From: Greg KH <gregkh@linuxfoundation.org>
To: Rafael David Tinoco <rafaeldtinoco@gmail.com>,
Lee Jones <lee.jones@linaro.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
stable@vger.kernel.org
Subject: Re: FAILED: patch "[PATCH] bpf: Fix toctou on read-only map's constant scalar tracking" failed to apply to 5.4-stable tree
Date: Sat, 5 Mar 2022 14:50:46 +0100 [thread overview]
Message-ID: <YiNqtoeFno9LxaRF@kroah.com> (raw)
In-Reply-To: <577A5957-B1ED-41D8-A17C-227E15C23925@gmail.com>
On Tue, Mar 01, 2022 at 07:04:40PM -0300, Rafael David Tinoco wrote:
>
> >> The bad-commit mentioned in "the Fixes tag":
> >> Fixes: a23740ec43ba ("bpf: Track contents of read-only maps as scalars")
> >> Which as you say, could well have been fixing another issue.
> >> In fact, yes it was:
> >> https://lore.kernel.org/stable/20210821203108.215937-2-rafaeldtinoco@gmail.com/
> >> Daniel, what do you suggest please?
> >
> > Hm, okay, so a23740ec43ba ("bpf: Track contents of read-only maps as scalars") was
> > backported to 5.4.144 given Rafael needed it to fix a failing regression test [0].
> >
> > Normally, I would have said that we should just revert a23740ec43ba given it was
> > not a 'fix' in the first place, but then we are getting into a situation where it
> > would break Rafael's now functioning test case again on 5.4.144+ released kernels.
> >
>
> IIRC, Without this patch, eBPF programs with extern variables, either from ksyms
> or kconfig relocations, done by libbpf, used as branch conditions, won't work in
> <= 5.4.144.
>
> Something like:
>
> extern u32 CONFIG_ARCH_HAS_SYSCALL_WRAPPER __kconfig;
> ...
> if (CONFIG_ARCH_HAS_SYSCALL_WRAPPER) {
> valid BTF type declared/used
> } else {
> <dead code>: invalid BTF type declared/used
> }
> ...
>
> The dead code is always evaluated and object load does not pass the verifier.
>
> The workaround to mitigate this is to always rely in type/field existence checks
> for the branch conditions, instead of relying in kconfig/ksyms relocations.
>
> We've been doing this to support same CO-RE BPF obj in kernels < 5.4 so I guess
> we could continue doing this for 5.4 as well (allowing you to drop this "fix").
>
> Sorry for the burden (about having to introduce another fix, needed because of
> that patch). I hope nobody else is relying on it and, if they are, there is a
> mitigation described above.
>
> So, feel free to drop it if it's easier for 5.4 maintenance, I'll mitigate
> code on our side.
Thanks for the info.
Lee, can you make up a revert patch for 5.4 with the above information
in it so that I can queue it up?
thanks,
greg k-h
next prev parent reply other threads:[~2022-03-05 13:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-22 10:33 FAILED: patch "[PATCH] bpf: Fix toctou on read-only map's constant scalar tracking" failed to apply to 5.4-stable tree gregkh
2022-02-17 15:57 ` Lee Jones
2022-02-17 16:17 ` Greg KH
2022-02-17 17:05 ` Lee Jones
2022-02-21 9:52 ` Lee Jones
2022-02-21 10:24 ` Greg KH
2022-02-21 10:44 ` Lee Jones
2022-03-01 21:23 ` Daniel Borkmann
2022-03-01 22:04 ` Rafael David Tinoco
2022-03-05 13:50 ` Greg KH [this message]
2022-03-07 8:38 ` Lee Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YiNqtoeFno9LxaRF@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=lee.jones@linaro.org \
--cc=rafaeldtinoco@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.