Patch "x86/cfi,bpf: Fix bpf_exception_cb() signature" has been added to the 6.7-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Thu, 1 Feb 2024 12:02:06 -0500

This is a note to let you know that I've just added the patch titled

    x86/cfi,bpf: Fix bpf_exception_cb() signature

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-cfi-bpf-fix-bpf_exception_cb-signature.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 0b77069fa618bd8243864fdc2413dac59b9f39df
Author: Alexei Starovoitov <ast@xxxxxxxxxx>
Date:   Fri Dec 15 10:12:23 2023 +0100

    x86/cfi,bpf: Fix bpf_exception_cb() signature
    
    [ Upstream commit 852486b35f344887786d63250946dd921a05d7e8 ]
    
    As per the earlier patches, BPF sub-programs have bpf_callback_t
    signature and CFI expects callers to have matching signature. This is
    violated by bpf_prog_aux::bpf_exception_cb().
    
    [peterz: Changelog]
    Reported-by: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
    Signed-off-by: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
    Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
    Link: https://lkml.kernel.org/r/CAADnVQ+Z7UcXXBBhMubhcMM=R-dExk-uHtfOLtoLxQ1XxEpqEA@xxxxxxxxxxxxxx
    Link: https://lore.kernel.org/r/20231215092707.910319166@xxxxxxxxxxxxx
    Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 7a7859a5cce4..cfc6d2f98058 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1447,7 +1447,7 @@ struct bpf_prog_aux {
 	int cgroup_atype; /* enum cgroup_bpf_attach_type */
 	struct bpf_map *cgroup_storage[MAX_BPF_CGROUP_STORAGE_TYPE];
 	char name[BPF_OBJ_NAME_LEN];
-	unsigned int (*bpf_exception_cb)(u64 cookie, u64 sp, u64 bp);
+	u64 (*bpf_exception_cb)(u64 cookie, u64 sp, u64 bp, u64, u64);
 #ifdef CONFIG_SECURITY
 	void *security;
 #endif
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 991186520af0..b3053af6427d 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -2509,7 +2509,7 @@ __bpf_kfunc void bpf_throw(u64 cookie)
 	 * which skips compiler generated instrumentation to do the same.
 	 */
 	kasan_unpoison_task_stack_below((void *)(long)ctx.sp);
-	ctx.aux->bpf_exception_cb(cookie, ctx.sp, ctx.bp);
+	ctx.aux->bpf_exception_cb(cookie, ctx.sp, ctx.bp, 0, 0);
 	WARN(1, "A call to BPF exception callback should never return\n");
 }
 







