releases/5.6.14/bpf-enforce-returning-0-for-fentry-fexit-progs.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From e92888c72fbdc6f9d07b3b0604c012e81d7c0da7 Mon Sep 17 00:00:00 2001
 From: Yonghong Song <yhs@fb.com>
 Date: Wed, 13 May 2020 22:32:05 -0700
 Subject: bpf: Enforce returning 0 for fentry/fexit progs

 From: Yonghong Song <yhs@fb.com>

 commit e92888c72fbdc6f9d07b3b0604c012e81d7c0da7 upstream.

 Currently, tracing/fentry and tracing/fexit prog
 return values are not enforced. In trampoline codes,
 the fentry/fexit prog return values are ignored.
 Let us enforce it to be 0 to avoid confusion and
 allows potential future extension.

 This patch also explicitly added return value
 checking for tracing/raw_tp, tracing/fmod_ret,
 and freplace programs such that these program
 return values can be anything. The purpose are
 two folds:
  1. to make it explicit about return value expectations
     for these programs in verifier.
  2. for tracing prog_type, if a future attach type
     is added, the default is -ENOTSUPP which will
     enforce to specify return value ranges explicitly.

 Fixes: fec56f5890d9 ("bpf: Introduce BPF trampoline")
 Signed-off-by: Yonghong Song <yhs@fb.com>
 Signed-off-by: Alexei Starovoitov <ast@kernel.org>
 Acked-by: Andrii Nakryiko <andriin@fb.com>
 Link: https://lore.kernel.org/bpf/20200514053206.1298415-1-yhs@fb.com
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  kernel/bpf/verifier.c |   16 ++++++++++++++++
  1 file changed, 16 insertions(+)

 --- a/kernel/bpf/verifier.c
 +++ b/kernel/bpf/verifier.c
 @@ -6498,6 +6498,22 @@ static int check_return_code(struct bpf_
  			return 0;
  		range = tnum_const(0);
  		break;
 +	case BPF_PROG_TYPE_TRACING:
 +		switch (env->prog->expected_attach_type) {
 +		case BPF_TRACE_FENTRY:
 +		case BPF_TRACE_FEXIT:
 +			range = tnum_const(0);
 +			break;
 +		case BPF_TRACE_RAW_TP:
 +			return 0;
 +		default:
 +			return -ENOTSUPP;
 +		}
 +		break;
 +	case BPF_PROG_TYPE_EXT:
 +		/* freplace program can return anything as its return value
 +		 * depends on the to-be-replaced kernel func or bpf program.
 +		 */
  	default:
  		return 0;
  	}
	From e92888c72fbdc6f9d07b3b0604c012e81d7c0da7 Mon Sep 17 00:00:00 2001
	From: Yonghong Song <yhs@fb.com>
	Date: Wed, 13 May 2020 22:32:05 -0700
	Subject: bpf: Enforce returning 0 for fentry/fexit progs

	From: Yonghong Song <yhs@fb.com>

	commit e92888c72fbdc6f9d07b3b0604c012e81d7c0da7 upstream.

	Currently, tracing/fentry and tracing/fexit prog
	return values are not enforced. In trampoline codes,
	the fentry/fexit prog return values are ignored.
	Let us enforce it to be 0 to avoid confusion and
	allows potential future extension.

	This patch also explicitly added return value
	checking for tracing/raw_tp, tracing/fmod_ret,
	and freplace programs such that these program
	return values can be anything. The purpose are
	two folds:
	1. to make it explicit about return value expectations
	for these programs in verifier.
	2. for tracing prog_type, if a future attach type
	is added, the default is -ENOTSUPP which will
	enforce to specify return value ranges explicitly.

	Fixes: fec56f5890d9 ("bpf: Introduce BPF trampoline")
	Signed-off-by: Yonghong Song <yhs@fb.com>
	Signed-off-by: Alexei Starovoitov <ast@kernel.org>
	Acked-by: Andrii Nakryiko <andriin@fb.com>
	Link: https://lore.kernel.org/bpf/20200514053206.1298415-1-yhs@fb.com
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	kernel/bpf/verifier.c \| 16 ++++++++++++++++
	1 file changed, 16 insertions(+)

	--- a/kernel/bpf/verifier.c
	+++ b/kernel/bpf/verifier.c
	@@ -6498,6 +6498,22 @@ static int check_return_code(struct bpf_
	return 0;
	range = tnum_const(0);
	break;
	+ case BPF_PROG_TYPE_TRACING:
	+ switch (env->prog->expected_attach_type) {
	+ case BPF_TRACE_FENTRY:
	+ case BPF_TRACE_FEXIT:
	+ range = tnum_const(0);
	+ break;
	+ case BPF_TRACE_RAW_TP:
	+ return 0;
	+ default:
	+ return -ENOTSUPP;
	+ }
	+ break;
	+ case BPF_PROG_TYPE_EXT:
	+ /* freplace program can return anything as its return value
	+ * depends on the to-be-replaced kernel func or bpf program.
	+ */
	default:
	return 0;
	}