Commit eb71ab2b authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 

Pull bpf fixes from Alexei Starovoitov:

 - Fix alignment of arm64 JIT buffer to prevent atomic tearing (Fuad
   Tabba)

 - Fix invariant violation for single value tnums in the verifier
   (Harishankar Vishwanathan, Paul Chaignon)

 - Fix a bunch of issues found by ASAN in selftests/bpf (Ihor Solodrai)

 - Fix race in devmpa and cpumap on PREEMPT_RT (Jiayuan Chen)

 - Fix show_fdinfo of kprobe_multi when cookies are not present (Jiri
   Olsa)

 - Fix race in freeing special fields in BPF maps to prevent memory
   leaks (Kumar Kartikeya Dwivedi)

 - Fix OOB read in dmabuf_collector (T.J. Mercier)

* tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf: (36 commits)
  selftests/bpf: Avoid simplification of crafted bounds test
  selftests/bpf: Test refinement of single-value tnum
  bpf: Improve bounds when tnum has a single possible value
  bpf: Introduce tnum_step to step through tnum's members
  bpf: Fix race in devmap on PREEMPT_RT
  bpf: Fix race in cpumap on PREEMPT_RT
  selftests/bpf: Add tests for special fields races
  bpf: Retire rcu_trace_implies_rcu_gp() from local storage
  bpf: Delay freeing fields in local storage
  bpf: Lose const-ness of map in map_check_btf()
  bpf: Register dtor for freeing special fields
  selftests/bpf: Fix OOB read in dmabuf_collector
  selftests/bpf: Fix a memory leak in xdp_flowtable test
  bpf: Fix stack-out-of-bounds write in devmap
  bpf: Fix kprobe_multi cookies access in show_fdinfo callback
  bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing
  selftests/bpf: Don't override SIGSEGV handler with ASAN
  selftests/bpf: Check BPFTOOL env var in detect_bpftool_path()
  selftests/bpf: Fix out-of-bounds array access bugs reported by ASAN
  selftests/bpf: Fix array bounds warning in jit_disasm_helpers
  ...
parents 63a43faf b9c0a5c4

arch/arm64/net/bpf_jit_comp.c

+1 −1
Original line number Diff line number Diff line
@@ -2119,7 +2119,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) 
	extable_offset = round_up(prog_size + PLT_TARGET_SIZE, extable_align);

	image_size = extable_offset + extable_size;

	ro_header = bpf_jit_binary_pack_alloc(image_size, &ro_image_ptr,

					      sizeof(u32), &header, &image_ptr,

					      sizeof(u64), &header, &image_ptr,

					      jit_fill_hole);

	if (!ro_header) {

		prog = orig_prog;

include/linux/bpf.h

+2 −2
Original line number Diff line number Diff line
@@ -124,7 +124,7 @@ struct bpf_map_ops { 
	u32 (*map_fd_sys_lookup_elem)(void *ptr);

	void (*map_seq_show_elem)(struct bpf_map *map, void *key,

				  struct seq_file *m);

	int (*map_check_btf)(const struct bpf_map *map,

	int (*map_check_btf)(struct bpf_map *map,

			     const struct btf *btf,

			     const struct btf_type *key_type,

			     const struct btf_type *value_type);
@@ -656,7 +656,7 @@ static inline bool bpf_map_support_seq_show(const struct bpf_map *map) 
		map->ops->map_seq_show_elem;

}



int map_check_no_btf(const struct bpf_map *map,

int map_check_no_btf(struct bpf_map *map,

		     const struct btf *btf,

		     const struct btf_type *key_type,

		     const struct btf_type *value_type);

include/linux/bpf_local_storage.h

+1 −1
Original line number Diff line number Diff line
@@ -176,7 +176,7 @@ u32 bpf_local_storage_destroy(struct bpf_local_storage *local_storage); 
void bpf_local_storage_map_free(struct bpf_map *map,

				struct bpf_local_storage_cache *cache);



int bpf_local_storage_map_check_btf(const struct bpf_map *map,

int bpf_local_storage_map_check_btf(struct bpf_map *map,

				    const struct btf *btf,

				    const struct btf_type *key_type,

				    const struct btf_type *value_type);

include/linux/bpf_mem_alloc.h

+6 −0
Original line number Diff line number Diff line
@@ -14,6 +14,8 @@ struct bpf_mem_alloc { 
	struct obj_cgroup *objcg;

	bool percpu;

	struct work_struct work;

	void (*dtor_ctx_free)(void *ctx);

	void *dtor_ctx;

};



/* 'size != 0' is for bpf_mem_alloc which manages fixed-size objects.
@@ -32,6 +34,10 @@ int bpf_mem_alloc_percpu_init(struct bpf_mem_alloc *ma, struct obj_cgroup *objcg 
/* The percpu allocation with a specific unit size. */

int bpf_mem_alloc_percpu_unit_init(struct bpf_mem_alloc *ma, int size);

void bpf_mem_alloc_destroy(struct bpf_mem_alloc *ma);

void bpf_mem_alloc_set_dtor(struct bpf_mem_alloc *ma,

			    void (*dtor)(void *obj, void *ctx),

			    void (*dtor_ctx_free)(void *ctx),

			    void *ctx);



/* Check the allocation size for kmalloc equivalent allocator */

int bpf_mem_alloc_check_size(bool percpu, size_t size);

include/linux/tnum.h

+3 −0
Original line number Diff line number Diff line
@@ -131,4 +131,7 @@ static inline bool tnum_subreg_is_const(struct tnum a) 
	return !(tnum_subreg(a)).mask;

}



/* Returns the smallest member of t larger than z */

u64 tnum_step(struct tnum t, u64 z);



#endif /* _LINUX_TNUM_H */