BPF fixes:

- Fix a mismatching RCU unlock flavor in bpf_out_neigh_v6 (Jiawei Ye) - Fix BPF sockmap with kTLS to reject vsock and unix sockets upon kTLS context retrieval (Zijian Zhang) - Fix BPF bits iterator selftest for s390x (Hou Tao) Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> -----BEGIN PGP SIGNATURE----- iIsEABYIADMWIQTFp0I1jqZrAX+hPRXbK58LschIgwUCZzQV0BUcZGFuaWVsQGlv Z2VhcmJveC5uZXQACgkQ2yufC7HISIPFywD9Fx9Qc7LdWGmRAmWTqGKSOVPTBC1L eC/uXop6sLqapP0A/1KsLQmntvXhp+gmxzPEBdwAwb7/DvyPCQV19FZ/sIkA =lDzI -----END PGP SIGNATURE----- Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf Pull bpf fixes from Daniel Borkmann: - Fix a mismatching RCU unlock flavor in bpf_out_neigh_v6 (Jiawei Ye) - Fix BPF sockmap with kTLS to reject vsock and unix sockets upon kTLS context retrieval (Zijian Zhang) - Fix BPF bits iterator selftest for s390x (Hou Tao) * tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf: bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx selftests/bpf: Use -4095 as the bad address for bits iterator
2024-12-04 01:24:12 +08:00 · 2024-11-13 09:14:19 -08:00 · 2024-11-13 09:14:19 -08:00 · 9f8e716d46
commit 9f8e716d46
parent c5f4045118 fb86c42a2a
3 changed files with 39 additions and 7 deletions
--- a/include/net/tls.h
+++ b/include/net/tls.h
@ -390,8 +390,12 @@ tls_offload_ctx_tx(const struct tls_context *tls_ctx)
 static inline bool tls_sw_has_ctx_tx(const struct sock *sk)
 {
-	struct tls_context *ctx = tls_get_ctx(sk);
+	struct tls_context *ctx;
 	if (!sk_is_inet(sk) || !inet_test_bit(IS_ICSK, sk))
 		return false;
 	ctx = tls_get_ctx(sk);
 	if (!ctx)
 		return false;
 	return !!tls_sw_ctx_tx(ctx);
@ -399,8 +403,12 @@ static inline bool tls_sw_has_ctx_tx(const struct sock *sk)
 static inline bool tls_sw_has_ctx_rx(const struct sock *sk)
 {
-	struct tls_context *ctx = tls_get_ctx(sk);
+	struct tls_context *ctx;
 	if (!sk_is_inet(sk) || !inet_test_bit(IS_ICSK, sk))
 		return false;
 	ctx = tls_get_ctx(sk);
 	if (!ctx)
 		return false;
 	return !!tls_sw_ctx_rx(ctx);
--- a/net/core/filter.c
+++ b/net/core/filter.c
@ -2249,7 +2249,7 @@ static int bpf_out_neigh_v6(struct net *net, struct sk_buff *skb,
 		rcu_read_unlock();
 		return ret;
 	}
-	rcu_read_unlock_bh();
+	rcu_read_unlock();
 	if (dst)
 		IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
 out_drop:
--- a/tools/testing/selftests/bpf/progs/verifier_bits_iter.c
+++ b/tools/testing/selftests/bpf/progs/verifier_bits_iter.c
@ -57,9 +57,15 @@ __description("null pointer")
 __success __retval(0)
 int null_pointer(void)
 {
-	int nr = 0;
+	struct bpf_iter_bits iter;
 	int err, nr = 0;
 	int *bit;
 	err = bpf_iter_bits_new(&iter, NULL, 1);
 	bpf_iter_bits_destroy(&iter);
 	if (err != -EINVAL)
 		return 1;
 	bpf_for_each(bits, bit, NULL, 1)
 		nr++;
 	return nr;
@ -194,15 +200,33 @@ __description("bad words")
 __success __retval(0)
 int bad_words(void)
 {
-	void *bad_addr = (void *)(3UL << 30);
+	void *bad_addr = (void *)-4095;
-	int nr = 0;
+	struct bpf_iter_bits iter;
 	volatile int nr;
 	int *bit;
 	int err;
 	err = bpf_iter_bits_new(&iter, bad_addr, 1);
 	bpf_iter_bits_destroy(&iter);
 	if (err != -EFAULT)
 		return 1;
 	nr = 0;
 	bpf_for_each(bits, bit, bad_addr, 1)
 		nr++;
 	if (nr != 0)
 		return 2;
 	err = bpf_iter_bits_new(&iter, bad_addr, 4);
 	bpf_iter_bits_destroy(&iter);
 	if (err != -EFAULT)
 		return 3;
 	nr = 0;
 	bpf_for_each(bits, bit, bad_addr, 4)
 		nr++;
 	if (nr != 0)
 		return 4;
-	return nr;
+	return 0;
 }