BPF Archive on lore.kernel.org
 help / color / Atom feed
From: Daniel Borkmann <daniel@iogearbox.net>
To: davem@davemloft.net
Cc: kuba@kernel.org, daniel@iogearbox.net, ast@kernel.org,
	netdev@vger.kernel.org, bpf@vger.kernel.org
Subject: pull-request: bpf 2020-05-22
Date: Fri, 22 May 2020 23:19:13 +0200
Message-ID: <20200522211913.25281-1-daniel@iogearbox.net> (raw)

Hi David,

The following pull-request contains BPF updates for your *net* tree.

We've added 3 non-merge commits during the last 3 day(s) which contain
a total of 5 files changed, 69 insertions(+), 11 deletions(-).

The main changes are:

1) Fix to reject mmap()'ing read-only array maps as writable since BPF verifier
   relies on such map content to be frozen, from Andrii Nakryiko.

2) Fix breaking audit from secid_to_secctx() LSM hook by avoiding to use
   call_int_hook() since this hook is not stackable, from KP Singh.

3) Fix BPF flow dissector program ref leak on netns cleanup, from Jakub Sitnicki.

Please consider pulling these changes from:


Thanks a lot!

Also thanks to reporters, reviewers and testers of commits in this pull-request:

Alexei Starovoitov, James Morris, Jann Horn, Stanislav Fomichev


The following changes since commit 20a785aa52c82246055a089e55df9dac47d67da1:

  sctp: Don't add the shutdown timer if its already been added (2020-05-19 15:46:52 -0700)

are available in the Git repository at:


for you to fetch changes up to 5cf65922bb15279402e1e19b5ee8c51d618fa51f:

  flow_dissector: Drop BPF flow dissector prog ref on netns cleanup (2020-05-21 17:52:45 -0700)

Andrii Nakryiko (1):
      bpf: Prevent mmap()'ing read-only maps as writable

Jakub Sitnicki (1):
      flow_dissector: Drop BPF flow dissector prog ref on netns cleanup

KP Singh (1):
      security: Fix hook iteration for secid_to_secctx

 kernel/bpf/syscall.c                          | 17 ++++++++++++++---
 net/core/flow_dissector.c                     | 26 +++++++++++++++++++++-----
 security/security.c                           | 16 ++++++++++++++--
 tools/testing/selftests/bpf/prog_tests/mmap.c | 13 ++++++++++++-
 tools/testing/selftests/bpf/progs/test_mmap.c |  8 ++++++++
 5 files changed, 69 insertions(+), 11 deletions(-)

             reply index

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-22 21:19 Daniel Borkmann [this message]
2020-05-22 21:35 ` David Miller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200522211913.25281-1-daniel@iogearbox.net \
    --to=daniel@iogearbox.net \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=davem@davemloft.net \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

BPF Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/bpf/0 bpf/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 bpf bpf/ https://lore.kernel.org/bpf \
	public-inbox-index bpf

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git