Hi Greg,
On Mon, Jul 24, 2023 at 03:42:18PM GMT, Eduard Zingerman wrote:
[ Upstream commit be2ef8161572ec1973124ebc50f56dafc2925e07 ]
...
--- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c
...
@@ -2670,6 +2679,11 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx, */ if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL && insn->imm == 0) return -ENOTSUPP;
/* BPF helpers that invoke callback subprogs are* equivalent to BPF_PSEUDO_CALL above*/if (insn->src_reg == 0 && is_callback_calling_function(insn->imm))return -ENOTSUPP; /* regular helper call sets R0 */ *reg_mask &= ~1; if (*reg_mask & 0x3f) {
Looks like the above hunk is slightly misplaced.
In master the lines are added _before_ the BPF_PSEUDO_KFUNC_CALL check, resulting in deviation from upstream as well as interfering with backporting of commit be2ef8161572 ("bpf: allow precision tracking for programs with subprogs") to stable v6.1.
What would be the suggested action here? 1. Send a updated version of the whole be2ef8161572 patch to stable 2. Send a minimal refresh patch like the one found in this email to stable 3. Adapt to this deviation in my backport of commit be2ef8161572 for stable
Shung-Hsi
...
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 5d4510fb2be7..227dc10f6baa 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2673,17 +2673,17 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx, if (opcode == BPF_CALL) { if (insn->src_reg == BPF_PSEUDO_CALL) return -ENOTSUPP; + /* BPF helpers that invoke callback subprogs are + * equivalent to BPF_PSEUDO_CALL above + */ + if (insn->src_reg == 0 && is_callback_calling_function(insn->imm)) + return -ENOTSUPP; /* kfunc with imm==0 is invalid and fixup_kfunc_call will * catch this error later. Make backtracking conservative * with ENOTSUPP. */ if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL && insn->imm == 0) return -ENOTSUPP; - /* BPF helpers that invoke callback subprogs are - * equivalent to BPF_PSEUDO_CALL above - */ - if (insn->src_reg == 0 && is_callback_calling_function(insn->imm)) - return -ENOTSUPP; /* regular helper call sets R0 */ *reg_mask &= ~1; if (*reg_mask & 0x3f) {