lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241214203600.423120-1-daniel@iogearbox.net>
Date: Sat, 14 Dec 2024 21:36:00 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: torvalds@...ux-foundation.org
Cc: bpf@...r.kernel.org,
	netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	alexei.starovoitov@...il.com,
	andrii@...nel.org,
	daniel@...earbox.net,
	martin.lau@...nel.org
Subject: [GIT PULL] bpf for v6.13-rc3

Hi Linus,

The following changes since commit fac04efc5c793dccbd07e2d59af9f90b7fc0dca4:

  Linux 6.13-rc2 (2024-12-08 14:03:39 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git tags/bpf-fixes

for you to fetch changes up to c83508da5620ef89232cb614fb9e02dfdfef2b8f:

  bpf: Avoid deadlock caused by nested kprobe and fentry bpf programs (2024-12-14 09:49:27 -0800)

----------------------------------------------------------------
BPF fixes:

- Fix a bug in the BPF verifier to track changes to packet data
  property for global functions (Eduard Zingerman)

- Fix a theoretical BPF prog_array use-after-free in RCU handling
  of __uprobe_perf_func (Jann Horn)

- Fix BPF tracing to have an explicit list of tracepoints and
  their arguments which need to be annotated as PTR_MAYBE_NULL
  (Kumar Kartikeya Dwivedi)

- Fix a logic bug in the bpf_remove_insns code where a potential
  error would have been wrongly propagated (Anton Protopopov)

- Avoid deadlock scenarios caused by nested kprobe and fentry
  BPF programs (Priya Bala Govindasamy)

- Fix a bug in BPF verifier which was missing a size check for
  BTF-based context access (Kumar Kartikeya Dwivedi)

- Fix a crash found by syzbot through an invalid BPF prog_array
  access in perf_event_detach_bpf_prog (Jiri Olsa)

- Fix several BPF sockmap bugs including a race causing a
  refcount imbalance upon element replace (Michal Luczaj)

- Fix a use-after-free from mismatching BPF program/attachment
  RCU flavors (Jann Horn)

Signed-off-by: Daniel Borkmann <daniel@...earbox.net>

----------------------------------------------------------------
Alexei Starovoitov (3):
      Merge branch 'bpf-track-changes_pkt_data-property-for-global-functions'
      Merge branch 'add-missing-size-check-for-btf-based-ctx-access'
      Merge branch 'explicit-raw_tp-null-arguments'

Anton Protopopov (1):
      bpf: fix potential error return

Eduard Zingerman (10):
      bpf: add find_containing_subprog() utility function
      bpf: refactor bpf_helper_changes_pkt_data to use helper number
      bpf: track changes_pkt_data property for global functions
      selftests/bpf: test for changing packet data from global functions
      bpf: check changes_pkt_data property for extension programs
      selftests/bpf: freplace tests for tracking of changes_packet_data
      bpf: consider that tail calls invalidate packet pointers
      selftests/bpf: validate that tail call invalidates packet pointers
      bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs
      selftests/bpf: extend changes_pkt_data with cases w/o subprograms

Jann Horn (2):
      bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
      bpf: Fix theoretical prog_array UAF in __uprobe_perf_func()

Jiri Olsa (1):
      bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog

Kumar Kartikeya Dwivedi (5):
      bpf: Check size for BTF-based ctx access of pointer members
      selftests/bpf: Add test for narrow ctx load for pointer args
      bpf: Revert "bpf: Mark raw_tp arguments with PTR_MAYBE_NULL"
      bpf: Augment raw_tp arguments with PTR_MAYBE_NULL
      selftests/bpf: Add tests for raw_tp NULL args

Michal Luczaj (3):
      bpf, sockmap: Fix update element with same
      bpf, sockmap: Fix race between element replace and close()
      selftests/bpf: Extend test for sockmap update with same

Priya Bala Govindasamy (1):
      bpf: Avoid deadlock caused by nested kprobe and fentry bpf programs

 include/linux/bpf.h                                |  20 +--
 include/linux/bpf_verifier.h                       |   1 +
 include/linux/filter.h                             |   2 +-
 kernel/bpf/Makefile                                |   6 +
 kernel/bpf/btf.c                                   | 149 ++++++++++++++++++-
 kernel/bpf/core.c                                  |   8 +-
 kernel/bpf/verifier.c                              | 160 ++++++++++-----------
 kernel/trace/bpf_trace.c                           |  11 ++
 kernel/trace/trace_uprobe.c                        |   6 +-
 net/core/filter.c                                  |  65 ++++-----
 net/core/sock_map.c                                |   6 +-
 .../selftests/bpf/prog_tests/changes_pkt_data.c    | 107 ++++++++++++++
 .../testing/selftests/bpf/prog_tests/raw_tp_null.c |   3 +
 .../selftests/bpf/prog_tests/sockmap_basic.c       |   8 +-
 .../testing/selftests/bpf/progs/changes_pkt_data.c |  39 +++++
 .../bpf/progs/changes_pkt_data_freplace.c          |  18 +++
 tools/testing/selftests/bpf/progs/raw_tp_null.c    |  19 ++-
 .../testing/selftests/bpf/progs/raw_tp_null_fail.c |  24 ++++
 tools/testing/selftests/bpf/progs/tc_bpf2bpf.c     |   2 +
 .../selftests/bpf/progs/test_tp_btf_nullable.c     |   6 +-
 .../selftests/bpf/progs/verifier_btf_ctx_access.c  |  40 +++++-
 .../testing/selftests/bpf/progs/verifier_d_path.c  |   4 +-
 tools/testing/selftests/bpf/progs/verifier_sock.c  |  56 ++++++++
 23 files changed, 596 insertions(+), 164 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/changes_pkt_data.c
 create mode 100644 tools/testing/selftests/bpf/progs/changes_pkt_data.c
 create mode 100644 tools/testing/selftests/bpf/progs/changes_pkt_data_freplace.c
 create mode 100644 tools/testing/selftests/bpf/progs/raw_tp_null_fail.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ