This is a note to let you know that I've just added the patch titled bpf: Convert PTR_TO_MEM_OR_NULL to composable types. to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: bpf-convert-ptr_to_mem_or_null-to-composable-types.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Fri Apr 29 11:02:06 AM CEST 2022 From: Hao Luo <haoluo@xxxxxxxxxx> Date: Thu, 28 Apr 2022 16:57:47 -0700 Subject: bpf: Convert PTR_TO_MEM_OR_NULL to composable types. To: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> Cc: Alexei Starovoitov <ast@xxxxxxxxxx>, Andrii Nakryiko <andrii@xxxxxxxxxx>, Daniel Borkmann <daniel@xxxxxxxxxxxxx>, laura@xxxxxxxxxxxx, Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>, stable@xxxxxxxxxxxxxxx, Hao Luo <haoluo@xxxxxxxxxx> Message-ID: <20220428235751.103203-7-haoluo@xxxxxxxxxx> From: Hao Luo <haoluo@xxxxxxxxxx> commit cf9f2f8d62eca810afbd1ee6cc0800202b000e57 upstream. Remove PTR_TO_MEM_OR_NULL and replace it with PTR_TO_MEM combined with flag PTR_MAYBE_NULL. Signed-off-by: Hao Luo <haoluo@xxxxxxxxxx> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx> Link: https://lore.kernel.org/bpf/20211217003152.48334-7-haoluo@xxxxxxxxxx Cc: stable@xxxxxxxxxxxxxxx # 5.15.x Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- include/linux/bpf.h | 1 - kernel/bpf/btf.c | 2 +- kernel/bpf/verifier.c | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -502,7 +502,6 @@ enum bpf_reg_type { PTR_TO_SOCK_COMMON_OR_NULL = PTR_MAYBE_NULL | PTR_TO_SOCK_COMMON, PTR_TO_TCP_SOCK_OR_NULL = PTR_MAYBE_NULL | PTR_TO_TCP_SOCK, PTR_TO_BTF_ID_OR_NULL = PTR_MAYBE_NULL | PTR_TO_BTF_ID, - PTR_TO_MEM_OR_NULL = PTR_MAYBE_NULL | PTR_TO_MEM, /* This must be the last entry. Its purpose is to ensure the enum is * wide enough to hold the higher bits reserved for bpf_type_flag. --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -5719,7 +5719,7 @@ int btf_prepare_func_args(struct bpf_ver return -EINVAL; } - reg->type = PTR_TO_MEM_OR_NULL; + reg->type = PTR_TO_MEM | PTR_MAYBE_NULL; reg->id = ++env->id_gen; continue; --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -13135,7 +13135,7 @@ static int do_check_common(struct bpf_ve mark_reg_known_zero(env, regs, i); else if (regs[i].type == SCALAR_VALUE) mark_reg_unknown(env, regs, i); - else if (regs[i].type == PTR_TO_MEM_OR_NULL) { + else if (base_type(regs[i].type) == PTR_TO_MEM) { const u32 mem_size = regs[i].mem_size; mark_reg_known_zero(env, regs, i); Patches currently in stable-queue which might be from haoluo@xxxxxxxxxx are queue-5.15/bpf-replace-ret_xxx_or_null-with-ret_xxx-ptr_maybe_null.patch queue-5.15/bpf-introduce-mem_rdonly-flag.patch queue-5.15/bpf-make-per_cpu_ptr-return-rdonly-ptr_to_mem.patch queue-5.15/bpf-introduce-composable-reg-ret-and-arg-types.patch queue-5.15/bpf-add-mem_rdonly-for-helper-args-that-are-pointers-to-rdonly-mem.patch queue-5.15/bpf-replace-arg_xxx_or_null-with-arg_xxx-ptr_maybe_null.patch queue-5.15/bpf-replace-ptr_to_xxx_or_null-with-ptr_to_xxx-ptr_maybe_null.patch queue-5.15/bpf-fix-crash-due-to-out-of-bounds-access-into-reg2btf_ids.patch queue-5.15/bpf-convert-ptr_to_mem_or_null-to-composable-types.patch queue-5.15/bpf-selftests-test-ptr_to_rdonly_mem.patch