Commit 87db4635 authored by Tengda Wu's avatar Tengda Wu
Browse files

bpf: Fix kabi breakage in struct bpf_prog_aux 

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBIADD


CVE: CVE-2024-47794

--------------------------------

Fix kabi breakage in struct bpf_prog_aux by using KABI_FILL_HOLE and
KABI_USE.

Fixes: cb11bb8d80fe ("bpf: Prevent tailcall infinite loop caused by freplace")
Signed-off-by: default avatarTengda Wu <wutengda2@huawei.com>
parent f0c1523f

include/linux/bpf.h

+6 −4
Original line number Diff line number Diff line
@@ -1468,6 +1468,7 @@ struct bpf_prog_aux { 
	u32 ctx_arg_info_size;

	u32 max_rdonly_access;

	u32 max_rdwr_access;

	KABI_FILL_HOLE(bool is_extended) /* true if extended by freplace program */

	struct btf *attach_btf;

	const struct bpf_ctx_arg_aux *ctx_arg_info;

	struct mutex dst_mutex; /* protects dst_* pointers below, *after* prog becomes visible */
@@ -1483,9 +1484,6 @@ struct bpf_prog_aux { 
	bool sleepable;

	bool tail_call_reachable;

	bool xdp_has_frags;

	bool is_extended; /* true if extended by freplace program */

	u64 prog_array_member_cnt; /* counts how many times as member of prog_array */

	struct mutex ext_mutex; /* mutex for is_extended and prog_array_member_cnt */

	/* BTF_KIND_FUNC_PROTO for valid attach_btf_id */

	const struct btf_type *attach_func_proto;

	/* function name for valid attach_btf_id */
@@ -1545,11 +1543,15 @@ struct bpf_prog_aux { 
		struct rcu_head	rcu;

	};



	KABI_RESERVE(1)

	KABI_USE(1, u64 prog_array_member_cnt) /* counts how many times as member of prog_array */

#ifdef __GENKSYMS__

	KABI_RESERVE(2)

	KABI_RESERVE(3)

	KABI_RESERVE(4)

	KABI_RESERVE(5)

#else

	struct mutex ext_mutex; /* mutex for is_extended and prog_array_member_cnt */

#endif

	KABI_RESERVE(6)

	KABI_RESERVE(7)

	KABI_RESERVE(8)