Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Alexei Starovoitov says: ==================== pull-request: bpf 2018-12-15 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) fix liveness propagation of callee saved registers, from Jakub. 2) fix overflow in bpf_jit_limit knob, from Daniel. 3) bpf_flow_dissector api fix, from Stanislav. 4) bpf_perf_event api fix on powerpc, from Sandipan. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
此提交包含在:
David S. Miller
@@ -783,6 +783,7 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
|
||||
/* Pass parameters to the BPF program */
|
||||
cb->qdisc_cb.flow_keys = &flow_keys;
|
||||
flow_keys.nhoff = nhoff;
|
||||
flow_keys.thoff = nhoff;
|
||||
|
||||
bpf_compute_data_pointers((struct sk_buff *)skb);
|
||||
result = BPF_PROG_RUN(attached, skb);
|
||||
@@ -790,9 +791,12 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
|
||||
/* Restore state */
|
||||
memcpy(cb, &cb_saved, sizeof(cb_saved));
|
||||
|
||||
flow_keys.nhoff = clamp_t(u16, flow_keys.nhoff, 0, skb->len);
|
||||
flow_keys.thoff = clamp_t(u16, flow_keys.thoff,
|
||||
flow_keys.nhoff, skb->len);
|
||||
|
||||
__skb_flow_bpf_to_target(&flow_keys, flow_dissector,
|
||||
target_container);
|
||||
key_control->thoff = min_t(u16, key_control->thoff, skb->len);
|
||||
rcu_read_unlock();
|
||||
return result == BPF_OK;
|
||||
}
|
||||
|
||||
@@ -28,6 +28,8 @@ static int two __maybe_unused = 2;
|
||||
static int min_sndbuf = SOCK_MIN_SNDBUF;
|
||||
static int min_rcvbuf = SOCK_MIN_RCVBUF;
|
||||
static int max_skb_frags = MAX_SKB_FRAGS;
|
||||
static long long_one __maybe_unused = 1;
|
||||
static long long_max __maybe_unused = LONG_MAX;
|
||||
|
||||
static int net_msg_warn; /* Unused, but still a sysctl */
|
||||
|
||||
@@ -289,6 +291,17 @@ proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write,
|
||||
|
||||
return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
|
||||
}
|
||||
|
||||
static int
|
||||
proc_dolongvec_minmax_bpf_restricted(struct ctl_table *table, int write,
|
||||
void __user *buffer, size_t *lenp,
|
||||
loff_t *ppos)
|
||||
{
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
return -EPERM;
|
||||
|
||||
return proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
|
||||
}
|
||||
#endif
|
||||
|
||||
static struct ctl_table net_core_table[] = {
|
||||
@@ -398,10 +411,11 @@ static struct ctl_table net_core_table[] = {
|
||||
{
|
||||
.procname = "bpf_jit_limit",
|
||||
.data = &bpf_jit_limit,
|
||||
.maxlen = sizeof(int),
|
||||
.maxlen = sizeof(long),
|
||||
.mode = 0600,
|
||||
.proc_handler = proc_dointvec_minmax_bpf_restricted,
|
||||
.extra1 = &one,
|
||||
.proc_handler = proc_dolongvec_minmax_bpf_restricted,
|
||||
.extra1 = &long_one,
|
||||
.extra2 = &long_max,
|
||||
},
|
||||
#endif
|
||||
{
|
||||
|
||||
新增問題並參考
封鎖使用者