Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

extern const struct bpf_func_proto bpf_btf_find_by_name_kind_proto;

extern const struct bpf_func_proto bpf_sk_setsockopt_proto;

extern const struct bpf_func_proto bpf_sk_getsockopt_proto;

extern const struct bpf_func_proto bpf_sk_setsockopt_nodelay_proto;

extern const struct bpf_func_proto bpf_unlocked_sk_setsockopt_proto;

extern const struct bpf_func_proto bpf_unlocked_sk_getsockopt_proto;

extern const struct bpf_func_proto bpf_find_vma_proto;

{

	struct bpf_arena *arena = container_of(map, struct bpf_arena, map);

	if ((u64)off > arena->user_vm_end - arena->user_vm_start)

	if ((u64)off >= arena->user_vm_end - arena->user_vm_start)

		return -ERANGE;

	*imm = (unsigned long)arena->user_vm_start;

	return 0;

		return -ENOMEM;

	}

	instance = call_instance(env, NULL, 0, 0);

	if (IS_ERR(instance)) {

		err = PTR_ERR(instance);

		goto out;

	}

	err = analyze_subprog(env, NULL, info, instance, callsites);

	if (err)

		goto out;

	/*

	 * Subprogs and callbacks that don't receive FP-derived arguments

	 * cannot access ancestor stack frames, so they were skipped during

	 * the recursive walk above.  Async callbacks (timer, workqueue) are

	 * also not reachable from the main program's call graph.  Analyze

	 * all unvisited subprogs as independent roots at depth 0.

	 * Analyze every subprog in reverse topological order (callers

	 * before callees) so that each subprog is analyzed before its

	 * callees, allowing the recursive walk inside analyze_subprog()

	 * to naturally reach callees that receive FP-derived args.

	 *

	 * Use reverse topological order (callers before callees) so that

	 * each subprog is analyzed before its callees, allowing the

	 * recursive walk inside analyze_subprog() to naturally

	 * reach nested callees that also lack FP-derived args.

	 * Subprogs and callbacks that don't receive FP-derived arguments

	 * cannot access ancestor stack frames are analyzed independently.

	 * Async callbacks (timer, workqueue) are handled the same way.

	 */

	for (k = env->subprog_cnt - 1; k >= 0; k--) {

		int sub = env->subprog_topo_order[k];

		struct bpf_map *map;

		smap = rcu_dereference(SDATA(selem)->smap);

		if (!(smap->map.map_flags & BPF_F_CLONE))

		if (!smap || !(smap->map.map_flags & BPF_F_CLONE))

			continue;

		/* Note that for lockless listeners adding new element

}

EXPORT_SYMBOL_GPL(bpf_sk_storage_diag_alloc);

static int diag_get(struct bpf_local_storage_data *sdata, struct sk_buff *skb)

static int diag_get(struct bpf_local_storage_map *smap,

		    struct bpf_local_storage_data *sdata, struct sk_buff *skb)

{

	struct nlattr *nla_stg, *nla_value;

	struct bpf_local_storage_map *smap;

	/* It cannot exceed max nlattr's payload */

	BUILD_BUG_ON(U16_MAX - NLA_HDRLEN < BPF_LOCAL_STORAGE_MAX_VALUE_SIZE);

	if (!nla_stg)

		return -EMSGSIZE;

	smap = rcu_dereference(sdata->smap);

	if (nla_put_u32(skb, SK_DIAG_BPF_STORAGE_MAP_ID, smap->map.id))

		goto errout;

				      sdata->data, true);

	else

		copy_map_value(&smap->map, nla_data(nla_value), sdata->data);

	check_and_init_map_value(&smap->map, nla_data(nla_value));

	nla_nest_end(skb, nla_stg);

	return 0;

	saved_len = skb->len;

	hlist_for_each_entry_rcu(selem, &sk_storage->list, snode) {

		smap = rcu_dereference(SDATA(selem)->smap);

		if (!smap)

			continue;

		diag_size += nla_value_size(smap->map.value_size);

		if (nla_stgs && diag_get(SDATA(selem), skb))

		if (nla_stgs && diag_get(smap, SDATA(selem), skb))

			/* Continue to learn diag_size */

			err = -EMSGSIZE;

	}

		diag_size += nla_value_size(diag->maps[i]->value_size);

		if (nla_stgs && diag_get(sdata, skb))

		if (nla_stgs && diag_get((struct bpf_local_storage_map *)diag->maps[i], sdata, skb))

			/* Continue to learn diag_size */

			err = -EMSGSIZE;

	}

	return err;

}

static void sk_reuseport_prog_free_rcu(struct rcu_head *rcu)

{

	struct bpf_prog_aux *aux = container_of(rcu, struct bpf_prog_aux, rcu);

	struct bpf_prog *prog = aux->prog;

	bpf_release_orig_filter(prog);

	bpf_prog_free(prog);

}

void sk_reuseport_prog_free(struct bpf_prog *prog)

{

	if (!prog)

		return;

	if (prog->type == BPF_PROG_TYPE_SK_REUSEPORT)

		bpf_prog_put(prog);

	if (bpf_prog_was_classic(prog))

		call_rcu(&prog->aux->rcu, sk_reuseport_prog_free_rcu);

	else

		bpf_prog_destroy(prog);

		bpf_prog_put(prog);

}

static inline int __bpf_try_make_writable(struct sk_buff *skb,

			   char *optval, int *optlen,

			   bool getopt)

{

	if (sk->sk_protocol != IPPROTO_TCP)

	if (!sk_is_tcp(sk))

		return -EINVAL;

	switch (optname) {

	.arg5_type	= ARG_CONST_SIZE,

};

BPF_CALL_5(bpf_sk_setsockopt_nodelay, struct sock *, sk, int, level,

	   int, optname, char *, optval, int, optlen)

{

	/*

	 * TCP_NODELAY triggers tcp_push_pending_frames() and re-enters

	 * CA_EVENT_TX_START in bpf_tcp_cc.

	 */

	if (level == SOL_TCP && optname == TCP_NODELAY)

		return -EOPNOTSUPP;

	return _bpf_setsockopt(sk, level, optname, optval, optlen);

}

const struct bpf_func_proto bpf_sk_setsockopt_nodelay_proto = {

	.func		= bpf_sk_setsockopt_nodelay,

	.gpl_only	= false,

	.ret_type	= RET_INTEGER,

	.arg1_type	= ARG_PTR_TO_BTF_ID_SOCK_COMMON,

	.arg2_type	= ARG_ANYTHING,

	.arg3_type	= ARG_ANYTHING,

	.arg4_type	= ARG_PTR_TO_MEM | MEM_RDONLY,

	.arg5_type	= ARG_CONST_SIZE,

};

BPF_CALL_5(bpf_unlocked_sk_setsockopt, struct sock *, sk, int, level,

	   int, optname, char *, optval, int, optlen)

{

	if (!is_locked_tcp_sock_ops(bpf_sock))

		return -EOPNOTSUPP;

	/* TCP_NODELAY triggers tcp_push_pending_frames() and re-enters these callbacks. */

	if ((bpf_sock->op == BPF_SOCK_OPS_HDR_OPT_LEN_CB ||

	     bpf_sock->op == BPF_SOCK_OPS_WRITE_HDR_OPT_CB) &&

	    level == SOL_TCP && optname == TCP_NODELAY)

		return -EOPNOTSUPP;

	return _bpf_setsockopt(bpf_sock->sk, level, optname, optval, optlen);

}

		 * against MTU of FIB lookup resulting net_device

		 */

		dev = dev_get_by_index_rcu(net, params->ifindex);

		if (unlikely(!dev))

			return -ENODEV;

		if (!is_skb_forwardable(dev, skb))

			rc = BPF_FIB_LKUP_RET_FRAG_NEEDED;

BPF_CALL_1(bpf_tcp_sock, struct sock *, sk)

{

	if (sk_fullsock(sk) && sk->sk_protocol == IPPROTO_TCP)

	if (sk_fullsock(sk) && sk_is_tcp(sk))

		return (unsigned long)sk;

	return (unsigned long)NULL;

	 */

	BTF_TYPE_EMIT(struct tcp6_sock);

	if (sk && sk_fullsock(sk) && sk->sk_protocol == IPPROTO_TCP &&

	    sk->sk_family == AF_INET6)

	    sk->sk_type == SOCK_STREAM && sk->sk_family == AF_INET6)

		return (unsigned long)sk;

	return (unsigned long)NULL;

BPF_CALL_1(bpf_skc_to_tcp_sock, struct sock *, sk)

{

	if (sk && sk_fullsock(sk) && sk->sk_protocol == IPPROTO_TCP)

	if (sk && sk_fullsock(sk) && sk_is_tcp(sk))

		return (unsigned long)sk;

	return (unsigned long)NULL;