Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

Daniel Borkmann says: ==================== pull-request: bpf 2018-04-09 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Two sockmap fixes: i) fix a potential warning when a socket with pending cork data is closed by freeing the memory right when the socket is closed instead of seeing still outstanding memory at garbage collector time, ii) fix a NULL pointer deref in case of duplicates release calls, so make sure to only reset the sk_prot pointer when it's in a valid state to do so, both from John. 2) Fix a compilation warning in bpf_prog_attach_check_attach_type() by moving the function under CONFIG_CGROUP_BPF ifdef since only used there, from Anders. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2018-04-08 19:51:41 -0400
committer: David S. Miller <davem@davemloft.net> 2018-04-08 19:51:41 -0400
commit: 1f1cba787f5b2c03e3d103829cc02a74a7c9110a (patch)
tree: d913d7859536871bdd3ecd10fe100ade6f69b4b5
parent: 4c7c12e0c9b8224170afd974eed9ea032bd7f453 (diff)
parent: 33491588c1fb2c76ed114a211ad0ee76c16b5a0c (diff)
2 files changed, 22 insertions, 14 deletions
diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c
index d2bda5aa25d7..8dd9210d7db7 100644
--- a/kernel/bpf/sockmap.c
+++ b/kernel/bpf/sockmap.c
@@ -182,8 +182,10 @@ static void bpf_tcp_release(struct sock *sk)
                psock->cork = NULL;
        }
-        sk->sk_prot = psock->sk_proto;
+        if (psock->sk_proto) {
-        psock->sk_proto = NULL;
+                sk->sk_prot = psock->sk_proto;
+                psock->sk_proto = NULL;
+        }
 out:
        rcu_read_unlock();
 }
@@ -211,6 +213,12 @@ static void bpf_tcp_close(struct sock *sk, long timeout)
        close_fun = psock->save_close;
        write_lock_bh(&sk->sk_callback_lock);
+        if (psock->cork) {
+                free_start_sg(psock->sock, psock->cork);
+                kfree(psock->cork);
+                psock->cork = NULL;
+        }
        list_for_each_entry_safe(md, mtmp, &psock->ingress, list) {
                list_del(&md->list);
                free_start_sg(psock->sock, md);
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 0244973ee544..4ca46df19c9a 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -1226,18 +1226,6 @@ bpf_prog_load_check_attach_type(enum bpf_prog_type prog_type,
        }
 }
-static int bpf_prog_attach_check_attach_type(const struct bpf_prog *prog,
-                                             enum bpf_attach_type attach_type)
-{
-        switch (prog->type) {
-        case BPF_PROG_TYPE_CGROUP_SOCK:
-        case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:
-                return attach_type == prog->expected_attach_type ? 0 : -EINVAL;
-        default:
-                return 0;
-        }
-}
 /* last field in 'union bpf_attr' used by this command */
 #define BPF_PROG_LOAD_LAST_FIELD expected_attach_type
@@ -1465,6 +1453,18 @@ out_free_tp:
 #ifdef CONFIG_CGROUP_BPF
+static int bpf_prog_attach_check_attach_type(const struct bpf_prog *prog,
+                                             enum bpf_attach_type attach_type)
+{
+        switch (prog->type) {
+        case BPF_PROG_TYPE_CGROUP_SOCK:
+        case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:
+                return attach_type == prog->expected_attach_type ? 0 : -EINVAL;
+        default:
+                return 0;
+        }
+}
 #define BPF_PROG_ATTACH_LAST_FIELD attach_flags
 static int sockmap_get_from_fd(const union bpf_attr *attr,
author	David S. Miller <davem@davemloft.net>	2018-04-08 19:51:41 -0400
committer	David S. Miller <davem@davemloft.net>	2018-04-08 19:51:41 -0400
commit	1f1cba787f5b2c03e3d103829cc02a74a7c9110a (patch)
tree	d913d7859536871bdd3ecd10fe100ade6f69b4b5
parent	4c7c12e0c9b8224170afd974eed9ea032bd7f453 (diff)
parent	33491588c1fb2c76ed114a211ad0ee76c16b5a0c (diff)