android/android_kernel_samsung_sm8650
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
02f444ba07
android_kernel_samsung_sm8650/kernel
History
Jiri Olsa ec46fe0ac7 UPSTREAM: bpf: Fix prog_array_map_poke_run map poke update 
commit 4b7de801606e504e69689df71475d27e35336fb3 upstream.

Lee pointed out issue found by syscaller [0] hitting BUG in prog array
map poke update in prog_array_map_poke_run function due to error value
returned from bpf_arch_text_poke function.

There's race window where bpf_arch_text_poke can fail due to missing
bpf program kallsym symbols, which is accounted for with check for
-EINVAL in that BUG_ON call.

The problem is that in such case we won't update the tail call jump
and cause imbalance for the next tail call update check which will
fail with -EBUSY in bpf_arch_text_poke.

I'm hitting following race during the program load:

  CPU 0                             CPU 1

  bpf_prog_load
    bpf_check
      do_misc_fixups
        prog_array_map_poke_track

                                    map_update_elem
                                      bpf_fd_array_map_update_elem
                                        prog_array_map_poke_run

                                          bpf_arch_text_poke returns -EINVAL

    bpf_prog_kallsyms_add

After bpf_arch_text_poke (CPU 1) fails to update the tail call jump, the next
poke update fails on expected jump instruction check in bpf_arch_text_poke
with -EBUSY and triggers the BUG_ON in prog_array_map_poke_run.

Similar race exists on the program unload.

Fixing this by moving the update to bpf_arch_poke_desc_update function which
makes sure we call __bpf_arch_text_poke that skips the bpf address check.

Each architecture has slightly different approach wrt looking up bpf address
in bpf_arch_text_poke, so instead of splitting the function or adding new
'checkip' argument in previous version, it seems best to move the whole
map_poke_run update as arch specific code.

  [0] https://syzkaller.appspot.com/bug?extid=97a4fe20470e9bc30810

Bug: 309551558
Fixes: ebf7d1f508 ("bpf, x64: rework pro/epilogue and tailcall handling in JIT")
Reported-by: syzbot+97a4fe20470e9bc30810@syzkaller.appspotmail.com
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Cc: Lee Jones <lee@kernel.org>
Cc: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Link: https://lore.kernel.org/bpf/20231206083041.1306660-2-jolsa@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 57a6b0a464)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I251c3da579e5d48cd7de4043913fd42d0671d6b5
2024-01-08 17:00:17 +00:00
..
bpf UPSTREAM: bpf: Fix prog_array_map_poke_run map poke update 2024-01-08 17:00:17 +00:00
cgroup Merge branch 'android14-6.1' into branch 'android14-6.1-lts' 2023-10-31 17:20:05 +00:00
configs Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
debug mm: remove vmacache 2022-09-26 19:46:18 -07:00
dma ANDROID: Export functions to be used with dma_map_ops in modules 2024-01-03 20:45:29 +00:00
entry entry/rcu: Check TIF_RESCHED _after_ delayed RCU wake-up 2023-03-30 12:49:13 +02:00
events Merge 6.1.45 into android14-6.1-lts 2023-09-13 19:32:45 +00:00
futex ANDROID: vendor_hooks: Add hooks for futex 2023-05-11 05:22:29 +00:00
gcov gcov: add support for checksum field 2022-12-31 13:33:11 +01:00
irq Merge 6.1.31 into android14-6.1-lts 2023-06-13 20:43:51 +00:00
kcsan kcsan: Don't expect 64 bits atomic builtins from 32 bits architectures 2023-07-19 16:21:37 +02:00
livepatch Livepatching changes for 6.1 2022-10-10 11:36:19 -07:00
locking ANDROID: vendor_hooks: Add hooks for rt_mutex steal 2023-12-25 15:22:46 +08:00
module Merge 6.1.52 into android14-6.1-lts 2023-09-18 09:55:23 +00:00
power UPSTREAM: PM: hibernate: Fix copying the zero bitmap to safe pages 2023-11-27 17:04:26 +00:00
printk Merge 6.1.55 into android14-6.1-lts 2023-10-26 18:58:32 +00:00
rcu rcuscale: Move rcu_scale_writer() schedule_timeout_uninterruptible() to _idle() 2023-09-23 11:11:00 +02:00
sched ANDROID: sched: Export symbols for vendor modules 2024-01-05 18:06:32 +00:00
time This is the 6.1.53 stable release 2023-09-18 09:57:37 +00:00
trace This is the 6.1.57 stable release 2023-11-02 07:05:54 +00:00
.gitignore ANDROID: add more gki_module headers to .gitignore file 2023-06-09 13:11:58 +00:00
acct.c acct: fix potential integer overflow in encode_comp_t() 2022-12-31 13:32:58 +01:00
async.c Revert "module, async: async_synchronize_full() on module init iff async is used" 2022-02-03 11:20:34 -08:00
audit_fsnotify.c audit: fix potential double free on error path from fsnotify_add_inode_mark 2022-08-22 18:50:06 -04:00
audit_tree.c audit: use fsnotify group lock helpers 2022-04-25 14:37:28 +02:00
audit_watch.c audit_init_parent(): constify path 2022-09-01 17:39:30 -04:00
audit.c audit: use time_after to compare time 2022-08-29 19:47:03 -04:00
audit.h audit: remove selinux_audit_rule_update() declaration 2022-09-07 11:30:15 -04:00
auditfilter.c
auditsc.c audit: fix possible soft lockup in __audit_inode_child() 2023-09-13 09:42:42 +02:00
backtracetest.c
bounds.c mm: multi-gen LRU: minimal implementation 2022-09-26 19:46:09 -07:00
capability.c xfs: don't generate selinux audit messages for capability testing 2022-03-09 10:32:06 -08:00
cfi.c cfi: Switch to -fsanitize=kcfi 2022-09-26 10:13:13 -07:00
compat.c sched_getaffinity: don't assume 'cpumask_size()' is fully initialized 2023-04-06 12:10:40 +02:00
configs.c
context_tracking.c context_tracking: Fix noinstr vs KASAN 2023-03-10 09:33:45 +01:00
cpu_pm.c context_tracking: Take IRQ eqs entrypoints over RCU 2022-07-05 13:32:59 -07:00
cpu.c cpu/hotplug: Prevent self deadlock on CPU hot-unplug 2023-09-13 09:43:00 +02:00
crash_core.c vmcoreinfo: add kallsyms_num_syms symbol 2022-08-28 14:02:44 -07:00
crash_dump.c
cred.c ANDROID: kernel: Add restricted vendor hook in creds 2023-04-18 19:28:00 +00:00
delayacct.c delayacct: support re-entrance detection of thrashing accounting 2022-09-26 19:46:07 -07:00
dma.c
exec_domain.c
exit.c ANDROID: vendor_hooks: Add hooks for waking up and exiting control 2023-08-25 18:32:06 +00:00
extable.c context_tracking: Take NMI eqs entrypoints over RCU 2022-07-05 13:32:59 -07:00
fail_function.c kernel/fail_function: fix memory leak with using debugfs_lookup() 2023-03-11 13:55:39 +01:00
fork.c BACKPORT: FROMGIT fork: use __mt_dup() to duplicate maple tree in dup_mmap() 2024-01-04 22:44:38 +00:00
freezer.c FROMGIT: freezer,sched: clean saved_state when restoring it during thaw 2023-11-29 20:08:28 +00:00
gen_kheaders.sh FROMLIST: kheaders: dereferences the source tree 2023-06-23 09:09:00 +00:00
groups.c security: Add LSM hook to setgroups() syscall 2022-07-15 18:21:49 +00:00
hung_task.c ANDROID: hung_task: Add vendor hook for hung task detect 2023-01-30 11:14:35 +08:00
iomem.c
irq_work.c Linux 5.18-rc3 2022-04-18 08:32:59 +02:00
jump_label.c jump_label: make initial NOP patching the special case 2022-06-24 09:48:55 +02:00
kallsyms_internal.h kallsyms: Improve the performance of kallsyms_lookup_name() 2023-07-27 08:50:39 +02:00
kallsyms.c kallsyms: Fix kallsyms_selftest failure 2023-09-02 09:16:19 +02:00
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt Revert "signal, x86: Delay calling signals in atomic on RT enabled kernels" 2022-03-31 10:36:55 +02:00
kcov.c UPSTREAM: mm: replace vma->vm_flags direct modifications with modifier calls 2023-06-07 14:24:57 +00:00
kexec_core.c kexec: fix a memory leak in crash_shrink_memory() 2023-07-19 16:21:08 +02:00
kexec_elf.c
kexec_file.c kexec: support purgatories with .text.hot sections 2023-06-21 16:00:55 +02:00
kexec_internal.h panic, kexec: make __crash_kexec() NMI safe 2022-09-11 21:55:06 -07:00
kexec.c panic, kexec: make __crash_kexec() NMI safe 2022-09-11 21:55:06 -07:00
kheaders.c kheaders: Use array declaration instead of char 2023-05-11 23:03:02 +09:00
kmod.c
kprobes.c kprobes: Prohibit probing on CFI preamble symbol 2023-09-13 09:42:23 +02:00
ksysfs.c kexec: turn all kexec_mutex acquisitions into trylocks 2022-09-11 21:55:06 -07:00
kthread.c Merge 493ffd6605 ("Merge tag 'ucount-rlimits-cleanups-for-v5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace") into android-mainline 2022-10-12 09:37:52 +02:00
latencytop.c latencytop: use the last element of latency_record of system 2022-09-11 21:55:12 -07:00
Makefile cfi: Fix CFI failure with KASAN 2022-12-31 13:33:08 +01:00
module_signature.c
notifier.c notifier: Add blocking/atomic_notifier_chain_register_unique_prio() 2022-05-19 19:30:30 +02:00
nsproxy.c Revert "fs/exec: allow to unshare a time namespace on vfork+exec" 2022-09-13 10:38:43 -07:00
padata.c padata: Fix list iterator in padata_do_serial() 2022-12-31 13:32:34 +01:00
panic.c panic: Reenable preemption in WARN slowpath 2023-09-23 11:11:09 +02:00
params.c
pid_namespace.c rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes() 2023-03-10 09:32:52 +01:00
pid.c Merge 041bc24d86 ("Merge tag 'pci-v6.1-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci") into android-mainline 2022-10-25 14:52:46 +02:00
profile.c Revert "exit: Remove profile_task_exit & profile_munmap" 2023-03-09 23:13:08 +00:00
ptrace.c freezer,sched: Rewrite core freezer logic 2022-09-07 21:53:50 +02:00
range.c
reboot.c Merge f848b3cda3 ("Merge tag 'pm-6.1-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm") into android-mainline 2022-10-19 17:54:04 +02:00
regset.c
relay.c UPSTREAM: relayfs: fix out-of-bounds access in relay_file_read 2023-07-04 08:29:35 +01:00
resource_kunit.c
resource.c Revert "PCI: Allow drivers to request exclusive config regions" 2023-10-12 12:05:39 +00:00
rseq.c rseq: Use pr_warn_once() when deprecated/unknown ABI flags are encountered 2022-11-14 09:58:32 +01:00
scftorture.c scftorture: Forgive memory-allocation failure if KASAN 2023-09-23 11:11:00 +02:00
scs.c UPSTREAM: scs: add support for dynamic shadow call stacks 2023-05-25 15:37:14 -07:00
seccomp.c seccomp: Add wait_killable semantic to seccomp user notifier 2022-05-03 14:11:58 -07:00
signal.c Merge tag 'android14-6.1.43_r00' into android14-6.1 2023-10-26 17:34:36 +00:00
smp.c bitmap patches for v6.1-rc1 2022-10-10 12:49:34 -07:00
smpboot.c smpboot: use atomic_try_cmpxchg in cpu_wait_death and cpu_report_death 2022-09-11 21:55:10 -07:00
smpboot.h
softirq.c ANDROID: softirq: Add EXPORT_SYMBOL_GPL for softirq and tasklet 2023-11-13 06:49:41 +00:00
stackleak.c stackleak: add on/off stack variants 2022-05-08 01:33:09 -07:00
stacktrace.c Merge ed4643521e ("Merge tag 'arm-dt-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc") into android-mainline 2022-04-05 08:12:56 +02:00
static_call_inline.c static_call: Don't make __static_call_return0 static 2022-04-05 09:59:38 +02:00
static_call.c static_call: Don't make __static_call_return0 static 2022-04-05 09:59:38 +02:00
stop_machine.c ANDROID: sched: allow access to critical common code for CPU Pause 2022-09-21 00:09:57 +00:00
sys_ni.c kernel/sys_ni: add compat entry for fadvise64_64 2022-08-20 15:17:45 -07:00
sys.c Merge b1644a0031 ("drm/rockchip: vop2: Use regcache_sync() to fix suspend/resume") into android14-6.1 2023-05-16 14:19:59 +00:00
sysctl-test.c kernel/sysctl-test: use SYSCTL_{ZERO/ONE_HUNDRED} instead of i_{zero/one_hundred} 2022-09-08 16:56:45 -07:00
sysctl.c proc: proc_skip_spaces() shouldn't think it is working on C strings 2022-12-05 12:09:06 -08:00
task_work.c task_work: use try_cmpxchg in task_work_add, task_work_cancel_match and task_work_run 2022-09-11 21:55:10 -07:00
taskstats.c genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
torture.c torture: Fix hang during kthread shutdown phase 2023-03-10 09:34:07 +01:00
tracepoint.c Merge d4013bc4d4 ("Merge tag 'bitmap-6.1-rc1' of https://github.com/norov/linux") into android-mainline 2022-10-19 13:22:10 +02:00
tsacct.c taskstats: version 12 with thread group and exe info 2022-04-29 14:38:03 -07:00
ucount.c ucounts: Split rlimit and ucount values and max values 2022-05-18 18:24:57 -05:00
uid16.c
uid16.h
umh.c freezer,umh: Fix call_usermode_helper_exec() vs SIGKILL 2023-02-22 12:59:50 +01:00
up.c
user_namespace.c ucounts: Split rlimit and ucount values and max values 2022-10-09 16:24:05 -07:00
user-return-notifier.c
user.c ANDROID: export find_user() & free_uid()for GKI purpose. 2023-05-11 05:22:29 +00:00
usermode_driver.c blob_to_mnt(): kern_unmount() is needed to undo kern_mount() 2022-05-19 23:25:47 -04:00
utsname_sysctl.c kernel/utsname_sysctl.c: Fix hostname polling 2022-10-23 12:01:01 -07:00
utsname.c
watch_queue.c watch_queue: prevent dangling pipe pointer 2023-07-19 16:22:10 +02:00
watchdog_hld.c watchdog/perf: more properly prevent false positives with turbo modes 2023-07-19 16:21:08 +02:00
watchdog.c ANDROID: softlockup: add vendor hook for a softlockup task 2023-03-13 20:34:25 +00:00
workqueue_internal.h
workqueue.c Merge 6.1.40 into android14-6.1-lts 2023-09-05 16:35:01 +00:00