!12843 v4 CVE-2024-50063

	s64 __percpu *elem_count;

	KABI_USE(1, atomic64_t sleepable_refcnt)

	KABI_RESERVE(2)

	KABI_USE(2, const struct btf_type *attach_func_proto)

	KABI_RESERVE(3)

	KABI_RESERVE(4)

};

{

	enum bpf_prog_type prog_type = resolve_prog_type(fp);

	bool ret;

	struct bpf_prog_aux *aux = fp->aux;

	if (fp->kprobe_override)

		return false;

	 * in the case of devmap and cpumap). Until device checks

	 * are implemented, prohibit adding dev-bound programs to program maps.

	 */

	if (bpf_prog_is_dev_bound(fp->aux))

	if (bpf_prog_is_dev_bound(aux))

		return false;

	spin_lock(&map->owner.lock);

		 */

		map->owner.type  = prog_type;

		map->owner.jited = fp->jited;

		map->owner.xdp_has_frags = fp->aux->xdp_has_frags;

		map->owner.xdp_has_frags = aux->xdp_has_frags;

		map->attach_func_proto = aux->attach_func_proto;

		ret = true;

	} else {

		ret = map->owner.type  == prog_type &&

		      map->owner.jited == fp->jited &&

		      map->owner.xdp_has_frags == fp->aux->xdp_has_frags;

		      map->owner.xdp_has_frags == aux->xdp_has_frags;

		if (ret &&

		    map->attach_func_proto != aux->attach_func_proto) {

			switch (prog_type) {

			case BPF_PROG_TYPE_TRACING:

			case BPF_PROG_TYPE_LSM:

			case BPF_PROG_TYPE_EXT:

			case BPF_PROG_TYPE_STRUCT_OPS:

				ret = false;

				break;

			default:

				break;

			}

		}

	}

	spin_unlock(&map->owner.lock);

#include <stdlib.h>

#include "lsm.skel.h"

#include "lsm_tailcall.skel.h"

char *CMD_ARGS[] = {"true", NULL};

	return 0;

}

void test_test_lsm(void)

static void test_lsm_basic(void)

{

	struct lsm *skel = NULL;

	int err;

close_prog:

	lsm__destroy(skel);

}

static void test_lsm_tailcall(void)

{

	struct lsm_tailcall *skel = NULL;

	int map_fd, prog_fd;

	int err, key;

	skel = lsm_tailcall__open_and_load();

	if (!ASSERT_OK_PTR(skel, "lsm_tailcall__skel_load"))

		goto close_prog;

	map_fd = bpf_map__fd(skel->maps.jmp_table);

	if (CHECK_FAIL(map_fd < 0))

		goto close_prog;

	prog_fd = bpf_program__fd(skel->progs.lsm_file_permission_prog);

	if (CHECK_FAIL(prog_fd < 0))

		goto close_prog;

	key = 0;

	err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);

	if (CHECK_FAIL(!err))

		goto close_prog;

	prog_fd = bpf_program__fd(skel->progs.lsm_file_alloc_security_prog);

	if (CHECK_FAIL(prog_fd < 0))

		goto close_prog;

	err = bpf_map_update_elem(map_fd, &key, &prog_fd, BPF_ANY);

	if (CHECK_FAIL(err))

		goto close_prog;

close_prog:

	lsm_tailcall__destroy(skel);

}

void test_test_lsm(void)

{

	if (test__start_subtest("lsm_basic"))

		test_lsm_basic();

	if (test__start_subtest("lsm_tailcall"))

		test_lsm_tailcall();

}

// SPDX-License-Identifier: GPL-2.0

/* Copyright (c) 2024 Huawei Technologies Co., Ltd */

#include "vmlinux.h"

#include <errno.h>

#include <bpf/bpf_helpers.h>

char _license[] SEC("license") = "GPL";

struct {

	__uint(type, BPF_MAP_TYPE_PROG_ARRAY);

	__uint(max_entries, 1);

	__uint(key_size, sizeof(__u32));

	__uint(value_size, sizeof(__u32));

} jmp_table SEC(".maps");

SEC("lsm/file_permission")

int lsm_file_permission_prog(void *ctx)

{

	return 0;

}

SEC("lsm/file_alloc_security")

int lsm_file_alloc_security_prog(void *ctx)

{

	return 0;

}

SEC("lsm/file_alloc_security")

int lsm_file_alloc_security_entry(void *ctx)

{

	bpf_tail_call_static(ctx, &jmp_table, 0);

	return 0;

}