| Message ID | 20231006220655.1653-1-daniel@iogearbox.net (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | a4fe78386afb94780f8e6fcd10a67c4d4dfe4da8 |
| Delegated to: | BPF |
| Headers | show |
| Series | [bpf,1/7] bpf: Fix BPF_PROG_QUERY last field check | expand |
Hello: This series was applied to bpf/bpf.git (master) by Martin KaFai Lau <martin.lau@kernel.org>: On Sat, 7 Oct 2023 00:06:49 +0200 you wrote: > While working on the ebpf-go [0] library integration for bpf_mprog and tcx, > Lorenz noticed that two subsequent BPF_PROG_QUERY requests currently fail. A > typical workflow is to first gather the bpf_mprog count without passing program/ > link arrays, followed by the second request which contains the actual array > pointers. > > The initial call populates count and revision fields. The second call gets > rejected due to a BPF_PROG_QUERY_LAST_FIELD bug which should point to > query.revision instead of query.link_attach_flags since the former is really > the last member. > > [...] Here is the summary with links: - [bpf,1/7] bpf: Fix BPF_PROG_QUERY last field check https://git.kernel.org/bpf/bpf/c/a4fe78386afb - [bpf,2/7] bpf: Handle bpf_mprog_query with NULL entry https://git.kernel.org/bpf/bpf/c/edfa9af0a73e - [bpf,3/7] bpf: Refuse unused attributes in bpf_prog_{attach,detach} https://git.kernel.org/bpf/bpf/c/ba62d61128bd - [bpf,4/7] selftests/bpf: Test bpf_mprog query API via libbpf and raw syscall https://git.kernel.org/bpf/bpf/c/f9b08790fa69 - [bpf,5/7] selftests/bpf: Adapt assert_mprog_count to always expect 0 count https://git.kernel.org/bpf/bpf/c/b77368269dda - [bpf,6/7] selftests/bpf: Test query on empty mprog and pass revision into attach https://git.kernel.org/bpf/bpf/c/685446b0629b - [bpf,7/7] selftests/bpf: Make seen_tc* variable tests more robust https://git.kernel.org/bpf/bpf/c/37345b8535b4 You are awesome, thank you!
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index eb01c31ed591..453a43695a23 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -3913,7 +3913,7 @@ static int bpf_prog_detach(const union bpf_attr *attr) return ret; } -#define BPF_PROG_QUERY_LAST_FIELD query.link_attach_flags +#define BPF_PROG_QUERY_LAST_FIELD query.revision static int bpf_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr)
While working on the ebpf-go [0] library integration for bpf_mprog and tcx, Lorenz noticed that two subsequent BPF_PROG_QUERY requests currently fail. A typical workflow is to first gather the bpf_mprog count without passing program/ link arrays, followed by the second request which contains the actual array pointers. The initial call populates count and revision fields. The second call gets rejected due to a BPF_PROG_QUERY_LAST_FIELD bug which should point to query.revision instead of query.link_attach_flags since the former is really the last member. It was not noticed in libbpf as bpf_prog_query_opts() always calls bpf(2) with an on-stack bpf_attr that is memset() each time (and therefore query.revision was reset to zero). [0] https://ebpf-go.dev Fixes: e420bed02507 ("bpf: Add fd-based tcx multi-prog infra with link support") Reported-by: Lorenz Bauer <lmb@isovalent.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> --- kernel/bpf/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)