* pull-request: bpf 2020-07-31
@ 2020-07-31 13:51 Daniel Borkmann
2020-07-31 15:24 ` Jiri Olsa
2020-08-01 0:20 ` David Miller
0 siblings, 2 replies; 5+ messages in thread
From: Daniel Borkmann @ 2020-07-31 13:51 UTC (permalink / raw)
To: davem; +Cc: kuba, daniel, ast, jolsa, netdev, bpf
Hi David,
The following pull-request contains BPF updates for your *net* tree.
We've added 5 non-merge commits during the last 21 day(s) which contain
a total of 5 files changed, 126 insertions(+), 18 deletions(-).
The main changes are:
1) Fix a map element leak in HASH_OF_MAPS map type, from Andrii Nakryiko.
2) Fix a NULL pointer dereference in __btf_resolve_helper_id() when no
btf_vmlinux is available, from Peilin Ye.
3) Init pos variable in __bpfilter_process_sockopt(), from Christoph Hellwig.
4) Fix a cgroup sockopt verifier test by specifying expected attach type,
from Jean-Philippe Brucker.
Please consider pulling these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
Thanks a lot!
Note that when net gets merged into net-next later on, there is a small
merge conflict in kernel/bpf/btf.c between commit 5b801dfb7feb ("bpf: Fix
NULL pointer dereference in __btf_resolve_helper_id()") from the bpf tree
and commit 138b9a0511c7 ("bpf: Remove btf_id helpers resolving") from the
net-next tree.
Resolve as follows: remove the old hunk with the __btf_resolve_helper_id()
function. Change the btf_resolve_helper_id() so it actually tests for a
NULL btf_vmlinux and bails out:
int btf_resolve_helper_id(struct bpf_verifier_log *log,
const struct bpf_func_proto *fn, int arg)
{
int id;
if (fn->arg_type[arg] != ARG_PTR_TO_BTF_ID || !btf_vmlinux)
return -EINVAL;
id = fn->btf_id[arg];
if (!id || id > btf_vmlinux->nr_types)
return -EINVAL;
return id;
}
Let me know if you run into any others issues (CC'ing Jiri Olsa so he's in
the loop with regards to merge conflict resolution).
Also thanks to reporters, reviewers and testers of commits in this pull-request:
Christian Brauner, Jakub Sitnicki, Rodrigo Madera, Song Liu
----------------------------------------------------------------
The following changes since commit c8b1d7436045d3599bae56aef1682813ecccaad7:
bnxt_en: fix NULL dereference in case SR-IOV configuration fails (2020-07-10 14:20:03 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
for you to fetch changes up to 4f010246b4087ab931b060481014ec110e6a8a46:
net/bpfilter: Initialize pos in __bpfilter_process_sockopt (2020-07-31 01:07:32 +0200)
----------------------------------------------------------------
Andrii Nakryiko (2):
bpf: Fix map leak in HASH_OF_MAPS map
selftests/bpf: Extend map-in-map selftest to detect memory leaks
Christoph Hellwig (1):
net/bpfilter: Initialize pos in __bpfilter_process_sockopt
Jean-Philippe Brucker (1):
selftests/bpf: Fix cgroup sockopt verifier test
Peilin Ye (1):
bpf: Fix NULL pointer dereference in __btf_resolve_helper_id()
kernel/bpf/btf.c | 5 +
kernel/bpf/hashtab.c | 12 +-
net/bpfilter/bpfilter_kern.c | 2 +-
.../selftests/bpf/prog_tests/btf_map_in_map.c | 124 ++++++++++++++++++---
.../testing/selftests/bpf/verifier/event_output.c | 1 +
5 files changed, 126 insertions(+), 18 deletions(-)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: pull-request: bpf 2020-07-31
2020-07-31 13:51 pull-request: bpf 2020-07-31 Daniel Borkmann
@ 2020-07-31 15:24 ` Jiri Olsa
2020-07-31 16:12 ` Daniel Borkmann
2020-08-01 0:20 ` David Miller
1 sibling, 1 reply; 5+ messages in thread
From: Jiri Olsa @ 2020-07-31 15:24 UTC (permalink / raw)
To: Daniel Borkmann; +Cc: davem, kuba, ast, jolsa, netdev, bpf
On Fri, Jul 31, 2020 at 03:51:45PM +0200, Daniel Borkmann wrote:
> Hi David,
>
> The following pull-request contains BPF updates for your *net* tree.
>
> We've added 5 non-merge commits during the last 21 day(s) which contain
> a total of 5 files changed, 126 insertions(+), 18 deletions(-).
>
> The main changes are:
>
> 1) Fix a map element leak in HASH_OF_MAPS map type, from Andrii Nakryiko.
>
> 2) Fix a NULL pointer dereference in __btf_resolve_helper_id() when no
> btf_vmlinux is available, from Peilin Ye.
>
> 3) Init pos variable in __bpfilter_process_sockopt(), from Christoph Hellwig.
>
> 4) Fix a cgroup sockopt verifier test by specifying expected attach type,
> from Jean-Philippe Brucker.
>
> Please consider pulling these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
>
> Thanks a lot!
>
> Note that when net gets merged into net-next later on, there is a small
> merge conflict in kernel/bpf/btf.c between commit 5b801dfb7feb ("bpf: Fix
> NULL pointer dereference in __btf_resolve_helper_id()") from the bpf tree
> and commit 138b9a0511c7 ("bpf: Remove btf_id helpers resolving") from the
> net-next tree.
>
> Resolve as follows: remove the old hunk with the __btf_resolve_helper_id()
> function. Change the btf_resolve_helper_id() so it actually tests for a
> NULL btf_vmlinux and bails out:
>
> int btf_resolve_helper_id(struct bpf_verifier_log *log,
> const struct bpf_func_proto *fn, int arg)
> {
> int id;
>
> if (fn->arg_type[arg] != ARG_PTR_TO_BTF_ID || !btf_vmlinux)
> return -EINVAL;
> id = fn->btf_id[arg];
> if (!id || id > btf_vmlinux->nr_types)
> return -EINVAL;
> return id;
> }
>
> Let me know if you run into any others issues (CC'ing Jiri Olsa so he's in
> the loop with regards to merge conflict resolution).
we'll loose the bpf_log message, but I'm fine with that ;-) looks good
thanks,
jirka
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: pull-request: bpf 2020-07-31
2020-07-31 15:24 ` Jiri Olsa
@ 2020-07-31 16:12 ` Daniel Borkmann
2020-07-31 18:08 ` Jiri Olsa
0 siblings, 1 reply; 5+ messages in thread
From: Daniel Borkmann @ 2020-07-31 16:12 UTC (permalink / raw)
To: Jiri Olsa; +Cc: davem, kuba, ast, jolsa, netdev, bpf
On 7/31/20 5:24 PM, Jiri Olsa wrote:
> On Fri, Jul 31, 2020 at 03:51:45PM +0200, Daniel Borkmann wrote:
>> Hi David,
>>
>> The following pull-request contains BPF updates for your *net* tree.
>>
>> We've added 5 non-merge commits during the last 21 day(s) which contain
>> a total of 5 files changed, 126 insertions(+), 18 deletions(-).
>>
>> The main changes are:
>>
>> 1) Fix a map element leak in HASH_OF_MAPS map type, from Andrii Nakryiko.
>>
>> 2) Fix a NULL pointer dereference in __btf_resolve_helper_id() when no
>> btf_vmlinux is available, from Peilin Ye.
>>
>> 3) Init pos variable in __bpfilter_process_sockopt(), from Christoph Hellwig.
>>
>> 4) Fix a cgroup sockopt verifier test by specifying expected attach type,
>> from Jean-Philippe Brucker.
>>
>> Please consider pulling these changes from:
>>
>> git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
>>
>> Thanks a lot!
>>
>> Note that when net gets merged into net-next later on, there is a small
>> merge conflict in kernel/bpf/btf.c between commit 5b801dfb7feb ("bpf: Fix
>> NULL pointer dereference in __btf_resolve_helper_id()") from the bpf tree
>> and commit 138b9a0511c7 ("bpf: Remove btf_id helpers resolving") from the
>> net-next tree.
>>
>> Resolve as follows: remove the old hunk with the __btf_resolve_helper_id()
>> function. Change the btf_resolve_helper_id() so it actually tests for a
>> NULL btf_vmlinux and bails out:
>>
>> int btf_resolve_helper_id(struct bpf_verifier_log *log,
>> const struct bpf_func_proto *fn, int arg)
>> {
>> int id;
>>
>> if (fn->arg_type[arg] != ARG_PTR_TO_BTF_ID || !btf_vmlinux)
>> return -EINVAL;
>> id = fn->btf_id[arg];
>> if (!id || id > btf_vmlinux->nr_types)
>> return -EINVAL;
>> return id;
>> }
>>
>> Let me know if you run into any others issues (CC'ing Jiri Olsa so he's in
>> the loop with regards to merge conflict resolution).
>
> we'll loose the bpf_log message, but I'm fine with that ;-) looks good
Checking again on the fix, even though it was only triggered by syzkaller
so far, I think it's also possible if users don't have BTF debug data set
in the Kconfig but use a helper that expects it, so agree, lets re-add the
log in this case:
int btf_resolve_helper_id(struct bpf_verifier_log *log,
const struct bpf_func_proto *fn, int arg)
{
int id;
if (fn->arg_type[arg] != ARG_PTR_TO_BTF_ID)
return -EINVAL;
if (!btf_vmlinux) {
bpf_log(log, "btf_vmlinux doesn't exist\n");
return -EINVAL;
}
id = fn->btf_id[arg];
if (!id || id > btf_vmlinux->nr_types)
return -EINVAL;
return id;
}
Thanks,
Daniel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: pull-request: bpf 2020-07-31
2020-07-31 16:12 ` Daniel Borkmann
@ 2020-07-31 18:08 ` Jiri Olsa
0 siblings, 0 replies; 5+ messages in thread
From: Jiri Olsa @ 2020-07-31 18:08 UTC (permalink / raw)
To: Daniel Borkmann; +Cc: davem, kuba, ast, jolsa, netdev, bpf
On Fri, Jul 31, 2020 at 06:12:48PM +0200, Daniel Borkmann wrote:
SNIP
> > > return -EINVAL;
> > > return id;
> > > }
> > >
> > > Let me know if you run into any others issues (CC'ing Jiri Olsa so he's in
> > > the loop with regards to merge conflict resolution).
> >
> > we'll loose the bpf_log message, but I'm fine with that ;-) looks good
>
> Checking again on the fix, even though it was only triggered by syzkaller
> so far, I think it's also possible if users don't have BTF debug data set
> in the Kconfig but use a helper that expects it, so agree, lets re-add the
> log in this case:
>
> int btf_resolve_helper_id(struct bpf_verifier_log *log,
> const struct bpf_func_proto *fn, int arg)
> {
> int id;
>
> if (fn->arg_type[arg] != ARG_PTR_TO_BTF_ID)
> return -EINVAL;
> if (!btf_vmlinux) {
> bpf_log(log, "btf_vmlinux doesn't exist\n");
> return -EINVAL;
> }
> id = fn->btf_id[arg];
> if (!id || id > btf_vmlinux->nr_types)
> return -EINVAL;
> return id;
> }
ok, looks good
jirka
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: pull-request: bpf 2020-07-31
2020-07-31 13:51 pull-request: bpf 2020-07-31 Daniel Borkmann
2020-07-31 15:24 ` Jiri Olsa
@ 2020-08-01 0:20 ` David Miller
1 sibling, 0 replies; 5+ messages in thread
From: David Miller @ 2020-08-01 0:20 UTC (permalink / raw)
To: daniel; +Cc: kuba, ast, jolsa, netdev, bpf
From: Daniel Borkmann <daniel@iogearbox.net>
Date: Fri, 31 Jul 2020 15:51:45 +0200
> The following pull-request contains BPF updates for your *net* tree.
>
> We've added 5 non-merge commits during the last 21 day(s) which contain
> a total of 5 files changed, 126 insertions(+), 18 deletions(-).
>
> The main changes are:
>
> 1) Fix a map element leak in HASH_OF_MAPS map type, from Andrii Nakryiko.
>
> 2) Fix a NULL pointer dereference in __btf_resolve_helper_id() when no
> btf_vmlinux is available, from Peilin Ye.
>
> 3) Init pos variable in __bpfilter_process_sockopt(), from Christoph Hellwig.
>
> 4) Fix a cgroup sockopt verifier test by specifying expected attach type,
> from Jean-Philippe Brucker.
>
> Please consider pulling these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
Pulled.
> Note that when net gets merged into net-next later on, there is a small
> merge conflict in kernel/bpf/btf.c between commit 5b801dfb7feb ("bpf: Fix
> NULL pointer dereference in __btf_resolve_helper_id()") from the bpf tree
> and commit 138b9a0511c7 ("bpf: Remove btf_id helpers resolving") from the
> net-next tree.
>
> Resolve as follows: remove the old hunk with the __btf_resolve_helper_id()
> function. Change the btf_resolve_helper_id() so it actually tests for a
> NULL btf_vmlinux and bails out:
...
Noted, thank you.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-08-01 0:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-31 13:51 pull-request: bpf 2020-07-31 Daniel Borkmann
2020-07-31 15:24 ` Jiri Olsa
2020-07-31 16:12 ` Daniel Borkmann
2020-07-31 18:08 ` Jiri Olsa
2020-08-01 0:20 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).