Patch "bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP" has been added to the 6.12-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 27 Dec 2024 10:06:30 -0500

This is a note to let you know that I've just added the patch titled

    bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP

to the 6.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bpf-fix-bpf_get_smp_processor_id-on-config_smp.patch
and it can be found in the queue-6.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 3dd03a0c419509c2c7fbe9ee3b74f882d510e06b
Author: Andrea Righi <arighi@xxxxxxxxxx>
Date:   Tue Dec 17 20:58:13 2024 +0100

    bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP
    
    [ Upstream commit 23579010cf0a12476e96a5f1acdf78a9c5843657 ]
    
    On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP
    disabled can trigger the following bug, as pcpu_hot is unavailable:
    
     [    8.471774] BUG: unable to handle page fault for address: 00000000936a290c
     [    8.471849] #PF: supervisor read access in kernel mode
     [    8.471881] #PF: error_code(0x0000) - not-present page
    
    Fix by inlining a return 0 in the !CONFIG_SMP case.
    
    Fixes: 1ae6921009e5 ("bpf: inline bpf_get_smp_processor_id() helper")
    Signed-off-by: Andrea Righi <arighi@xxxxxxxxxx>
    Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
    Link: https://lore.kernel.org/bpf/20241217195813.622568-1-arighi@xxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 4c486a0bfcc4..84d958f2c031 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -21085,11 +21085,15 @@ static int do_misc_fixups(struct bpf_verifier_env *env)
 			 * changed in some incompatible and hard to support
 			 * way, it's fine to back out this inlining logic
 			 */
+#ifdef CONFIG_SMP
 			insn_buf[0] = BPF_MOV32_IMM(BPF_REG_0, (u32)(unsigned long)&pcpu_hot.cpu_number);
 			insn_buf[1] = BPF_MOV64_PERCPU_REG(BPF_REG_0, BPF_REG_0);
 			insn_buf[2] = BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 0);
 			cnt = 3;
-
+#else
+			insn_buf[0] = BPF_ALU32_REG(BPF_XOR, BPF_REG_0, BPF_REG_0);
+			cnt = 1;
+#endif
 			new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt);
 			if (!new_prog)
 				return -ENOMEM;







