Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 38e406f6 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 



Daniel Borkmann says:

====================
pull-request: bpf 2019-06-07

The following pull-request contains BPF updates for your *net* tree.

The main changes are:

1) Fix several bugs in riscv64 JIT code emission which forgot to clear high
   32-bits for alu32 ops, from Björn and Luke with selftests covering all
   relevant BPF alu ops from Björn and Jiong.

2) Two fixes for UDP BPF reuseport that avoid calling the program in case of
   __udp6_lib_err and UDP GRO which broke reuseport_select_sock() assumption
   that skb->data is pointing to transport header, from Martin.

3) Two fixes for BPF sockmap: a use-after-free from sleep in psock's backlog
   workqueue, and a missing restore of sk_write_space when psock gets dropped,
   from Jakub and John.

4) Fix unconnected UDP sendmsg hook API which is insufficient as-is since it
   breaks standard applications like DNS if reverse NAT is not performed upon
   receive, from Daniel.

5) Fix an out-of-bounds read in __bpf_skc_lookup which in case of AF_INET6
   fails to verify that the length of the tuple is long enough, from Lorenz.

6) Fix libbpf's libbpf__probe_raw_btf to return an fd instead of 0/1 (for
   {un,}successful probe) as that is expected to be propagated as an fd to
   load_sk_storage_btf() and thus closing the wrong descriptor otherwise,
   from Michal.

7) Fix bpftool's JSON output for the case when a lookup fails, from Krzesimir.

8) Minor misc fixes in docs, samples and selftests, from various others.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents c7e3c93a 4aeba328

arch/riscv/net/bpf_jit_comp.c

+24 −0
Original line number Diff line number Diff line
@@ -751,22 +751,32 @@ static int emit_insn(const struct bpf_insn *insn, struct rv_jit_context *ctx, 
	case BPF_ALU | BPF_ADD | BPF_X:

	case BPF_ALU64 | BPF_ADD | BPF_X:

		emit(is64 ? rv_add(rd, rd, rs) : rv_addw(rd, rd, rs), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;

	case BPF_ALU | BPF_SUB | BPF_X:

	case BPF_ALU64 | BPF_SUB | BPF_X:

		emit(is64 ? rv_sub(rd, rd, rs) : rv_subw(rd, rd, rs), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;

	case BPF_ALU | BPF_AND | BPF_X:

	case BPF_ALU64 | BPF_AND | BPF_X:

		emit(rv_and(rd, rd, rs), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;

	case BPF_ALU | BPF_OR | BPF_X:

	case BPF_ALU64 | BPF_OR | BPF_X:

		emit(rv_or(rd, rd, rs), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;

	case BPF_ALU | BPF_XOR | BPF_X:

	case BPF_ALU64 | BPF_XOR | BPF_X:

		emit(rv_xor(rd, rd, rs), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;

	case BPF_ALU | BPF_MUL | BPF_X:

	case BPF_ALU64 | BPF_MUL | BPF_X:
@@ -789,14 +799,20 @@ static int emit_insn(const struct bpf_insn *insn, struct rv_jit_context *ctx, 
	case BPF_ALU | BPF_LSH | BPF_X:

	case BPF_ALU64 | BPF_LSH | BPF_X:

		emit(is64 ? rv_sll(rd, rd, rs) : rv_sllw(rd, rd, rs), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;

	case BPF_ALU | BPF_RSH | BPF_X:

	case BPF_ALU64 | BPF_RSH | BPF_X:

		emit(is64 ? rv_srl(rd, rd, rs) : rv_srlw(rd, rd, rs), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;

	case BPF_ALU | BPF_ARSH | BPF_X:

	case BPF_ALU64 | BPF_ARSH | BPF_X:

		emit(is64 ? rv_sra(rd, rd, rs) : rv_sraw(rd, rd, rs), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;



	/* dst = -dst */
@@ -804,6 +820,8 @@ static int emit_insn(const struct bpf_insn *insn, struct rv_jit_context *ctx, 
	case BPF_ALU64 | BPF_NEG:

		emit(is64 ? rv_sub(rd, RV_REG_ZERO, rd) :

		     rv_subw(rd, RV_REG_ZERO, rd), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;



	/* dst = BSWAP##imm(dst) */
@@ -958,14 +976,20 @@ static int emit_insn(const struct bpf_insn *insn, struct rv_jit_context *ctx, 
	case BPF_ALU | BPF_LSH | BPF_K:

	case BPF_ALU64 | BPF_LSH | BPF_K:

		emit(is64 ? rv_slli(rd, rd, imm) : rv_slliw(rd, rd, imm), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;

	case BPF_ALU | BPF_RSH | BPF_K:

	case BPF_ALU64 | BPF_RSH | BPF_K:

		emit(is64 ? rv_srli(rd, rd, imm) : rv_srliw(rd, rd, imm), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;

	case BPF_ALU | BPF_ARSH | BPF_K:

	case BPF_ALU64 | BPF_ARSH | BPF_K:

		emit(is64 ? rv_srai(rd, rd, imm) : rv_sraiw(rd, rd, imm), ctx);

		if (!is64)

			emit_zext_32(rd, ctx);

		break;



	/* JUMP off */

include/linux/bpf-cgroup.h

+8 −0
Original line number Diff line number Diff line
@@ -238,6 +238,12 @@ int bpf_percpu_cgroup_storage_update(struct bpf_map *map, void *key, 
#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx)		       \

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_UDP6_SENDMSG, t_ctx)



#define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk, uaddr)			\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_UDP4_RECVMSG, NULL)



#define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr)			\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_UDP6_RECVMSG, NULL)



#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops)				       \

({									       \

	int __ret = 0;							       \
@@ -339,6 +345,8 @@ static inline int bpf_percpu_cgroup_storage_update(struct bpf_map *map, 
#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) ({ 0; })

#define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type,major,minor,access) ({ 0; })

#define BPF_CGROUP_RUN_PROG_SYSCTL(head,table,write,buf,count,pos,nbuf) ({ 0; })

include/linux/skmsg.h

+2 −0
Original line number Diff line number Diff line
@@ -351,6 +351,8 @@ static inline void sk_psock_update_proto(struct sock *sk, 
static inline void sk_psock_restore_proto(struct sock *sk,

					  struct sk_psock *psock)

{

	sk->sk_write_space = psock->saved_write_space;



	if (psock->sk_proto) {

		sk->sk_prot = psock->sk_proto;

		psock->sk_proto = NULL;

include/uapi/linux/bpf.h

+2 −0
Original line number Diff line number Diff line
@@ -192,6 +192,8 @@ enum bpf_attach_type { 
	BPF_LIRC_MODE2,

	BPF_FLOW_DISSECTOR,

	BPF_CGROUP_SYSCTL,

	BPF_CGROUP_UDP4_RECVMSG,

	BPF_CGROUP_UDP6_RECVMSG,

	__MAX_BPF_ATTACH_TYPE

};

kernel/bpf/syscall.c

+8 −0
Original line number Diff line number Diff line
@@ -1581,6 +1581,8 @@ bpf_prog_load_check_attach_type(enum bpf_prog_type prog_type, 
		case BPF_CGROUP_INET6_CONNECT:

		case BPF_CGROUP_UDP4_SENDMSG:

		case BPF_CGROUP_UDP6_SENDMSG:

		case BPF_CGROUP_UDP4_RECVMSG:

		case BPF_CGROUP_UDP6_RECVMSG:

			return 0;

		default:

			return -EINVAL;
@@ -1875,6 +1877,8 @@ static int bpf_prog_attach(const union bpf_attr *attr) 
	case BPF_CGROUP_INET6_CONNECT:

	case BPF_CGROUP_UDP4_SENDMSG:

	case BPF_CGROUP_UDP6_SENDMSG:

	case BPF_CGROUP_UDP4_RECVMSG:

	case BPF_CGROUP_UDP6_RECVMSG:

		ptype = BPF_PROG_TYPE_CGROUP_SOCK_ADDR;

		break;

	case BPF_CGROUP_SOCK_OPS:
@@ -1960,6 +1964,8 @@ static int bpf_prog_detach(const union bpf_attr *attr) 
	case BPF_CGROUP_INET6_CONNECT:

	case BPF_CGROUP_UDP4_SENDMSG:

	case BPF_CGROUP_UDP6_SENDMSG:

	case BPF_CGROUP_UDP4_RECVMSG:

	case BPF_CGROUP_UDP6_RECVMSG:

		ptype = BPF_PROG_TYPE_CGROUP_SOCK_ADDR;

		break;

	case BPF_CGROUP_SOCK_OPS:
@@ -2011,6 +2017,8 @@ static int bpf_prog_query(const union bpf_attr *attr, 
	case BPF_CGROUP_INET6_CONNECT:

	case BPF_CGROUP_UDP4_SENDMSG:

	case BPF_CGROUP_UDP6_SENDMSG:

	case BPF_CGROUP_UDP4_RECVMSG:

	case BPF_CGROUP_UDP6_RECVMSG:

	case BPF_CGROUP_SOCK_OPS:

	case BPF_CGROUP_DEVICE:

	case BPF_CGROUP_SYSCTL: