From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, "Simon Sundberg" <simon.sundberg@kau.se>,
"Toke Høiland-Jørgensen" <toke@redhat.com>,
"Alexei Starovoitov" <ast@kernel.org>
Subject: [PATCH 5.18 09/11] bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs
Date: Thu, 23 Jun 2022 18:45:21 +0200 [thread overview]
Message-ID: <20220623164322.585696427@linuxfoundation.org> (raw)
In-Reply-To: <20220623164322.315085512@linuxfoundation.org>
From: Toke Høiland-Jørgensen <toke@redhat.com>
commit f858c2b2ca04fc7ead291821a793638ae120c11d upstream.
The verifier allows programs to call global functions as long as their
argument types match, using BTF to check the function arguments. One of the
allowed argument types to such global functions is PTR_TO_CTX; however the
check for this fails on BPF_PROG_TYPE_EXT functions because the verifier
uses the wrong type to fetch the vmlinux BTF ID for the program context
type. This failure is seen when an XDP program is loaded using
libxdp (which loads it as BPF_PROG_TYPE_EXT and attaches it to a global XDP
type program).
Fix the issue by passing in the target program type instead of the
BPF_PROG_TYPE_EXT type to bpf_prog_get_ctx() when checking function
argument compatibility.
The first Fixes tag refers to the latest commit that touched the code in
question, while the second one points to the code that first introduced
the global function call verification.
v2:
- Use resolve_prog_type()
Fixes: 3363bd0cfbb8 ("bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support")
Fixes: 51c39bb1d5d1 ("bpf: Introduce function-by-function verification")
Reported-by: Simon Sundberg <simon.sundberg@kau.se>
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Link: https://lore.kernel.org/r/20220606075253.28422-1-toke@redhat.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
[ backport: resolve conflict due to kptr series missing ]
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/btf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -5769,6 +5769,7 @@ static int btf_check_func_arg_match(stru
struct bpf_reg_state *regs,
bool ptr_to_mem_ok)
{
+ enum bpf_prog_type prog_type = resolve_prog_type(env->prog);
struct bpf_verifier_log *log = &env->log;
u32 i, nargs, ref_id, ref_obj_id = 0;
bool is_kfunc = btf_is_kernel(btf);
@@ -5834,8 +5835,7 @@ static int btf_check_func_arg_match(stru
if (ret < 0)
return ret;
- if (btf_get_prog_ctx_type(log, btf, t,
- env->prog->type, i)) {
+ if (btf_get_prog_ctx_type(log, btf, t, prog_type, i)) {
/* If function expects ctx type in BTF check that caller
* is passing PTR_TO_CTX.
*/
next prev parent reply other threads:[~2022-06-23 18:24 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-23 16:45 [PATCH 5.18 00/11] 5.18.7-rc1 review Greg Kroah-Hartman
2022-06-23 16:45 ` [PATCH 5.18 01/11] s390/mm: use non-quiescing sske for KVM switch to keyed guest Greg Kroah-Hartman
2022-06-23 16:45 ` [PATCH 5.18 02/11] zonefs: fix zonefs_iomap_begin() for reads Greg Kroah-Hartman
2022-06-23 16:45 ` [PATCH 5.18 03/11] wifi: rtlwifi: remove always-true condition pointed out by GCC 12 Greg Kroah-Hartman
2022-06-23 16:45 ` [PATCH 5.18 04/11] eth: sun: cassini: remove dead code Greg Kroah-Hartman
2022-06-23 16:45 ` [PATCH 5.18 05/11] net: wwan: iosm: remove pointless null check Greg Kroah-Hartman
2022-06-23 16:45 ` [PATCH 5.18 06/11] x86/boot: Wrap literal addresses in absolute_pointer() Greg Kroah-Hartman
2022-06-23 16:45 ` [PATCH 5.18 07/11] fsnotify: introduce mark type iterator Greg Kroah-Hartman
2022-06-23 16:45 ` [PATCH 5.18 08/11] fsnotify: consistent behavior for parent not watching children Greg Kroah-Hartman
2022-06-23 16:45 ` Greg Kroah-Hartman [this message]
2022-06-23 16:45 ` [PATCH 5.18 10/11] selftests/bpf: Add selftest for calling global functions from freplace Greg Kroah-Hartman
2022-06-23 16:45 ` [PATCH 5.18 11/11] dt-bindings: nvmem: sfp: Add clock properties Greg Kroah-Hartman
2022-06-23 20:33 ` [PATCH 5.18 00/11] 5.18.7-rc1 review Florian Fainelli
2022-06-23 23:31 ` Zan Aziz
2022-06-24 0:51 ` Shuah Khan
2022-06-24 7:30 ` Ron Economos
2022-06-24 9:25 ` Bagas Sanjaya
2022-06-24 10:39 ` Sudip Mukherjee
2022-06-24 16:07 ` Rudi Heitbaum
2022-06-24 16:38 ` Justin Forbes
2022-06-24 23:36 ` Guenter Roeck
2022-06-25 13:24 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220623164322.585696427@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ast@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=simon.sundberg@kau.se \
--cc=stable@vger.kernel.org \
--cc=toke@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).