diff options
author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2017-10-31 16:24:20 -0400 |
---|---|---|
committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2017-10-31 16:24:20 -0400 |
commit | 461ab5caa575cfbf472f0dff40d0e13e0b1c942a (patch) | |
tree | ad6153dd7a0290b426b8c2ec1ae2b4236d61769f | |
parent | 7eb9572b2534672aa06291b5e26f8468158ce3e7 (diff) | |
download | longterm-queue-4.8-461ab5caa575cfbf472f0dff40d0e13e0b1c942a.tar.gz |
bpf: remove patch for file not present in 4.8.x kernel
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
-rw-r--r-- | queue/bpf-improve-verifier-packet-range-checks.patch | 82 | ||||
-rw-r--r-- | queue/series | 1 |
2 files changed, 0 insertions, 83 deletions
diff --git a/queue/bpf-improve-verifier-packet-range-checks.patch b/queue/bpf-improve-verifier-packet-range-checks.patch deleted file mode 100644 index bbcdc2a..0000000 --- a/queue/bpf-improve-verifier-packet-range-checks.patch +++ /dev/null @@ -1,82 +0,0 @@ -From b1977682a3858b5584ffea7cfb7bd863f68db18d Mon Sep 17 00:00:00 2001 -From: Alexei Starovoitov <ast@fb.com> -Date: Fri, 24 Mar 2017 15:57:33 -0700 -Subject: [PATCH] bpf: improve verifier packet range checks - -commit b1977682a3858b5584ffea7cfb7bd863f68db18d upstream. - -llvm can optimize the 'if (ptr > data_end)' checks to be in the order -slightly different than the original C code which will confuse verifier. -Like: -if (ptr + 16 > data_end) - return TC_ACT_SHOT; -// may be followed by -if (ptr + 14 > data_end) - return TC_ACT_SHOT; -while llvm can see that 'ptr' is valid for all 16 bytes, -the verifier could not. -Fix verifier logic to account for such case and add a test. - -Reported-by: Huapeng Zhou <hzhou@fb.com> -Fixes: 969bf05eb3ce ("bpf: direct packet access") -Signed-off-by: Alexei Starovoitov <ast@kernel.org> -Acked-by: Daniel Borkmann <daniel@iogearbox.net> -Acked-by: Martin KaFai Lau <kafai@fb.com> -Signed-off-by: David S. Miller <davem@davemloft.net> - -diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c -index 796b68d00119..5e6202e62265 100644 ---- a/kernel/bpf/verifier.c -+++ b/kernel/bpf/verifier.c -@@ -1973,14 +1973,15 @@ static void find_good_pkt_pointers(struct bpf_verifier_state *state, - - for (i = 0; i < MAX_BPF_REG; i++) - if (regs[i].type == PTR_TO_PACKET && regs[i].id == dst_reg->id) -- regs[i].range = dst_reg->off; -+ /* keep the maximum range already checked */ -+ regs[i].range = max(regs[i].range, dst_reg->off); - - for (i = 0; i < MAX_BPF_STACK; i += BPF_REG_SIZE) { - if (state->stack_slot_type[i] != STACK_SPILL) - continue; - reg = &state->spilled_regs[i / BPF_REG_SIZE]; - if (reg->type == PTR_TO_PACKET && reg->id == dst_reg->id) -- reg->range = dst_reg->off; -+ reg->range = max(reg->range, dst_reg->off); - } - } - -diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c -index d1555e4240c0..7d761d4cc759 100644 ---- a/tools/testing/selftests/bpf/test_verifier.c -+++ b/tools/testing/selftests/bpf/test_verifier.c -@@ -3418,6 +3418,26 @@ static struct bpf_test tests[] = { - .prog_type = BPF_PROG_TYPE_LWT_XMIT, - }, - { -+ "overlapping checks for direct packet access", -+ .insns = { -+ BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, -+ offsetof(struct __sk_buff, data)), -+ BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, -+ offsetof(struct __sk_buff, data_end)), -+ BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), -+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), -+ BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 4), -+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_2), -+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 6), -+ BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_3, 1), -+ BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_2, 6), -+ BPF_MOV64_IMM(BPF_REG_0, 0), -+ BPF_EXIT_INSN(), -+ }, -+ .result = ACCEPT, -+ .prog_type = BPF_PROG_TYPE_LWT_XMIT, -+ }, -+ { - "invalid access of tc_classid for LWT_IN", - .insns = { - BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, --- -2.12.0 - diff --git a/queue/series b/queue/series index b07a53e..2e1361e 100644 --- a/queue/series +++ b/queue/series @@ -19,7 +19,6 @@ sparc64-Fix-kernel-panic-due-to-erroneous-ifdef-surr.patch net-neigh-guard-against-NULL-solicit-method.patch net-phy-handle-state-correctly-in-phy_stop_machine.patch kcm-return-immediately-after-copy_from_user-failure.patch -bpf-improve-verifier-packet-range-checks.patch l2tp-purge-socket-queues-in-the-.destruct-callback.patch net-packet-fix-overflow-in-check-for-tp_frame_nr.patch net-packet-fix-overflow-in-check-for-tp_reserve.patch |