53:20 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git tags/bpf-fixes for you to fetch changes up to c40dd8c4732551605712985bc5b7045094c6458d: bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled (2024-10-31 16:15:21 +0100) ---------------------------------------------------------------- BPF fixes: - Fix BPF verifier to force a checkpoint when the program's jump history becomes too long (Eduard Zingerman) - Add several fixes to the BPF bits iterator addressing issues like memory leaks and overflow problems (Hou Tao) - Fix an out-of-bounds write in trie_get_next_key (Byeonguk Jeong) - Fix BPF test infra's LIVE_FRAME frame update after a page has been recycled (Toke Høiland-Jørgensen) - Fix BPF verifier and undo the 40-bytes extra stack space for bpf_fastcall patterns due to various bugs (Eduard Zingerman) - Fix a BPF sockmap race condition which could trigger a NULL pointer dereference in sock_map_link_update_prog (Cong Wang) - Fix tcp_bpf_recvmsg_parser to retrieve seq_copied from tcp_sk under the socket lock (Jiayuan Chen) Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx> ---------------------------------------------------------------- Alexei Starovoitov (1): Merge branch 'fixes-for-bits-iterator' Byeonguk Jeong (2): bpf: Fix out-of-bounds write in trie_get_next_key() selftests/bpf: Add test for trie_get_next_key() Cong Wang (1): sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() Eduard Zingerman (3): bpf: Force checkpoint when jmp history is too long selftests/bpf: Test with a very short loop bpf: disallow 40-bytes extra stack for bpf_fastcall patterns Hou Tao (5): bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() bpf: Add bpf_mem_alloc_check_size() helper bpf: Check the validity of nr_words in bpf_iter_bits_new() bpf: Use __u64 to save the bits in bits iterator selftests/bpf: Add three test cases for bits_iter Jiayuan Chen (1): bpf: fix filed access without lock Toke Høiland-Jørgensen (1): bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled include/linux/bpf_mem_alloc.h | 3 + kernel/bpf/helpers.c | 54 ++++++++-- kernel/bpf/lpm_trie.c | 2 +- kernel/bpf/memalloc.c | 14 ++- kernel/bpf/verifier.c | 23 ++--- net/bpf/test_run.c | 1 + net/core/sock_map.c | 4 + net/ipv4/tcp_bpf.c | 7 +- .../bpf/map_tests/lpm_trie_map_get_next_key.c | 109 +++++++++++++++++++++ .../selftests/bpf/progs/verifier_bits_iter.c | 61 +++++++++++- .../selftests/bpf/progs/verifier_bpf_fastcall.c | 55 ----------- .../selftests/bpf/progs/verifier_search_pruning.c | 23 +++++ tools/testing/selftests/bpf/veristat.cfg | 1 + 13 files changed, 269 insertions(+), 88 deletions(-) create mode 100644 tools/testing/selftests/bpf/map_tests/lpm_trie_map_get_next_key.c