Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 69500127 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 



Daniel Borkmann says:

====================
pull-request: bpf 2018-11-25

The following pull-request contains BPF updates for your *net* tree.

The main changes are:

1) Fix an off-by-one bug when adjusting subprog start offsets after
   patching, from Edward.

2) Fix several bugs such as overflow in size allocation in queue /
   stack map creation, from Alexei.

3) Fix wrong IPv6 destination port byte order in bpf_sk_lookup_udp
   helper, from Andrey.

4) Fix several bugs in bpftool such as preventing an infinite loop
   in get_fdinfo, error handling and man page references, from Quentin.

5) Fix a warning in bpf_trace_printk() that wasn't catching an
   invalid format string, from Martynas.

6) Fix a bug in BPF cgroup local storage where non-atomic allocation
   was used in atomic context, from Roman.

7) Fix a NULL pointer dereference bug in bpftool from reallocarray()
   error handling, from Jakub and Wen.

8) Add a copy of pkt_cls.h and tc_bpf.h uapi headers to the tools
   include infrastructure so that bpftool compiles on older RHEL7-like
   user space which does not ship these headers, from Yonghong.

9) Fix BPF kselftests for user space where to get ping test working
   with ping6 and ping -6, from Li.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents aba36930 1efb6ee3

kernel/bpf/local_storage.c

+2 −1
Original line number Diff line number Diff line
@@ -139,7 +139,8 @@ static int cgroup_storage_update_elem(struct bpf_map *map, void *_key, 
		return -ENOENT;



	new = kmalloc_node(sizeof(struct bpf_storage_buffer) +

			   map->value_size, __GFP_ZERO | GFP_USER,

			   map->value_size,

			   __GFP_ZERO | GFP_ATOMIC | __GFP_NOWARN,

			   map->numa_node);

	if (!new)

		return -ENOMEM;

kernel/bpf/queue_stack_maps.c

+8 −8
Original line number Diff line number Diff line
@@ -7,6 +7,7 @@ 
#include <linux/bpf.h>

#include <linux/list.h>

#include <linux/slab.h>

#include <linux/capability.h>

#include "percpu_freelist.h"



#define QUEUE_STACK_CREATE_FLAG_MASK \
@@ -45,8 +46,12 @@ static bool queue_stack_map_is_full(struct bpf_queue_stack *qs) 
/* Called from syscall */

static int queue_stack_map_alloc_check(union bpf_attr *attr)

{

	if (!capable(CAP_SYS_ADMIN))

		return -EPERM;



	/* check sanity of attributes */

	if (attr->max_entries == 0 || attr->key_size != 0 ||

	    attr->value_size == 0 ||

	    attr->map_flags & ~QUEUE_STACK_CREATE_FLAG_MASK)

		return -EINVAL;
@@ -63,15 +68,10 @@ static struct bpf_map *queue_stack_map_alloc(union bpf_attr *attr) 
{

	int ret, numa_node = bpf_map_attr_numa_node(attr);

	struct bpf_queue_stack *qs;

	u32 size, value_size;

	u64 queue_size, cost;



	size = attr->max_entries + 1;

	value_size = attr->value_size;



	queue_size = sizeof(*qs) + (u64) value_size * size;

	u64 size, queue_size, cost;



	cost = queue_size;

	size = (u64) attr->max_entries + 1;

	cost = queue_size = sizeof(*qs) + size * attr->value_size;

	if (cost >= U32_MAX - PAGE_SIZE)

		return ERR_PTR(-E2BIG);

kernel/bpf/verifier.c

+1 −1
Original line number Diff line number Diff line
@@ -5650,7 +5650,7 @@ static void adjust_subprog_starts(struct bpf_verifier_env *env, u32 off, u32 len 
		return;

	/* NOTE: fake 'exit' subprog should be updated as well. */

	for (i = 0; i <= env->subprog_cnt; i++) {

		if (env->subprog_info[i].start < off)

		if (env->subprog_info[i].start <= off)

			continue;

		env->subprog_info[i].start += len - 1;

	}

kernel/trace/bpf_trace.c

+5 −3
Original line number Diff line number Diff line
@@ -196,11 +196,13 @@ BPF_CALL_5(bpf_trace_printk, char *, fmt, u32, fmt_size, u64, arg1, 
			i++;

		} else if (fmt[i] == 'p' || fmt[i] == 's') {

			mod[fmt_cnt]++;

			i++;

			if (!isspace(fmt[i]) && !ispunct(fmt[i]) && fmt[i] != 0)

			/* disallow any further format extensions */

			if (fmt[i + 1] != 0 &&

			    !isspace(fmt[i + 1]) &&

			    !ispunct(fmt[i + 1]))

				return -EINVAL;

			fmt_cnt++;

			if (fmt[i - 1] == 's') {

			if (fmt[i] == 's') {

				if (str_seen)

					/* allow only one '%s' per fmt string */

					return -EINVAL;

net/core/filter.c

+2 −3
Original line number Diff line number Diff line
@@ -4852,18 +4852,17 @@ static struct sock *sk_lookup(struct net *net, struct bpf_sock_tuple *tuple, 
	} else {

		struct in6_addr *src6 = (struct in6_addr *)&tuple->ipv6.saddr;

		struct in6_addr *dst6 = (struct in6_addr *)&tuple->ipv6.daddr;

		u16 hnum = ntohs(tuple->ipv6.dport);

		int sdif = inet6_sdif(skb);



		if (proto == IPPROTO_TCP)

			sk = __inet6_lookup(net, &tcp_hashinfo, skb, 0,

					    src6, tuple->ipv6.sport,

					    dst6, hnum,

					    dst6, ntohs(tuple->ipv6.dport),

					    dif, sdif, &refcounted);

		else if (likely(ipv6_bpf_stub))

			sk = ipv6_bpf_stub->udp6_lib_lookup(net,

							    src6, tuple->ipv6.sport,

							    dst6, hnum,

							    dst6, tuple->ipv6.dport,

							    dif, sdif,

							    &udp_table, skb);

#endif