1. 15 Dec, 2020 36 commits
  2. 14 Dec, 2020 4 commits
    • Jakub Kicinski's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 7bca5021
      Jakub Kicinski authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS updates for net-next
      
      1) Missing dependencies in NFT_BRIDGE_REJECT, from Randy Dunlap.
      
      2) Use atomic_inc_return() instead of atomic_add_return() in IPVS,
         from Yejune Deng.
      
      3) Simplify check for overquota in xt_nfacct, from Kaixu Xia.
      
      4) Move nfnl_acct_list away from struct net, from Miao Wang.
      
      5) Pass actual sk in reject actions, from Jan Engelhardt.
      
      6) Add timeout and protoinfo to ctnetlink destroy events,
         from Florian Westphal.
      
      7) Four patches to generalize set infrastructure to support
         for multiple expressions per set element.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next:
        netfilter: nftables: netlink support for several set element expressions
        netfilter: nftables: generalize set extension to support for several expressions
        netfilter: nftables: move nft_expr before nft_set
        netfilter: nftables: generalize set expressions support
        netfilter: ctnetlink: add timeout and protoinfo to destroy events
        netfilter: use actual socket sk for REJECT action
        netfilter: nfnl_acct: remove data from struct net
        netfilter: Remove unnecessary conversion to bool
        ipvs: replace atomic_add_return()
        netfilter: nft_reject_bridge: fix build errors due to code movement
      ====================
      
      Link: https://lore.kernel.org/r/20201212230513.3465-1-pablo@netfilter.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      7bca5021
    • Jakub Kicinski's avatar
      Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next · a6b5e026
      Jakub Kicinski authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf-next 2020-12-14
      
      1) Expose bpf_sk_storage_*() helpers to iterator programs, from Florent Revest.
      
      2) Add AF_XDP selftests based on veth devs to BPF selftests, from Weqaar Janjua.
      
      3) Support for finding BTF based kernel attach targets through libbpf's
         bpf_program__set_attach_target() API, from Andrii Nakryiko.
      
      4) Permit pointers on stack for helper calls in the verifier, from Yonghong Song.
      
      5) Fix overflows in hash map elem size after rlimit removal, from Eric Dumazet.
      
      6) Get rid of direct invocation of llc in BPF selftests, from Andrew Delgadillo.
      
      7) Fix xsk_recvmsg() to reorder socket state check before access, from Björn Töpel.
      
      8) Add new libbpf API helper to retrieve ring buffer epoll fd, from Brendan Jackman.
      
      9) Batch of minor BPF selftest improvements all over the place, from Florian Lehner,
         KP Singh, Jiri Olsa and various others.
      
      * https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next: (31 commits)
        selftests/bpf: Add a test for ptr_to_map_value on stack for helper access
        bpf: Permits pointers on stack for helper calls
        libbpf: Expose libbpf ring_buffer epoll_fd
        selftests/bpf: Add set_attach_target() API selftest for module target
        libbpf: Support modules in bpf_program__set_attach_target() API
        selftests/bpf: Silence ima_setup.sh when not running in verbose mode.
        selftests/bpf: Drop the need for LLVM's llc
        selftests/bpf: fix bpf_testmod.ko recompilation logic
        samples/bpf: Fix possible hang in xdpsock with multiple threads
        selftests/bpf: Make selftest compilation work on clang 11
        selftests/bpf: Xsk selftests - adding xdpxceiver to .gitignore
        selftests/bpf: Drop tcp-{client,server}.py from Makefile
        selftests/bpf: Xsk selftests - Bi-directional Sockets - SKB, DRV
        selftests/bpf: Xsk selftests - Socket Teardown - SKB, DRV
        selftests/bpf: Xsk selftests - DRV POLL, NOPOLL
        selftests/bpf: Xsk selftests - SKB POLL, NOPOLL
        selftests/bpf: Xsk selftests framework
        bpf: Only provide bpf_sock_from_file with CONFIG_NET
        bpf: Return -ENOTSUPP when attaching to non-kernel BTF
        xsk: Validate socket state in xsk_recvmsg, prior touching socket members
        ...
      ====================
      
      Link: https://lore.kernel.org/r/20201214214316.20642-1-daniel@iogearbox.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      a6b5e026
    • Yonghong Song's avatar
      selftests/bpf: Add a test for ptr_to_map_value on stack for helper access · b4b638c3
      Yonghong Song authored
      Change bpf_iter_task.c such that pointer to map_value may appear
      on the stack for bpf_seq_printf() to access. Without previous
      verifier patch, the bpf_iter test will fail.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarSong Liu <songliubraving@fb.com>
      Link: https://lore.kernel.org/bpf/20201210013350.943985-1-yhs@fb.com
      b4b638c3
    • Yonghong Song's avatar
      bpf: Permits pointers on stack for helper calls · cd17d38f
      Yonghong Song authored
      Currently, when checking stack memory accessed by helper calls,
      for spills, only PTR_TO_BTF_ID and SCALAR_VALUE are
      allowed.
      
      Song discovered an issue where the below bpf program
        int dump_task(struct bpf_iter__task *ctx)
        {
          struct seq_file *seq = ctx->meta->seq;
          static char[] info = "abc";
          BPF_SEQ_PRINTF(seq, "%s\n", info);
          return 0;
        }
      may cause a verifier failure.
      
      The verifier output looks like:
        ; struct seq_file *seq = ctx->meta->seq;
        1: (79) r1 = *(u64 *)(r1 +0)
        ; BPF_SEQ_PRINTF(seq, "%s\n", info);
        2: (18) r2 = 0xffff9054400f6000
        4: (7b) *(u64 *)(r10 -8) = r2
        5: (bf) r4 = r10
        ;
        6: (07) r4 += -8
        ; BPF_SEQ_PRINTF(seq, "%s\n", info);
        7: (18) r2 = 0xffff9054400fe000
        9: (b4) w3 = 4
        10: (b4) w5 = 8
        11: (85) call bpf_seq_printf#126
         R1_w=ptr_seq_file(id=0,off=0,imm=0) R2_w=map_value(id=0,off=0,ks=4,vs=4,imm=0)
        R3_w=inv4 R4_w=fp-8 R5_w=inv8 R10=fp0 fp-8_w=map_value
        last_idx 11 first_idx 0
        regs=8 stack=0 before 10: (b4) w5 = 8
        regs=8 stack=0 before 9: (b4) w3 = 4
        invalid indirect read from stack off -8+0 size 8
      
      Basically, the verifier complains the map_value pointer at "fp-8" location.
      To fix the issue, if env->allow_ptr_leaks is true, let us also permit
      pointers on the stack to be accessible by the helper.
      Reported-by: default avatarSong Liu <songliubraving@fb.com>
      Suggested-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarSong Liu <songliubraving@fb.com>
      Link: https://lore.kernel.org/bpf/20201210013349.943719-1-yhs@fb.com
      cd17d38f