Eric Lee / smarc-fsl-linux-kernel

08 Jun, 2018

2 commits

  • 66e58e0ef   bpfilter: fix race in pipe access ... Browse Code »

    syzbot reported the following crash
    [ 338.293946] bpfilter: read fail -512
    [ 338.304515] kasan: GPF could be caused by NULL-ptr deref or user memory access
    [ 338.311863] general protection fault: 0000 [#1] SMP KASAN
    [ 338.344360] RIP: 0010:__vfs_write+0x4a6/0x960
    [ 338.426363] Call Trace:
    [ 338.456967] __kernel_write+0x10c/0x380
    [ 338.460928] __bpfilter_process_sockopt+0x1d8/0x35b
    [ 338.487103] bpfilter_mbox_request+0x4d/0xb0
    [ 338.491492] bpfilter_ip_get_sockopt+0x6b/0x90

    This can happen when multiple cpus trying to talk to user mode process
    via bpfilter_mbox_request(). One cpu grabs the mutex while another goes to
    sleep on the same mutex. Then former cpu sees that umh pipe is down and
    shuts down the pipes. Later cpu finally acquires the mutex and crashes
    on freed pipe.
    Fix the race by using info.pid as an indicator that umh and pipes are healthy
    and check it after acquiring the mutex.

    Fixes: d2ba09c17a06 ("net: add skeleton of bpfilter kernel module")
    Reported-by: syzbot+7ade6c94abb2774c0fee@syzkaller.appspotmail.com
    Signed-off-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Alexei Starovoitov
     
  • 8d97ca6b6   bpfilter: fix OUTPUT_FORMAT ... Browse Code »

    CONFIG_OUTPUT_FORMAT is x86 only macro.
    Used objdump to extract elf file format.

    Fixes: d2ba09c17a06 ("net: add skeleton of bpfilter kernel module")
    Reported-by: David S. Miller
    Signed-off-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Alexei Starovoitov
     

05 Jun, 2018

1 commit

30 May, 2018

1 commit

  • ae40832e5   bpfilter: fix a build err ... Browse Code »

    gcc-7.3.0 report following err:

    HOSTCC net/bpfilter/main.o
    In file included from net/bpfilter/main.c:9:0:
    ./include/uapi/linux/bpf.h:12:10: fatal error: linux/bpf_common.h: No such file or directory
    #include

    remove it by adding a include path.
    Fixes: d2ba09c17a06 ("net: add skeleton of bpfilter kernel module")

    Signed-off-by: YueHaibing
    Signed-off-by: David S. Miller

    YueHaibing
     

29 May, 2018

1 commit

  • d71dbdaa2   bpfilter: fix building without CONFIG_INET ... Browse Code »

    bpfilter_process_sockopt is a callback that gets called from
    ip_setsockopt() and ip_getsockopt(). However, when CONFIG_INET is
    disabled, it never gets called at all, and assigning a function to the
    callback pointer results in a link failure:

    net/bpfilter/bpfilter_kern.o: In function `__stop_umh':
    bpfilter_kern.c:(.text.unlikely+0x3): undefined reference to `bpfilter_process_sockopt'
    net/bpfilter/bpfilter_kern.o: In function `load_umh':
    bpfilter_kern.c:(.init.text+0x73): undefined reference to `bpfilter_process_sockopt'

    Since there is no caller in this configuration, I assume we can
    simply make the assignment conditional.

    Signed-off-by: Arnd Bergmann
    Signed-off-by: David S. Miller

    Arnd Bergmann
     

24 May, 2018

3 commits

  • 13405468f   bpfilter: don't pass O_CREAT when opening console for debug ... Browse Code »

    Passing O_CREAT (00000100) to open means we should also pass file
    mode as the third parameter. Creating /dev/console as a regular
    file may not be helpful anyway, so simply drop the flag when
    opening debug_fd.

    Fixes: d2ba09c17a06 ("net: add skeleton of bpfilter kernel module")
    Signed-off-by: Jakub Kicinski
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Jakub Kicinski
     
  • 61a552eb4   bpfilter: fix build dependency ... Browse Code »

    BPFILTER could have been enabled without INET causing this build error:
    ERROR: "bpfilter_process_sockopt" [net/bpfilter/bpfilter.ko] undefined!

    Fixes: d2ba09c17a06 ("net: add skeleton of bpfilter kernel module")
    Reported-by: Jakub Kicinski
    Signed-off-by: Alexei Starovoitov
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Alexei Starovoitov
     
  • d2ba09c17   net: add skeleton of bpfilter kernel module ... Browse Code »

    bpfilter.ko consists of bpfilter_kern.c (normal kernel module code)
    and user mode helper code that is embedded into bpfilter.ko

    The steps to build bpfilter.ko are the following:
    - main.c is compiled by HOSTCC into the bpfilter_umh elf executable file
    - with quite a bit of objcopy and Makefile magic the bpfilter_umh elf file
    is converted into bpfilter_umh.o object file
    with _binary_net_bpfilter_bpfilter_umh_start and _end symbols
    Example:
    $ nm ./bld_x64/net/bpfilter/bpfilter_umh.o
    0000000000004cf8 T _binary_net_bpfilter_bpfilter_umh_end
    0000000000004cf8 A _binary_net_bpfilter_bpfilter_umh_size
    0000000000000000 T _binary_net_bpfilter_bpfilter_umh_start
    - bpfilter_umh.o and bpfilter_kern.o are linked together into bpfilter.ko

    bpfilter_kern.c is a normal kernel module code that calls
    the fork_usermode_blob() helper to execute part of its own data
    as a user mode process.

    Notice that _binary_net_bpfilter_bpfilter_umh_start - end
    is placed into .init.rodata section, so it's freed as soon as __init
    function of bpfilter.ko is finished.
    As part of __init the bpfilter.ko does first request/reply action
    via two unix pipe provided by fork_usermode_blob() helper to
    make sure that umh is healthy. If not it will kill it via pid.

    Later bpfilter_process_sockopt() will be called from bpfilter hooks
    in get/setsockopt() to pass iptable commands into umh via bpfilter.ko

    If admin does 'rmmod bpfilter' the __exit code bpfilter.ko will
    kill umh as well.

    Signed-off-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Alexei Starovoitov