forked from pool/iproute2
Accepting request 815490 from home:dirkmueller:branches:security:netfilter
- remove bpf-bss-section-poc.patch, bpf-data-section-support-poc.patch: * these patches should be obsolete with cilium 1.7 and they never went upstream, so we can drop it (jsc#SLE-9813) OBS-URL: https://build.opensuse.org/request/show/815490 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iproute2?expand=0&rev=197
This commit is contained in:
parent
8e8ed4dc25
commit
4cf4b5fea2
@ -1,106 +0,0 @@
|
||||
From: Joe Stringer <joe@wand.net.nz>
|
||||
Subject: bpf: bss section poc
|
||||
Patch-mainline: No, status unknown, seems to be implemented in libbpf instead
|
||||
References: none
|
||||
|
||||
The .bss section denotes uninitialized data, which is for instance what
|
||||
clang will generate if a static variable is set to zero by default.
|
||||
Teach the bpf library about .bss so that such variables can be properly
|
||||
initialized.
|
||||
|
||||
Signed-off-by: Joe Stringer <joe@wand.net.nz>
|
||||
---
|
||||
lib/bpf.c | 37 +++++++++++++++++++++++++++++++++++--
|
||||
1 file changed, 35 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/lib/bpf.c
|
||||
+++ b/lib/bpf.c
|
||||
@@ -1164,6 +1164,7 @@ struct bpf_elf_ctx {
|
||||
int sec_text;
|
||||
int sec_btf;
|
||||
int sec_data;
|
||||
+ int sec_bss;
|
||||
char license[ELF_MAX_LICENSE_LEN];
|
||||
enum bpf_prog_type type;
|
||||
__u32 ifindex;
|
||||
@@ -2068,6 +2069,14 @@ static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int bpf_fetch_bss(struct bpf_elf_ctx *ctx, int section,
|
||||
+ struct bpf_elf_sec_data *data)
|
||||
+{
|
||||
+ ctx->sec_bss = section;
|
||||
+ ctx->sec_done[section] = true;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx)
|
||||
{
|
||||
fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n",
|
||||
@@ -2286,6 +2295,11 @@ static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx)
|
||||
return ctx->sec_data;
|
||||
}
|
||||
|
||||
+static bool bpf_has_bss_data(const struct bpf_elf_ctx *ctx)
|
||||
+{
|
||||
+ return ctx->sec_bss;
|
||||
+}
|
||||
+
|
||||
static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
|
||||
{
|
||||
struct bpf_elf_sec_data data;
|
||||
@@ -2310,6 +2324,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
|
||||
else if (data.sec_hdr.sh_type == SHT_PROGBITS &&
|
||||
!strcmp(data.sec_name, ".data"))
|
||||
ret = bpf_fetch_data(ctx, i, &data);
|
||||
+ else if (data.sec_hdr.sh_type == SHT_NOBITS &&
|
||||
+ !strcmp(data.sec_name, ".bss"))
|
||||
+ ret = bpf_fetch_bss(ctx, i, &data);
|
||||
else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
|
||||
!strcmp(data.sec_name, ".symtab"))
|
||||
ret = bpf_fetch_symtab(ctx, i, &data);
|
||||
@@ -2438,6 +2455,19 @@ static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *pro
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int bpf_apply_relo_bss(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
|
||||
+ GElf_Rel *relo, GElf_Sym *sym,
|
||||
+ struct bpf_relo_props *props)
|
||||
+{
|
||||
+ unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn);
|
||||
+
|
||||
+ if (insn_off >= prog->insns_num)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
+ prog->insns[insn_off].imm = 0;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
|
||||
GElf_Rel *relo, GElf_Sym *sym,
|
||||
struct bpf_relo_props *props)
|
||||
@@ -2494,10 +2524,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
|
||||
ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props);
|
||||
else if (sym.st_shndx == ctx->sec_data)
|
||||
ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props);
|
||||
+ else if (sym.st_shndx == ctx->sec_bss)
|
||||
+ ret = bpf_apply_relo_bss(ctx, prog, &relo, &sym, props);
|
||||
else if (sym.st_shndx == ctx->sec_text)
|
||||
ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props);
|
||||
else
|
||||
- fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
|
||||
+ fprintf(stderr, "ELF contains non-{bss,call,data,map} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
|
||||
relo_ent, sym.st_shndx);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
@@ -2593,7 +2625,8 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
|
||||
return ret;
|
||||
}
|
||||
|
||||
- if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx))
|
||||
+ if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) ||
|
||||
+ bpf_has_glob_data(ctx) || bpf_has_bss_data(ctx))
|
||||
ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog);
|
||||
if (ret < 0 && !lderr)
|
||||
ret = bpf_fetch_prog(ctx, section, &sseen);
|
@ -1,111 +0,0 @@
|
||||
From: Daniel Borkmann <daniel@iogearbox.net>
|
||||
Subject: bpf: data section support poc
|
||||
Patch-mainline: No, status unknown, seems to be implemented in libbpf instead
|
||||
References: none
|
||||
|
||||
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
||||
---
|
||||
lib/bpf.c | 40 ++++++++++++++++++++++++++++++++++++++--
|
||||
1 file changed, 38 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/lib/bpf.c
|
||||
+++ b/lib/bpf.c
|
||||
@@ -1147,6 +1147,7 @@ struct bpf_elf_ctx {
|
||||
Elf_Data *sym_tab;
|
||||
Elf_Data *str_tab;
|
||||
Elf_Data *btf_data;
|
||||
+ Elf_Data *glo_data;
|
||||
char obj_uid[64];
|
||||
int obj_fd;
|
||||
int btf_fd;
|
||||
@@ -1162,6 +1163,7 @@ struct bpf_elf_ctx {
|
||||
int sec_maps;
|
||||
int sec_text;
|
||||
int sec_btf;
|
||||
+ int sec_data;
|
||||
char license[ELF_MAX_LICENSE_LEN];
|
||||
enum bpf_prog_type type;
|
||||
__u32 ifindex;
|
||||
@@ -2057,6 +2059,15 @@ static int bpf_fetch_text(struct bpf_elf_ctx *ctx, int section,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section,
|
||||
+ struct bpf_elf_sec_data *data)
|
||||
+{
|
||||
+ ctx->sec_data = section;
|
||||
+ ctx->glo_data = data->sec_data;
|
||||
+ ctx->sec_done[section] = true;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx)
|
||||
{
|
||||
fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n",
|
||||
@@ -2270,6 +2281,11 @@ static bool bpf_has_call_data(const struct bpf_elf_ctx *ctx)
|
||||
return ctx->sec_text;
|
||||
}
|
||||
|
||||
+static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx)
|
||||
+{
|
||||
+ return ctx->sec_data;
|
||||
+}
|
||||
+
|
||||
static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
|
||||
{
|
||||
struct bpf_elf_sec_data data;
|
||||
@@ -2291,6 +2307,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
|
||||
!strcmp(data.sec_name, ".text") &&
|
||||
check_text_sec)
|
||||
ret = bpf_fetch_text(ctx, i, &data);
|
||||
+ else if (data.sec_hdr.sh_type == SHT_PROGBITS &&
|
||||
+ !strcmp(data.sec_name, ".data"))
|
||||
+ ret = bpf_fetch_data(ctx, i, &data);
|
||||
else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
|
||||
!strcmp(data.sec_name, ".symtab"))
|
||||
ret = bpf_fetch_symtab(ctx, i, &data);
|
||||
@@ -2404,6 +2423,21 @@ static int bpf_apply_relo_map(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
|
||||
+ GElf_Rel *relo, GElf_Sym *sym,
|
||||
+ struct bpf_relo_props *props)
|
||||
+{
|
||||
+ unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn);
|
||||
+ int *data;
|
||||
+
|
||||
+ if (insn_off >= prog->insns_num)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
+ data = ctx->glo_data->d_buf + sym->st_value;
|
||||
+ prog->insns[insn_off].imm = *data;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
|
||||
GElf_Rel *relo, GElf_Sym *sym,
|
||||
struct bpf_relo_props *props)
|
||||
@@ -2458,10 +2492,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
|
||||
|
||||
if (sym.st_shndx == ctx->sec_maps)
|
||||
ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props);
|
||||
+ else if (sym.st_shndx == ctx->sec_data)
|
||||
+ ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props);
|
||||
else if (sym.st_shndx == ctx->sec_text)
|
||||
ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props);
|
||||
else
|
||||
- fprintf(stderr, "ELF contains non-{map,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
|
||||
+ fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
|
||||
relo_ent, sym.st_shndx);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
@@ -2557,7 +2593,7 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
|
||||
return ret;
|
||||
}
|
||||
|
||||
- if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx))
|
||||
+ if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx))
|
||||
ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog);
|
||||
if (ret < 0 && !lderr)
|
||||
ret = bpf_fetch_prog(ctx, section, &sseen);
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 17 10:50:43 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
||||
|
||||
- remove bpf-bss-section-poc.patch, bpf-data-section-support-poc.patch:
|
||||
* these patches should be obsolete with cilium 1.7 and they never
|
||||
went upstream, so we can drop it (jsc#SLE-9813)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 3 19:39:59 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
|
@ -35,8 +35,6 @@ Patch2: use-sysconf-_SC_CLK_TCK-if-HZ-undefined.patch
|
||||
Patch3: add-explicit-typecast-to-avoid-gcc-warning.patch
|
||||
Patch4: xfrm-support-displaying-transformations-used-for-Mob.patch
|
||||
Patch6: split-link-and-compile-steps-for-binaries.patch
|
||||
Patch201: bpf-data-section-support-poc.patch
|
||||
Patch202: bpf-bss-section-poc.patch
|
||||
BuildRequires: bison
|
||||
BuildRequires: db-devel
|
||||
BuildRequires: fdupes
|
||||
|
Loading…
Reference in New Issue
Block a user