microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/kernel/bpf
История
Jakub Sitnicki 11e8ecc5b8 bpf: Allow delete from sockmap/sockhash only if update is allowed 
[ Upstream commit 98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d ]

We have seen an influx of syzkaller reports where a BPF program attached to
a tracepoint triggers a locking rule violation by performing a map_delete
on a sockmap/sockhash.

We don't intend to support this artificial use scenario. Extend the
existing verifier allowed-program-type check for updating sockmap/sockhash
to also cover deleting from a map.

From now on only BPF programs which were previously allowed to update
sockmap/sockhash can delete from these map types.

Fixes: ff9105993240 ("bpf, sockmap: Prevent lock inversion deadlock in map delete elem")
Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Reported-by: syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com
Acked-by: John Fastabend <john.fastabend@gmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=ec941d6e24f633a59172
Link: https://lore.kernel.org/bpf/20240527-sockmap-verify-deletes-v1-1-944b372f2101@cloudflare.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-06-16 13:39:50 +02:00
..
preload libbpf: Move BPF_SEQ_PRINTF and BPF_SNPRINTF to bpf_helpers.h 2021-05-26 10:45:41 -07:00
Kconfig sock_map: Relax config dependency to CONFIG_NET 2021-07-15 18:17:49 -07:00
Makefile bpf: Enable task local storage for tracing programs 2021-02-26 11:51:47 -08:00
arraymap.c bpf: Add map and need_defer parameters to .map_fd_put_ptr() 2024-02-23 08:54:42 +01:00
bpf_inode_storage.c bpf: Fix spelling mistakes 2021-05-24 21:13:05 -07:00
bpf_iter.c bpf: Refactor BPF_PROG_RUN into a function 2021-08-17 00:45:07 +02:00
bpf_local_storage.c bpf: Annotate data races in bpf_local_storage 2023-05-24 17:36:44 +01:00
bpf_lru_list.c bpf: Address KCSAN report on bpf_lru_list 2024-03-01 13:21:55 +01:00
bpf_lru_list.h bpf: Address KCSAN report on bpf_lru_list 2024-03-01 13:21:55 +01:00
bpf_lsm.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-06-17 11:54:56 -07:00
bpf_struct_ops.c bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog 2021-09-14 11:09:50 -07:00
bpf_struct_ops_types.h bpf: tcp: Support tcp_congestion_ops in bpf 2020-01-09 08:46:18 -08:00
bpf_task_storage.c bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy 2022-10-26 12:34:41 +02:00
btf.c bpf: Generalize check_ctx_reg for reuse with other types 2024-04-27 17:05:23 +02:00
cgroup.c bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen 2023-07-23 13:46:49 +02:00
core.c bpf: Detect IP == ksym.end as part of BPF program 2023-11-28 16:56:15 +00:00
cpumap.c xdp: Move conversion to xdp_frame out of map functions 2024-05-17 11:50:47 +02:00
devmap.c xdp: Move conversion to xdp_frame out of map functions 2024-05-17 11:50:47 +02:00
disasm.c bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause 2021-09-02 14:49:23 +02:00
disasm.h bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause 2021-09-02 14:49:23 +02:00
dispatcher.c bpf: Remove bpf_image tree 2020-03-13 12:49:52 -07:00
hashtab.c bpf: Fix hashtab overflow check on 32-bit arches 2024-03-26 18:21:22 -04:00
helpers.c bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly 2024-03-26 18:21:19 -04:00
inode.c bpf: Fix mount source show for bpffs 2022-01-27 11:05:26 +01:00
local_storage.c bpf: Increase supported cgroup storage value size 2021-07-27 15:59:29 -07:00
lpm_trie.c bpf, lpm: Fix check prefixlen before walking trie 2024-01-25 14:52:36 -08:00
map_in_map.c bpf: Defer the free of inner map when necessary 2024-03-26 18:21:12 -04:00
map_in_map.h bpf: Add map and need_defer parameters to .map_fd_put_ptr() 2024-02-23 08:54:42 +01:00
map_iter.c bpf: Introduce MEM_RDONLY flag 2022-05-01 17:22:24 +02:00
net_namespace.c bpf: Add support for forced LINK_DETACH command 2020-08-01 20:38:28 -07:00
offload.c bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and PERF_BPF_EVENT_PROG_UNLOAD 2023-01-24 07:22:46 +01:00
percpu_freelist.c bpf: Initialize same number of free nodes for each pcpu_freelist 2022-11-26 09:24:38 +01:00
percpu_freelist.h bpf: Use raw_spin_trylock() for pcpu_freelist_push/pop in NMI 2020-10-06 00:04:11 +02:00
prog_iter.c bpf: Refactor bpf_iter_reg to have separate seq_info member 2020-07-25 20:16:32 -07:00
queue_stack_maps.c bpf: Avoid deadlock when using queue and stack maps from NMI 2023-10-06 13:18:04 +02:00
reuseport_array.c bpf: Fix spelling mistakes 2021-05-24 21:13:05 -07:00
ringbuf.c bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem. 2022-05-01 17:22:26 +02:00
stackmap.c bpf: Fix stackmap overflow check on 32-bit arches 2024-03-26 18:21:22 -04:00
syscall.c bpf: Defer the free of inner map when necessary 2024-03-26 18:21:12 -04:00
sysfs_btf.c bpf: Load and verify kernel module BTFs 2020-11-10 15:25:53 -08:00
task_iter.c bpf: Consolidate task_struct BTF_ID declarations 2021-08-25 10:37:05 -07:00
tnum.c bpf, tnums: Provably sound, faster, and more precise algorithm for tnum_mul 2021-06-01 13:34:15 +02:00
trampoline.c bpf: Fix potential array overflow in bpf_trampoline_get_progs() 2022-06-06 08:43:42 +02:00
verifier.c bpf: Allow delete from sockmap/sockhash only if update is allowed 2024-06-16 13:39:50 +02:00