Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf (bb745231) · Commits · e / devices / android_kernel_fairphone_FP5

MAINTAINERS

+1 −1

Original line number	Diff line number	Diff line
		@@ -3108,9 +3108,9 @@ S: Maintained
		F: arch/riscv/net/

		BPF JIT for S390
		M: Ilya Leoshkevich <iii@linux.ibm.com>
		M: Heiko Carstens <heiko.carstens@de.ibm.com>
		M: Vasily Gorbik <gor@linux.ibm.com>
		M: Christian Borntraeger <borntraeger@de.ibm.com>
		L: netdev@vger.kernel.org
		L: bpf@vger.kernel.org
		S: Maintained

include/linux/filter.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -747,7 +747,7 @@ bpf_ctx_narrow_access_ok(u32 off, u32 size, u32 size_default)
		return size <= size_default && (size & (size - 1)) == 0;
		}

		#define bpf_ctx_wide_store_ok(off, size, type, field) \
		#define bpf_ctx_wide_access_ok(off, size, type, field) \
		(size == sizeof(__u64) && \
		off >= offsetof(type, field) && \
		off + sizeof(__u64) <= offsetofend(type, field) && \

include/uapi/linux/bpf.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -3248,7 +3248,7 @@ struct bpf_sock_addr {
		__u32 user_ip4; /* Allows 1,2,4-byte read and 4-byte write.
		* Stored in network byte order.
		*/
		__u32 user_ip6[4]; /* Allows 1,2,4-byte read and 4,8-byte write.
		__u32 user_ip6[4]; /* Allows 1,2,4,8-byte read and 4,8-byte write.
		* Stored in network byte order.
		*/
		__u32 user_port; /* Allows 4-byte read and write.
		@@ -3260,7 +3260,7 @@ struct bpf_sock_addr {
		__u32 msg_src_ip4; /* Allows 1,2,4-byte read and 4-byte write.
		* Stored in network byte order.
		*/
		__u32 msg_src_ip6[4]; /* Allows 1,2,4-byte read and 4,8-byte write.
		__u32 msg_src_ip6[4]; /* Allows 1,2,4,8-byte read and 4,8-byte write.
		* Stored in network byte order.
		*/
		__bpf_md_ptr(struct bpf_sock *, sk);

kernel/bpf/btf.c

+12 −7

Original line number	Diff line number	Diff line
		@@ -1073,11 +1073,18 @@ const struct btf_type btf_type_id_size(const struct btf btf,
		!btf_type_is_var(size_type)))
		return NULL;

		size = btf->resolved_sizes[size_type_id];
		size_type_id = btf->resolved_ids[size_type_id];
		size_type = btf_type_by_id(btf, size_type_id);
		if (btf_type_nosize_or_null(size_type))
		return NULL;
		else if (btf_type_has_size(size_type))
		size = size_type->size;
		else if (btf_type_is_array(size_type))
		size = btf->resolved_sizes[size_type_id];
		else if (btf_type_is_ptr(size_type))
		size = sizeof(void *);
		else
		return NULL;
		}

		*type_id = size_type_id;
		@@ -1602,7 +1609,6 @@ static int btf_modifier_resolve(struct btf_verifier_env *env,
		const struct btf_type *next_type;
		u32 next_type_id = t->type;
		struct btf *btf = env->btf;
		u32 next_type_size = 0;

		next_type = btf_type_by_id(btf, next_type_id);
		if (!next_type \|\| btf_type_is_resolve_source_only(next_type)) {
		@@ -1620,7 +1626,7 @@ static int btf_modifier_resolve(struct btf_verifier_env *env,
		* save us a few type-following when we use it later (e.g. in
		* pretty print).
		*/
		if (!btf_type_id_size(btf, &next_type_id, &next_type_size)) {
		if (!btf_type_id_size(btf, &next_type_id, NULL)) {
		if (env_type_is_resolved(env, next_type_id))
		next_type = btf_type_id_resolve(btf, &next_type_id);

		@@ -1633,7 +1639,7 @@ static int btf_modifier_resolve(struct btf_verifier_env *env,
		}
		}

		env_stack_pop_resolved(env, next_type_id, next_type_size);
		env_stack_pop_resolved(env, next_type_id, 0);

		return 0;
		}
		@@ -1645,7 +1651,6 @@ static int btf_var_resolve(struct btf_verifier_env *env,
		const struct btf_type *t = v->t;
		u32 next_type_id = t->type;
		struct btf *btf = env->btf;
		u32 next_type_size;

		next_type = btf_type_by_id(btf, next_type_id);
		if (!next_type \|\| btf_type_is_resolve_source_only(next_type)) {
		@@ -1675,12 +1680,12 @@ static int btf_var_resolve(struct btf_verifier_env *env,
		* forward types or similar that would resolve to size of
		* zero is allowed.
		*/
		if (!btf_type_id_size(btf, &next_type_id, &next_type_size)) {
		if (!btf_type_id_size(btf, &next_type_id, NULL)) {
		btf_verifier_log_type(env, v->t, "Invalid type_id");
		return -EINVAL;
		}

		env_stack_pop_resolved(env, next_type_id, next_type_size);
		env_stack_pop_resolved(env, next_type_id, 0);

		return 0;
		}

kernel/bpf/verifier.c

+6 −7

Original line number	Diff line number	Diff line
		@@ -1519,9 +1519,9 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx,
		return -EFAULT;
		}
		*stack_mask \|= 1ull << spi;
		} else if (class == BPF_STX) {
		} else if (class == BPF_STX \|\| class == BPF_ST) {
		if (*reg_mask & dreg)
		/* stx shouldn't be using _scalar_ dst_reg
		/* stx & st shouldn't be using _scalar_ dst_reg
		* to access memory. It means backtracking
		* encountered a case of pointer subtraction.
		*/
		@@ -1540,6 +1540,7 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx,
		if (!(*stack_mask & (1ull << spi)))
		return 0;
		*stack_mask &= ~(1ull << spi);
		if (class == BPF_STX)
		*reg_mask \|= sreg;
		} else if (class == BPF_JMP \|\| class == BPF_JMP32) {
		if (opcode == BPF_CALL) {
		@@ -1569,10 +1570,6 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx,
		if (mode == BPF_IND \|\| mode == BPF_ABS)
		/* to be analyzed */
		return -ENOTSUPP;
		} else if (class == BPF_ST) {
		if (*reg_mask & dreg)
		/* likely pointer subtraction */
		return -ENOTSUPP;
		}
		return 0;
		}
		@@ -6106,11 +6103,13 @@ static int check_return_code(struct bpf_verifier_env *env)
		if (env->prog->expected_attach_type == BPF_CGROUP_UDP4_RECVMSG \|\|
		env->prog->expected_attach_type == BPF_CGROUP_UDP6_RECVMSG)
		range = tnum_range(1, 1);
		break;
		case BPF_PROG_TYPE_CGROUP_SKB:
		if (env->prog->expected_attach_type == BPF_CGROUP_INET_EGRESS) {
		range = tnum_range(0, 3);
		enforce_attach_type_range = tnum_range(2, 3);
		}
		break;
		case BPF_PROG_TYPE_CGROUP_SOCK:
		case BPF_PROG_TYPE_SOCK_OPS:
		case BPF_PROG_TYPE_CGROUP_DEVICE: