Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 958b4cd8 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 



Daniel Borkmann says:

====================
pull-request: bpf 2018-07-28

The following pull-request contains BPF updates for your *net* tree.

The main changes are:

1) API fixes for libbpf's BTF mapping of map key/value types in order
   to make them compatible with iproute2's BPF_ANNOTATE_KV_PAIR()
   markings, from Martin.

2) Fix AF_XDP to not report POLLIN prematurely by using the non-cached
   consumer pointer of the RX queue, from Björn.

3) Fix __xdp_return() to check for NULL pointer after the rhashtable
   lookup that retrieves the allocator object, from Taehee.

4) Fix x86-32 JIT to adjust ebp register in prologue and epilogue
   by 4 bytes which got removed from overall stack usage, from Wang.

5) Fix bpf_skb_load_bytes_relative() length check to use actual
   packet length, from Daniel.

6) Fix uninitialized return code in libbpf bpf_perf_event_read_simple()
   handler, from Thomas.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents b0753408 71eb5255

arch/x86/net/bpf_jit_comp32.c

+4 −4
Original line number Diff line number Diff line
@@ -1441,8 +1441,8 @@ static void emit_prologue(u8 **pprog, u32 stack_depth) 


	/* sub esp,STACK_SIZE */

	EMIT2_off32(0x81, 0xEC, STACK_SIZE);

	/* sub ebp,SCRATCH_SIZE+4+12*/

	EMIT3(0x83, add_1reg(0xE8, IA32_EBP), SCRATCH_SIZE + 16);

	/* sub ebp,SCRATCH_SIZE+12*/

	EMIT3(0x83, add_1reg(0xE8, IA32_EBP), SCRATCH_SIZE + 12);

	/* xor ebx,ebx */

	EMIT2(0x31, add_2reg(0xC0, IA32_EBX, IA32_EBX));
@@ -1475,8 +1475,8 @@ static void emit_epilogue(u8 **pprog, u32 stack_depth) 
	/* mov edx,dword ptr [ebp+off]*/

	EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EDX), STACK_VAR(r0[1]));



	/* add ebp,SCRATCH_SIZE+4+12*/

	EMIT3(0x83, add_1reg(0xC0, IA32_EBP), SCRATCH_SIZE + 16);

	/* add ebp,SCRATCH_SIZE+12*/

	EMIT3(0x83, add_1reg(0xC0, IA32_EBP), SCRATCH_SIZE + 12);



	/* mov ebx,dword ptr [ebp-12]*/

	EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_EBX), -12);

kernel/bpf/arraymap.c

+1 −1
Original line number Diff line number Diff line
@@ -378,7 +378,7 @@ static int array_map_check_btf(const struct bpf_map *map, const struct btf *btf, 
		return -EINVAL;



	value_type = btf_type_id_size(btf, &btf_value_id, &value_size);

	if (!value_type || value_size > map->value_size)

	if (!value_type || value_size != map->value_size)

		return -EINVAL;



	return 0;

kernel/bpf/btf.c

+13 −1
Original line number Diff line number Diff line
@@ -1519,9 +1519,9 @@ static s32 btf_struct_check_meta(struct btf_verifier_env *env, 
{

	bool is_union = BTF_INFO_KIND(t->info) == BTF_KIND_UNION;

	const struct btf_member *member;

	u32 meta_needed, last_offset;

	struct btf *btf = env->btf;

	u32 struct_size = t->size;

	u32 meta_needed;

	u16 i;



	meta_needed = btf_type_vlen(t) * sizeof(*member);
@@ -1534,6 +1534,7 @@ static s32 btf_struct_check_meta(struct btf_verifier_env *env, 


	btf_verifier_log_type(env, t, NULL);



	last_offset = 0;

	for_each_member(i, t, member) {

		if (!btf_name_offset_valid(btf, member->name_off)) {

			btf_verifier_log_member(env, t, member,
@@ -1555,6 +1556,16 @@ static s32 btf_struct_check_meta(struct btf_verifier_env *env, 
			return -EINVAL;

		}



		/*

		 * ">" instead of ">=" because the last member could be

		 * "char a[0];"

		 */

		if (last_offset > member->offset) {

			btf_verifier_log_member(env, t, member,

						"Invalid member bits_offset");

			return -EINVAL;

		}



		if (BITS_ROUNDUP_BYTES(member->offset) > struct_size) {

			btf_verifier_log_member(env, t, member,

						"Memmber bits_offset exceeds its struct size");
@@ -1562,6 +1573,7 @@ static s32 btf_struct_check_meta(struct btf_verifier_env *env, 
		}



		btf_verifier_log_member(env, t, member, NULL);

		last_offset = member->offset;

	}



	return meta_needed;

net/core/filter.c

+7 −5
Original line number Diff line number Diff line
@@ -1712,24 +1712,26 @@ static const struct bpf_func_proto bpf_skb_load_bytes_proto = { 
BPF_CALL_5(bpf_skb_load_bytes_relative, const struct sk_buff *, skb,

	   u32, offset, void *, to, u32, len, u32, start_header)

{

	u8 *end = skb_tail_pointer(skb);

	u8 *net = skb_network_header(skb);

	u8 *mac = skb_mac_header(skb);

	u8 *ptr;



	if (unlikely(offset > 0xffff || len > skb_headlen(skb)))

	if (unlikely(offset > 0xffff || len > (end - mac)))

		goto err_clear;



	switch (start_header) {

	case BPF_HDR_START_MAC:

		ptr = skb_mac_header(skb) + offset;

		ptr = mac + offset;

		break;

	case BPF_HDR_START_NET:

		ptr = skb_network_header(skb) + offset;

		ptr = net + offset;

		break;

	default:

		goto err_clear;

	}



	if (likely(ptr >= skb_mac_header(skb) &&

		   ptr + len <= skb_tail_pointer(skb))) {

	if (likely(ptr >= mac && ptr + len <= end)) {

		memcpy(to, ptr, len);

		return 0;

	}

net/core/lwt_bpf.c

+1 −1
Original line number Diff line number Diff line
@@ -217,7 +217,7 @@ static int bpf_parse_prog(struct nlattr *attr, struct bpf_lwt_prog *prog, 
	if (!tb[LWT_BPF_PROG_FD] || !tb[LWT_BPF_PROG_NAME])

		return -EINVAL;



	prog->name = nla_memdup(tb[LWT_BPF_PROG_NAME], GFP_KERNEL);

	prog->name = nla_memdup(tb[LWT_BPF_PROG_NAME], GFP_ATOMIC);

	if (!prog->name)

		return -ENOMEM;