[linux] 24/29: bpf: avoid ABI change in 4.9.77.

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Tue Jan 23 17:14:07 UTC 2018 

This is an automated email from the git hooks/post-receive script.

corsac pushed a commit to branch stretch
in repository linux.

commit 1d8ee174658a4a10047c37cca7bf7cb11caad92d
Author: Yves-Alexis Perez <corsac at corsac.net>
Date:   Sat Jan 20 17:25:00 2018 +0100

    bpf: avoid ABI change in 4.9.77.
---
 debian/changelog                                   |   3 +-
 .../debian/bpf-avoid-abi-change-in-4.9.77.patch    | 122 +++++++++++++++++++++
 debian/patches/series                              |   1 +
 3 files changed, 125 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index bdb6cc2..2a1814d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -794,7 +794,8 @@ linux (4.9.77-1) UNRELEASED; urgency=medium
   * debian/patches: drop patches included upstream:
     - bugfix/all/e1000e-fix-e1000_check_for_copper_link_ich8lan-return-value.patch
     - bugfix/all/kvm-fix-stack-out-of-bounds-read-in-write_mmio.patch
-  	- bugfix/all/bluetooth-prevent-stack-info-leak-from-the-efs-element.patch
+    - bugfix/all/bluetooth-prevent-stack-info-leak-from-the-efs-element.patch
+  * bpf: avoid ABI change in 4.9.77.
 
  -- Ben Hutchings <ben at decadent.org.uk>  Thu, 28 Dec 2017 02:16:23 +0000
 
diff --git a/debian/patches/debian/bpf-avoid-abi-change-in-4.9.77.patch b/debian/patches/debian/bpf-avoid-abi-change-in-4.9.77.patch
new file mode 100644
index 0000000..8b85bb4
--- /dev/null
+++ b/debian/patches/debian/bpf-avoid-abi-change-in-4.9.77.patch
@@ -0,0 +1,122 @@
+From: Yves-Alexis Perez <corsac at debian.org>
+Date: Sat, 20 Jan 2018 14:52:32 +0100
+Subject: bpf: Avoid ABI change in 4.9.77
+Forwarded: not-needed
+
+Commit a9bfac14cde2 "bpf: prevent out-of-bounds speculation" added one
+member each to struct bpf_map and struct bpf_array (which is
+effectively a sub-type of bpf_map).  Changing the size of struct
+bpf_array is an ABI change, since the array contents immediately
+follows the structure.  However, bpf_map::work is not used (or even
+initialised) until after the map's refcount drops to zero.  We can
+therefore move the new members into a union with it.
+
+Based on the patch against 4.14.14 by Ben Hutchings <ben at decadent.org.uk>
+
+---
+--- a/include/linux/bpf.h
++++ b/include/linux/bpf.h
+@@ -43,10 +43,20 @@ struct bpf_map {
+ 	u32 max_entries;
+ 	u32 map_flags;
+ 	u32 pages;
+-	bool unpriv_array;
++
+ 	struct user_struct *user;
+ 	const struct bpf_map_ops *ops;
++#ifdef __GENKSYMS__
+ 	struct work_struct work;
++#else
++	union {
++		struct work_struct work;
++		struct {
++			bool unpriv_array;
++			u32 index_mask;
++		};
++	};
++#endif
+ 	atomic_t usercnt;
+ };
+ 
+@@ -190,7 +200,6 @@ struct bpf_prog_aux {
+ struct bpf_array {
+ 	struct bpf_map map;
+ 	u32 elem_size;
+-	u32 index_mask;
+ 	/* 'ownership' of prog_array is claimed by the first program that
+ 	 * is going to use this map or by the first program which FD is stored
+ 	 * in the map to make sure that all callers and callees have the same
+--- a/kernel/bpf/arraymap.c
++++ b/kernel/bpf/arraymap.c
+@@ -99,7 +99,7 @@ static struct bpf_map *array_map_alloc(u
+ 	array = bpf_map_area_alloc(array_size);
+ 	if (!array)
+ 		return ERR_PTR(-ENOMEM);
+-	array->index_mask = index_mask;
++	array->map.index_mask = index_mask;
+ 	array->map.unpriv_array = unpriv;
+ 
+ 	/* copy mandatory map attributes */
+@@ -134,7 +134,7 @@ static void *array_map_lookup_elem(struc
+ 	if (unlikely(index >= array->map.max_entries))
+ 		return NULL;
+ 
+-	return array->value + array->elem_size * (index & array->index_mask);
++	return array->value + array->elem_size * (index & array->map.index_mask);
+ }
+ 
+ /* Called from eBPF program */
+@@ -146,7 +146,7 @@ static void *percpu_array_map_lookup_ele
+ 	if (unlikely(index >= array->map.max_entries))
+ 		return NULL;
+ 
+-	return this_cpu_ptr(array->pptrs[index & array->index_mask]);
++	return this_cpu_ptr(array->pptrs[index & array->map.index_mask]);
+ }
+ 
+ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
+@@ -166,7 +166,7 @@ int bpf_percpu_array_copy(struct bpf_map
+ 	 */
+ 	size = round_up(map->value_size, 8);
+ 	rcu_read_lock();
+-	pptr = array->pptrs[index & array->index_mask];
++	pptr = array->pptrs[index & array->map.index_mask];
+ 	for_each_possible_cpu(cpu) {
+ 		bpf_long_memcpy(value + off, per_cpu_ptr(pptr, cpu), size);
+ 		off += size;
+@@ -214,11 +214,11 @@ static int array_map_update_elem(struct
+ 		return -EEXIST;
+ 
+ 	if (array->map.map_type == BPF_MAP_TYPE_PERCPU_ARRAY)
+-		memcpy(this_cpu_ptr(array->pptrs[index & array->index_mask]),
++		memcpy(this_cpu_ptr(array->pptrs[index & array->map.index_mask]),
+ 		       value, map->value_size);
+ 	else
+ 		memcpy(array->value +
+-		       array->elem_size * (index & array->index_mask),
++		       array->elem_size * (index & array->map.index_mask),
+ 		       value, map->value_size);
+ 	return 0;
+ }
+@@ -252,7 +252,7 @@ int bpf_percpu_array_update(struct bpf_m
+ 	 */
+ 	size = round_up(map->value_size, 8);
+ 	rcu_read_lock();
+-	pptr = array->pptrs[index & array->index_mask];
++	pptr = array->pptrs[index & array->map.index_mask];
+ 	for_each_possible_cpu(cpu) {
+ 		bpf_long_memcpy(per_cpu_ptr(pptr, cpu), value + off, size);
+ 		off += size;
+--- a/kernel/bpf/verifier.c
++++ b/kernel/bpf/verifier.c
+@@ -3414,9 +3414,7 @@ static int fixup_bpf_calls(struct bpf_ve
+ 			insn_buf[0] = BPF_JMP_IMM(BPF_JGE, BPF_REG_3,
+ 						  map_ptr->max_entries, 2);
+ 			insn_buf[1] = BPF_ALU32_IMM(BPF_AND, BPF_REG_3,
+-						    container_of(map_ptr,
+-								 struct bpf_array,
+-								 map)->index_mask);
++						    map_ptr->index_mask);
+ 			insn_buf[2] = *insn;
+ 			cnt = 3;
+ 			new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt);
diff --git a/debian/patches/series b/debian/patches/series
index a378de5..db05bd7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -188,3 +188,4 @@ debian/revert-mm-hugetlbfs-introduce-split-to-vm_operations.patch
 debian/revert-dma-fence-Introduce-drm_fence_set_error-helpe.patch
 debian/revert-lib-genalloc.c-make-the-avail-variable-an-ato.patch
 debian/revert-tcp-invalidate-rate-samples-during-SACK-reneg.patch
+debian/bpf-avoid-abi-change-in-4.9.77.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list