Patch "bpf: adjust insn_aux_data when patching insns" has been added to the 4.9-stable tree

All of lore.kernel.org
 help / color / mirror / Atom feed

From: <gregkh@linuxfoundation.org>
To: daniel@iogearbox.net, ast@fb.com, ast@kernel.org,
	davem@davemloft.net, gregkh@linuxfoundation.org
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "bpf: adjust insn_aux_data when patching insns" has been added to the 4.9-stable tree
Date: Fri, 22 Dec 2017 16:58:01 +0100	[thread overview]
Message-ID: <151395828124190@kroah.com> (raw)
In-Reply-To: <20171222152905.3455-2-daniel@iogearbox.net>


This is a note to let you know that I've just added the patch titled

    bpf: adjust insn_aux_data when patching insns

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bpf-adjust-insn_aux_data-when-patching-insns.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From foo@baz Fri Dec 22 16:57:35 CET 2017
From: Daniel Borkmann <daniel@iogearbox.net>
Date: Fri, 22 Dec 2017 16:29:02 +0100
Subject: bpf: adjust insn_aux_data when patching insns
To: gregkh@linuxfoundation.org
Cc: ast@kernel.org, daniel@iogearbox.net, jannh@google.com, stable@vger.kernel.org, Alexei Starovoitov <ast@fb.com>, "David S . Miller" <davem@davemloft.net>
Message-ID: <20171222152905.3455-2-daniel@iogearbox.net>

From: Daniel Borkmann <daniel@iogearbox.net>


From: Alexei Starovoitov <ast@fb.com>

[ Upstream commit 8041902dae5299c1f194ba42d14383f734631009 ]

convert_ctx_accesses() replaces single bpf instruction with a set of
instructions. Adjust corresponding insn_aux_data while patching.
It's needed to make sure subsequent 'for(all insn)' loops
have matching insn and insn_aux_data.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/bpf/verifier.c |   44 +++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 39 insertions(+), 5 deletions(-)

--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3210,6 +3210,41 @@ static void convert_pseudo_ld_imm64(stru
 			insn->src_reg = 0;
 }
 
+/* single env->prog->insni[off] instruction was replaced with the range
+ * insni[off, off + cnt).  Adjust corresponding insn_aux_data by copying
+ * [0, off) and [off, end) to new locations, so the patched range stays zero
+ */
+static int adjust_insn_aux_data(struct bpf_verifier_env *env, u32 prog_len,
+				u32 off, u32 cnt)
+{
+	struct bpf_insn_aux_data *new_data, *old_data = env->insn_aux_data;
+
+	if (cnt == 1)
+		return 0;
+	new_data = vzalloc(sizeof(struct bpf_insn_aux_data) * prog_len);
+	if (!new_data)
+		return -ENOMEM;
+	memcpy(new_data, old_data, sizeof(struct bpf_insn_aux_data) * off);
+	memcpy(new_data + off + cnt - 1, old_data + off,
+	       sizeof(struct bpf_insn_aux_data) * (prog_len - off - cnt + 1));
+	env->insn_aux_data = new_data;
+	vfree(old_data);
+	return 0;
+}
+
+static struct bpf_prog *bpf_patch_insn_data(struct bpf_verifier_env *env, u32 off,
+					    const struct bpf_insn *patch, u32 len)
+{
+	struct bpf_prog *new_prog;
+
+	new_prog = bpf_patch_insn_single(env->prog, off, patch, len);
+	if (!new_prog)
+		return NULL;
+	if (adjust_insn_aux_data(env, new_prog->len, off, len))
+		return NULL;
+	return new_prog;
+}
+
 /* convert load instructions that access fields of 'struct __sk_buff'
  * into sequence of instructions that access fields of 'struct sk_buff'
  */
@@ -3229,10 +3264,10 @@ static int convert_ctx_accesses(struct b
 			verbose("bpf verifier is misconfigured\n");
 			return -EINVAL;
 		} else if (cnt) {
-			new_prog = bpf_patch_insn_single(env->prog, 0,
-							 insn_buf, cnt);
+			new_prog = bpf_patch_insn_data(env, 0, insn_buf, cnt);
 			if (!new_prog)
 				return -ENOMEM;
+
 			env->prog = new_prog;
 			delta += cnt - 1;
 		}
@@ -3253,7 +3288,7 @@ static int convert_ctx_accesses(struct b
 		else
 			continue;
 
-		if (env->insn_aux_data[i].ptr_type != PTR_TO_CTX)
+		if (env->insn_aux_data[i + delta].ptr_type != PTR_TO_CTX)
 			continue;
 
 		cnt = ops->convert_ctx_access(type, insn->dst_reg, insn->src_reg,
@@ -3263,8 +3298,7 @@ static int convert_ctx_accesses(struct b
 			return -EINVAL;
 		}
 
-		new_prog = bpf_patch_insn_single(env->prog, i + delta, insn_buf,
-						 cnt);
+		new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt);
 		if (!new_prog)
 			return -ENOMEM;
 


Patches currently in stable-queue which might be from daniel@iogearbox.net are

queue-4.9/bpf-fix-branch-pruning-logic.patch
queue-4.9/bpf-adjust-insn_aux_data-when-patching-insns.patch
queue-4.9/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch
queue-4.9/bpf-reject-out-of-bounds-stack-pointer-calculation.patch

next prev parent reply	other threads:[~2017-12-22 15:58 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-22 15:29 [PATCH stable/4.9 0/4] BPF stable patches for 4.9 Daniel Borkmann
2017-12-22 15:29 ` [PATCH stable/4.9 1/4] bpf: adjust insn_aux_data when patching insns Daniel Borkmann
2017-12-22 15:58   ` gregkh [this message]
2017-12-22 15:29 ` [PATCH stable/4.9 2/4] bpf: fix branch pruning logic Daniel Borkmann
2017-12-22 15:58   ` Patch "bpf: fix branch pruning logic" has been added to the 4.9-stable tree gregkh
2017-12-22 15:29 ` [PATCH stable/4.9 3/4] bpf: reject out-of-bounds stack pointer calculation Daniel Borkmann
2017-12-22 15:58   ` Patch "bpf: reject out-of-bounds stack pointer calculation" has been added to the 4.9-stable tree gregkh
2017-12-22 15:29 ` [PATCH stable/4.9 4/4] bpf: fix incorrect sign extension in check_alu_op() Daniel Borkmann
2017-12-22 15:58   ` Patch "bpf: fix incorrect sign extension in check_alu_op()" has been added to the 4.9-stable tree gregkh
2017-12-22 16:04 ` [PATCH stable/4.9 0/4] BPF stable patches for 4.9 Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=151395828124190@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=ast@fb.com \
    --cc=ast@kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=stable-commits@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.