| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241214203600.423120-1-daniel@iogearbox.net>
Date: Sat, 14 Dec 2024 21:36:00 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: torvalds@...ux-foundation.org
Cc: bpf@...r.kernel.org,
netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
alexei.starovoitov@...il.com,
andrii@...nel.org,
daniel@...earbox.net,
martin.lau@...nel.org
Subject: [GIT PULL] bpf for v6.13-rc3
Hi Linus,
The following changes since commit fac04efc5c793dccbd07e2d59af9f90b7fc0dca4:
Linux 6.13-rc2 (2024-12-08 14:03:39 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git tags/bpf-fixes
for you to fetch changes up to c83508da5620ef89232cb614fb9e02dfdfef2b8f:
bpf: Avoid deadlock caused by nested kprobe and fentry bpf programs (2024-12-14 09:49:27 -0800)
----------------------------------------------------------------
BPF fixes:
- Fix a bug in the BPF verifier to track changes to packet data
property for global functions (Eduard Zingerman)
- Fix a theoretical BPF prog_array use-after-free in RCU handling
of __uprobe_perf_func (Jann Horn)
- Fix BPF tracing to have an explicit list of tracepoints and
their arguments which need to be annotated as PTR_MAYBE_NULL
(Kumar Kartikeya Dwivedi)
- Fix a logic bug in the bpf_remove_insns code where a potential
error would have been wrongly propagated (Anton Protopopov)
- Avoid deadlock scenarios caused by nested kprobe and fentry
BPF programs (Priya Bala Govindasamy)
- Fix a bug in BPF verifier which was missing a size check for
BTF-based context access (Kumar Kartikeya Dwivedi)
- Fix a crash found by syzbot through an invalid BPF prog_array
access in perf_event_detach_bpf_prog (Jiri Olsa)
- Fix several BPF sockmap bugs including a race causing a
refcount imbalance upon element replace (Michal Luczaj)
- Fix a use-after-free from mismatching BPF program/attachment
RCU flavors (Jann Horn)
Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
----------------------------------------------------------------
Alexei Starovoitov (3):
Merge branch 'bpf-track-changes_pkt_data-property-for-global-functions'
Merge branch 'add-missing-size-check-for-btf-based-ctx-access'
Merge branch 'explicit-raw_tp-null-arguments'
Anton Protopopov (1):
bpf: fix potential error return
Eduard Zingerman (10):
bpf: add find_containing_subprog() utility function
bpf: refactor bpf_helper_changes_pkt_data to use helper number
bpf: track changes_pkt_data property for global functions
selftests/bpf: test for changing packet data from global functions
bpf: check changes_pkt_data property for extension programs
selftests/bpf: freplace tests for tracking of changes_packet_data
bpf: consider that tail calls invalidate packet pointers
selftests/bpf: validate that tail call invalidates packet pointers
bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs
selftests/bpf: extend changes_pkt_data with cases w/o subprograms
Jann Horn (2):
bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
bpf: Fix theoretical prog_array UAF in __uprobe_perf_func()
Jiri Olsa (1):
bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog
Kumar Kartikeya Dwivedi (5):
bpf: Check size for BTF-based ctx access of pointer members
selftests/bpf: Add test for narrow ctx load for pointer args
bpf: Revert "bpf: Mark raw_tp arguments with PTR_MAYBE_NULL"
bpf: Augment raw_tp arguments with PTR_MAYBE_NULL
selftests/bpf: Add tests for raw_tp NULL args
Michal Luczaj (3):
bpf, sockmap: Fix update element with same
bpf, sockmap: Fix race between element replace and close()
selftests/bpf: Extend test for sockmap update with same
Priya Bala Govindasamy (1):
bpf: Avoid deadlock caused by nested kprobe and fentry bpf programs
include/linux/bpf.h | 20 +--
include/linux/bpf_verifier.h | 1 +
include/linux/filter.h | 2 +-
kernel/bpf/Makefile | 6 +
kernel/bpf/btf.c | 149 ++++++++++++++++++-
kernel/bpf/core.c | 8 +-
kernel/bpf/verifier.c | 160 ++++++++++-----------
kernel/trace/bpf_trace.c | 11 ++
kernel/trace/trace_uprobe.c | 6 +-
net/core/filter.c | 65 ++++-----
net/core/sock_map.c | 6 +-
.../selftests/bpf/prog_tests/changes_pkt_data.c | 107 ++++++++++++++
.../testing/selftests/bpf/prog_tests/raw_tp_null.c | 3 +
.../selftests/bpf/prog_tests/sockmap_basic.c | 8 +-
.../testing/selftests/bpf/progs/changes_pkt_data.c | 39 +++++
.../bpf/progs/changes_pkt_data_freplace.c | 18 +++
tools/testing/selftests/bpf/progs/raw_tp_null.c | 19 ++-
.../testing/selftests/bpf/progs/raw_tp_null_fail.c | 24 ++++
tools/testing/selftests/bpf/progs/tc_bpf2bpf.c | 2 +
.../selftests/bpf/progs/test_tp_btf_nullable.c | 6 +-
.../selftests/bpf/progs/verifier_btf_ctx_access.c | 40 +++++-
.../testing/selftests/bpf/progs/verifier_d_path.c | 4 +-
tools/testing/selftests/bpf/progs/verifier_sock.c | 56 ++++++++
23 files changed, 596 insertions(+), 164 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/changes_pkt_data.c
create mode 100644 tools/testing/selftests/bpf/progs/changes_pkt_data.c
create mode 100644 tools/testing/selftests/bpf/progs/changes_pkt_data_freplace.c
create mode 100644 tools/testing/selftests/bpf/progs/raw_tp_null_fail.c
Powered by blists - more mailing lists