Re: [PATCH 6.1.y v2 1/6] bpf: allow precision tracking for programs with subprogs

Shung-Hsi Yu <shung-hsi.yu@xxxxxxxx> · Tue, 25 Jun 2024 15:28:31 +0800

Hi Greg,

On Mon, Jul 24, 2023 at 03:42:18PM GMT, Eduard Zingerman wrote:
> [ Upstream commit be2ef8161572ec1973124ebc50f56dafc2925e07 ]
> 
...
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
...
> @@ -2670,6 +2679,11 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx,
>  			 */
>  			if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL && insn->imm == 0)
>  				return -ENOTSUPP;
> +			/* BPF helpers that invoke callback subprogs are
> +			 * equivalent to BPF_PSEUDO_CALL above
> +			 */
> +			if (insn->src_reg == 0 && is_callback_calling_function(insn->imm))
> +				return -ENOTSUPP;
>  			/* regular helper call sets R0 */
>  			*reg_mask &= ~1;
>  			if (*reg_mask & 0x3f) {

Looks like the above hunk is slightly misplaced.

In master the lines are added _before_ the BPF_PSEUDO_KFUNC_CALL check,
resulting in deviation from upstream as well as interfering with
backporting of commit be2ef8161572 ("bpf: allow precision tracking for
programs with subprogs") to stable v6.1.

What would be the suggested action here?
1. Send a updated version of the whole be2ef8161572 patch to stable
2. Send a minimal refresh patch like the one found in this email to
   stable
3. Adapt to this deviation in my backport of commit be2ef8161572 for
   stable

Shung-Hsi

...

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 5d4510fb2be7..227dc10f6baa 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2673,17 +2673,17 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx,
 		if (opcode == BPF_CALL) {
 			if (insn->src_reg == BPF_PSEUDO_CALL)
 				return -ENOTSUPP;
+			/* BPF helpers that invoke callback subprogs are
+			 * equivalent to BPF_PSEUDO_CALL above
+			 */
+			if (insn->src_reg == 0 && is_callback_calling_function(insn->imm))
+				return -ENOTSUPP;
 			/* kfunc with imm==0 is invalid and fixup_kfunc_call will
 			 * catch this error later. Make backtracking conservative
 			 * with ENOTSUPP.
 			 */
 			if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL && insn->imm == 0)
 				return -ENOTSUPP;
-			/* BPF helpers that invoke callback subprogs are
-			 * equivalent to BPF_PSEUDO_CALL above
-			 */
-			if (insn->src_reg == 0 && is_callback_calling_function(insn->imm))
-				return -ENOTSUPP;
 			/* regular helper call sets R0 */
 			*reg_mask &= ~1;
 			if (*reg_mask & 0x3f) {







