SHA256
1
0
forked from pool/iproute2

Accepting request 815490 from home:dirkmueller:branches:security:netfilter

- remove bpf-bss-section-poc.patch, bpf-data-section-support-poc.patch:
  * these patches should be obsolete with cilium 1.7 and they never
  went upstream, so we can drop it (jsc#SLE-9813)

OBS-URL: https://build.opensuse.org/request/show/815490
OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iproute2?expand=0&rev=197
This commit is contained in:
Jan Engelhardt 2020-06-17 12:24:09 +00:00 committed by Git OBS Bridge
parent 8e8ed4dc25
commit 4cf4b5fea2
4 changed files with 7 additions and 219 deletions

View File

@ -1,106 +0,0 @@
From: Joe Stringer <joe@wand.net.nz>
Subject: bpf: bss section poc
Patch-mainline: No, status unknown, seems to be implemented in libbpf instead
References: none
The .bss section denotes uninitialized data, which is for instance what
clang will generate if a static variable is set to zero by default.
Teach the bpf library about .bss so that such variables can be properly
initialized.
Signed-off-by: Joe Stringer <joe@wand.net.nz>
---
lib/bpf.c | 37 +++++++++++++++++++++++++++++++++++--
1 file changed, 35 insertions(+), 2 deletions(-)
--- a/lib/bpf.c
+++ b/lib/bpf.c
@@ -1164,6 +1164,7 @@ struct bpf_elf_ctx {
int sec_text;
int sec_btf;
int sec_data;
+ int sec_bss;
char license[ELF_MAX_LICENSE_LEN];
enum bpf_prog_type type;
__u32 ifindex;
@@ -2068,6 +2069,14 @@ static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section,
return 0;
}
+static int bpf_fetch_bss(struct bpf_elf_ctx *ctx, int section,
+ struct bpf_elf_sec_data *data)
+{
+ ctx->sec_bss = section;
+ ctx->sec_done[section] = true;
+ return 0;
+}
+
static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx)
{
fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n",
@@ -2286,6 +2295,11 @@ static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx)
return ctx->sec_data;
}
+static bool bpf_has_bss_data(const struct bpf_elf_ctx *ctx)
+{
+ return ctx->sec_bss;
+}
+
static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
{
struct bpf_elf_sec_data data;
@@ -2310,6 +2324,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
else if (data.sec_hdr.sh_type == SHT_PROGBITS &&
!strcmp(data.sec_name, ".data"))
ret = bpf_fetch_data(ctx, i, &data);
+ else if (data.sec_hdr.sh_type == SHT_NOBITS &&
+ !strcmp(data.sec_name, ".bss"))
+ ret = bpf_fetch_bss(ctx, i, &data);
else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
!strcmp(data.sec_name, ".symtab"))
ret = bpf_fetch_symtab(ctx, i, &data);
@@ -2438,6 +2455,19 @@ static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *pro
return 0;
}
+static int bpf_apply_relo_bss(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
+ GElf_Rel *relo, GElf_Sym *sym,
+ struct bpf_relo_props *props)
+{
+ unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn);
+
+ if (insn_off >= prog->insns_num)
+ return -EINVAL;
+
+ prog->insns[insn_off].imm = 0;
+ return 0;
+}
+
static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
GElf_Rel *relo, GElf_Sym *sym,
struct bpf_relo_props *props)
@@ -2494,10 +2524,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props);
else if (sym.st_shndx == ctx->sec_data)
ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props);
+ else if (sym.st_shndx == ctx->sec_bss)
+ ret = bpf_apply_relo_bss(ctx, prog, &relo, &sym, props);
else if (sym.st_shndx == ctx->sec_text)
ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props);
else
- fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
+ fprintf(stderr, "ELF contains non-{bss,call,data,map} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
relo_ent, sym.st_shndx);
if (ret < 0)
return ret;
@@ -2593,7 +2625,8 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
return ret;
}
- if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx))
+ if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) ||
+ bpf_has_glob_data(ctx) || bpf_has_bss_data(ctx))
ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog);
if (ret < 0 && !lderr)
ret = bpf_fetch_prog(ctx, section, &sseen);

View File

@ -1,111 +0,0 @@
From: Daniel Borkmann <daniel@iogearbox.net>
Subject: bpf: data section support poc
Patch-mainline: No, status unknown, seems to be implemented in libbpf instead
References: none
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
lib/bpf.c | 40 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 38 insertions(+), 2 deletions(-)
--- a/lib/bpf.c
+++ b/lib/bpf.c
@@ -1147,6 +1147,7 @@ struct bpf_elf_ctx {
Elf_Data *sym_tab;
Elf_Data *str_tab;
Elf_Data *btf_data;
+ Elf_Data *glo_data;
char obj_uid[64];
int obj_fd;
int btf_fd;
@@ -1162,6 +1163,7 @@ struct bpf_elf_ctx {
int sec_maps;
int sec_text;
int sec_btf;
+ int sec_data;
char license[ELF_MAX_LICENSE_LEN];
enum bpf_prog_type type;
__u32 ifindex;
@@ -2057,6 +2059,15 @@ static int bpf_fetch_text(struct bpf_elf_ctx *ctx, int section,
return 0;
}
+static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section,
+ struct bpf_elf_sec_data *data)
+{
+ ctx->sec_data = section;
+ ctx->glo_data = data->sec_data;
+ ctx->sec_done[section] = true;
+ return 0;
+}
+
static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx)
{
fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n",
@@ -2270,6 +2281,11 @@ static bool bpf_has_call_data(const struct bpf_elf_ctx *ctx)
return ctx->sec_text;
}
+static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx)
+{
+ return ctx->sec_data;
+}
+
static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
{
struct bpf_elf_sec_data data;
@@ -2291,6 +2307,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
!strcmp(data.sec_name, ".text") &&
check_text_sec)
ret = bpf_fetch_text(ctx, i, &data);
+ else if (data.sec_hdr.sh_type == SHT_PROGBITS &&
+ !strcmp(data.sec_name, ".data"))
+ ret = bpf_fetch_data(ctx, i, &data);
else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
!strcmp(data.sec_name, ".symtab"))
ret = bpf_fetch_symtab(ctx, i, &data);
@@ -2404,6 +2423,21 @@ static int bpf_apply_relo_map(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog
return 0;
}
+static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
+ GElf_Rel *relo, GElf_Sym *sym,
+ struct bpf_relo_props *props)
+{
+ unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn);
+ int *data;
+
+ if (insn_off >= prog->insns_num)
+ return -EINVAL;
+
+ data = ctx->glo_data->d_buf + sym->st_value;
+ prog->insns[insn_off].imm = *data;
+ return 0;
+}
+
static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
GElf_Rel *relo, GElf_Sym *sym,
struct bpf_relo_props *props)
@@ -2458,10 +2492,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
if (sym.st_shndx == ctx->sec_maps)
ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props);
+ else if (sym.st_shndx == ctx->sec_data)
+ ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props);
else if (sym.st_shndx == ctx->sec_text)
ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props);
else
- fprintf(stderr, "ELF contains non-{map,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
+ fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
relo_ent, sym.st_shndx);
if (ret < 0)
return ret;
@@ -2557,7 +2593,7 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
return ret;
}
- if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx))
+ if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx))
ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog);
if (ret < 0 && !lderr)
ret = bpf_fetch_prog(ctx, section, &sseen);

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Jun 17 10:50:43 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- remove bpf-bss-section-poc.patch, bpf-data-section-support-poc.patch:
* these patches should be obsolete with cilium 1.7 and they never
went upstream, so we can drop it (jsc#SLE-9813)
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 3 19:39:59 UTC 2020 - Jan Engelhardt <jengelh@inai.de> Wed Jun 3 19:39:59 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

View File

@ -35,8 +35,6 @@ Patch2: use-sysconf-_SC_CLK_TCK-if-HZ-undefined.patch
Patch3: add-explicit-typecast-to-avoid-gcc-warning.patch Patch3: add-explicit-typecast-to-avoid-gcc-warning.patch
Patch4: xfrm-support-displaying-transformations-used-for-Mob.patch Patch4: xfrm-support-displaying-transformations-used-for-Mob.patch
Patch6: split-link-and-compile-steps-for-binaries.patch Patch6: split-link-and-compile-steps-for-binaries.patch
Patch201: bpf-data-section-support-poc.patch
Patch202: bpf-bss-section-poc.patch
BuildRequires: bison BuildRequires: bison
BuildRequires: db-devel BuildRequires: db-devel
BuildRequires: fdupes BuildRequires: fdupes