Patch "bpf: Resolve fext program type when checking map compatibility" has been added to the 6.0-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    bpf: Resolve fext program type when checking map compatibility

to the 6.0-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bpf-resolve-fext-program-type-when-checking-map-comp.patch
and it can be found in the queue-6.0 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 7df70a17b4a10472af8278f9df58474da189ac30
Author: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
Date:   Thu Dec 15 00:02:53 2022 +0100

    bpf: Resolve fext program type when checking map compatibility
    
    [ Upstream commit 1c123c567fb138ebd187480b7fc0610fcb0851f5 ]
    
    The bpf_prog_map_compatible() check makes sure that BPF program types are
    not mixed inside BPF map types that can contain programs (tail call maps,
    cpumaps and devmaps). It does this by setting the fields of the map->owner
    struct to the values of the first program being checked against, and
    rejecting any subsequent programs if the values don't match.
    
    One of the values being set in the map owner struct is the program type,
    and since the code did not resolve the prog type for fext programs, the map
    owner type would be set to PROG_TYPE_EXT and subsequent loading of programs
    of the target type into the map would fail.
    
    This bug is seen in particular for XDP programs that are loaded as
    PROG_TYPE_EXT using libxdp; these cannot insert programs into devmaps and
    cpumaps because the check fails as described above.
    
    Fix the bug by resolving the fext program type to its target program type
    as elsewhere in the verifier.
    
    v3:
    - Add Yonghong's ACK
    
    Fixes: f45d5b6ce2e8 ("bpf: generalise tail call map compatibility check")
    Acked-by: Yonghong Song <yhs@xxxxxx>
    Signed-off-by: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20221214230254.790066-1-toke@xxxxxxxxxx
    Signed-off-by: Martin KaFai Lau <martin.lau@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index 184b957e28ad..1eac74cacc96 100644
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -634,7 +634,7 @@ static inline u32 type_flag(u32 type)
 }
 
 /* only use after check_attach_btf_id() */
-static inline enum bpf_prog_type resolve_prog_type(struct bpf_prog *prog)
+static inline enum bpf_prog_type resolve_prog_type(const struct bpf_prog *prog)
 {
 	return prog->type == BPF_PROG_TYPE_EXT ?
 		prog->aux->dst_prog->type : prog->type;
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index c4600a5781de..7d315c94b80a 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -2088,6 +2088,7 @@ static unsigned int __bpf_prog_ret0_warn(const void *ctx,
 bool bpf_prog_map_compatible(struct bpf_map *map,
 			     const struct bpf_prog *fp)
 {
+	enum bpf_prog_type prog_type = resolve_prog_type(fp);
 	bool ret;
 
 	if (fp->kprobe_override)
@@ -2098,12 +2099,12 @@ bool bpf_prog_map_compatible(struct bpf_map *map,
 		/* There's no owner yet where we could check for
 		 * compatibility.
 		 */
-		map->owner.type  = fp->type;
+		map->owner.type  = prog_type;
 		map->owner.jited = fp->jited;
 		map->owner.xdp_has_frags = fp->aux->xdp_has_frags;
 		ret = true;
 	} else {
-		ret = map->owner.type  == fp->type &&
+		ret = map->owner.type  == prog_type &&
 		      map->owner.jited == fp->jited &&
 		      map->owner.xdp_has_frags == fp->aux->xdp_has_frags;
 	}



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux