Commit 2e273b09 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 

Daniel Borkmann says:

====================
bpf 2021-08-10

We've added 5 non-merge commits during the last 2 day(s) which contain
a total of 7 files changed, 27 insertions(+), 15 deletions(-).

1) Fix missing bpf_read_lock_trace() context for BPF loader progs, from Yonghong Song.

2) Fix corner case where BPF prog retrieves wrong local storage, also from Yonghong Song.

3) Restrict availability of BPF write_user helper behind lockdown, from Daniel Borkmann.

4) Fix multiple kernel-doc warnings in BPF core, from Randy Dunlap.

* https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
  bpf, core: Fix kernel-doc notation
  bpf: Fix potentially incorrect results with bpf_get_local_storage()
  bpf: Add missing bpf_read_[un]lock_trace() for syscall program
  bpf: Add lockdown check for probe_write_user helper
  bpf: Add _kernel suffix to internal lockdown_bpf_read
====================

Link: https://lore.kernel.org/r/20210810144025.22814-1-daniel@iogearbox.net


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 09c7fd52 019d0454

include/linux/bpf-cgroup.h

+2 −2
Original line number Diff line number Diff line
@@ -201,8 +201,8 @@ static inline void bpf_cgroup_storage_unset(void) 
{

	int i;



	for (i = 0; i < BPF_CGROUP_STORAGE_NEST_MAX; i++) {

		if (unlikely(this_cpu_read(bpf_cgroup_storage_info[i].task) != current))

	for (i = BPF_CGROUP_STORAGE_NEST_MAX - 1; i >= 0; i--) {

		if (likely(this_cpu_read(bpf_cgroup_storage_info[i].task) != current))

			continue;



		this_cpu_write(bpf_cgroup_storage_info[i].task, NULL);

include/linux/security.h

+2 −1
Original line number Diff line number Diff line
@@ -120,10 +120,11 @@ enum lockdown_reason { 
	LOCKDOWN_MMIOTRACE,

	LOCKDOWN_DEBUGFS,

	LOCKDOWN_XMON_WR,

	LOCKDOWN_BPF_WRITE_USER,

	LOCKDOWN_INTEGRITY_MAX,

	LOCKDOWN_KCORE,

	LOCKDOWN_KPROBES,

	LOCKDOWN_BPF_READ,

	LOCKDOWN_BPF_READ_KERNEL,

	LOCKDOWN_PERF,

	LOCKDOWN_TRACEFS,

	LOCKDOWN_XMON_RW,

kernel/bpf/core.c

+6 −1
Original line number Diff line number Diff line
@@ -1362,11 +1362,13 @@ u64 __weak bpf_probe_read_kernel(void *dst, u32 size, const void *unsafe_ptr) 
}



/**

 *	__bpf_prog_run - run eBPF program on a given context

 *	___bpf_prog_run - run eBPF program on a given context

 *	@regs: is the array of MAX_BPF_EXT_REG eBPF pseudo-registers

 *	@insn: is the array of eBPF instructions

 *

 * Decode and execute eBPF instructions.

 *

 * Return: whatever value is in %BPF_R0 at program exit

 */

static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn)

{
@@ -1878,6 +1880,9 @@ static void bpf_prog_select_func(struct bpf_prog *fp) 
 *

 * Try to JIT eBPF program, if JIT is not available, use interpreter.

 * The BPF program will be executed via BPF_PROG_RUN() macro.

 *

 * Return: the &fp argument along with &err set to 0 for success or

 * a negative errno code on failure

 */

struct bpf_prog *bpf_prog_select_runtime(struct bpf_prog *fp, int *err)

{

kernel/bpf/helpers.c

+4 −4
Original line number Diff line number Diff line
@@ -397,8 +397,8 @@ BPF_CALL_2(bpf_get_local_storage, struct bpf_map *, map, u64, flags) 
	void *ptr;

	int i;



	for (i = 0; i < BPF_CGROUP_STORAGE_NEST_MAX; i++) {

		if (unlikely(this_cpu_read(bpf_cgroup_storage_info[i].task) != current))

	for (i = BPF_CGROUP_STORAGE_NEST_MAX - 1; i >= 0; i--) {

		if (likely(this_cpu_read(bpf_cgroup_storage_info[i].task) != current))

			continue;



		storage = this_cpu_read(bpf_cgroup_storage_info[i].storage[stype]);
@@ -1070,12 +1070,12 @@ bpf_base_func_proto(enum bpf_func_id func_id) 
	case BPF_FUNC_probe_read_user:

		return &bpf_probe_read_user_proto;

	case BPF_FUNC_probe_read_kernel:

		return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?

		return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?

		       NULL : &bpf_probe_read_kernel_proto;

	case BPF_FUNC_probe_read_user_str:

		return &bpf_probe_read_user_str_proto;

	case BPF_FUNC_probe_read_kernel_str:

		return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?

		return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?

		       NULL : &bpf_probe_read_kernel_str_proto;

	case BPF_FUNC_snprintf_btf:

		return &bpf_snprintf_btf_proto;

kernel/trace/bpf_trace.c

+7 −6
Original line number Diff line number Diff line
@@ -990,28 +990,29 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) 
		return &bpf_get_numa_node_id_proto;

	case BPF_FUNC_perf_event_read:

		return &bpf_perf_event_read_proto;

	case BPF_FUNC_probe_write_user:

		return bpf_get_probe_write_proto();

	case BPF_FUNC_current_task_under_cgroup:

		return &bpf_current_task_under_cgroup_proto;

	case BPF_FUNC_get_prandom_u32:

		return &bpf_get_prandom_u32_proto;

	case BPF_FUNC_probe_write_user:

		return security_locked_down(LOCKDOWN_BPF_WRITE_USER) < 0 ?

		       NULL : bpf_get_probe_write_proto();

	case BPF_FUNC_probe_read_user:

		return &bpf_probe_read_user_proto;

	case BPF_FUNC_probe_read_kernel:

		return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?

		return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?

		       NULL : &bpf_probe_read_kernel_proto;

	case BPF_FUNC_probe_read_user_str:

		return &bpf_probe_read_user_str_proto;

	case BPF_FUNC_probe_read_kernel_str:

		return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?

		return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?

		       NULL : &bpf_probe_read_kernel_str_proto;

#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE

	case BPF_FUNC_probe_read:

		return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?

		return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?

		       NULL : &bpf_probe_read_compat_proto;

	case BPF_FUNC_probe_read_str:

		return security_locked_down(LOCKDOWN_BPF_READ) < 0 ?

		return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?

		       NULL : &bpf_probe_read_compat_str_proto;

#endif

#ifdef CONFIG_CGROUPS