From 4cf4b5fea29546710bb4d5baabcdbbeb89de28e89eb66465de8327be308a64f0 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 17 Jun 2020 12:24:09 +0000 Subject: [PATCH] Accepting request 815490 from home:dirkmueller:branches:security:netfilter - remove bpf-bss-section-poc.patch, bpf-data-section-support-poc.patch: * these patches should be obsolete with cilium 1.7 and they never went upstream, so we can drop it (jsc#SLE-9813) OBS-URL: https://build.opensuse.org/request/show/815490 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iproute2?expand=0&rev=197 --- bpf-bss-section-poc.patch | 106 --------------------------- bpf-data-section-support-poc.patch | 111 ----------------------------- iproute2.changes | 7 ++ iproute2.spec | 2 - 4 files changed, 7 insertions(+), 219 deletions(-) delete mode 100644 bpf-bss-section-poc.patch delete mode 100644 bpf-data-section-support-poc.patch diff --git a/bpf-bss-section-poc.patch b/bpf-bss-section-poc.patch deleted file mode 100644 index 2244cd3..0000000 --- a/bpf-bss-section-poc.patch +++ /dev/null @@ -1,106 +0,0 @@ -From: Joe Stringer -Subject: bpf: bss section poc -Patch-mainline: No, status unknown, seems to be implemented in libbpf instead -References: none - -The .bss section denotes uninitialized data, which is for instance what -clang will generate if a static variable is set to zero by default. -Teach the bpf library about .bss so that such variables can be properly -initialized. - -Signed-off-by: Joe Stringer ---- - lib/bpf.c | 37 +++++++++++++++++++++++++++++++++++-- - 1 file changed, 35 insertions(+), 2 deletions(-) - ---- a/lib/bpf.c -+++ b/lib/bpf.c -@@ -1164,6 +1164,7 @@ struct bpf_elf_ctx { - int sec_text; - int sec_btf; - int sec_data; -+ int sec_bss; - char license[ELF_MAX_LICENSE_LEN]; - enum bpf_prog_type type; - __u32 ifindex; -@@ -2068,6 +2069,14 @@ static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section, - return 0; - } - -+static int bpf_fetch_bss(struct bpf_elf_ctx *ctx, int section, -+ struct bpf_elf_sec_data *data) -+{ -+ ctx->sec_bss = section; -+ ctx->sec_done[section] = true; -+ return 0; -+} -+ - static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx) - { - fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n", -@@ -2286,6 +2295,11 @@ static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx) - return ctx->sec_data; - } - -+static bool bpf_has_bss_data(const struct bpf_elf_ctx *ctx) -+{ -+ return ctx->sec_bss; -+} -+ - static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec) - { - struct bpf_elf_sec_data data; -@@ -2310,6 +2324,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec) - else if (data.sec_hdr.sh_type == SHT_PROGBITS && - !strcmp(data.sec_name, ".data")) - ret = bpf_fetch_data(ctx, i, &data); -+ else if (data.sec_hdr.sh_type == SHT_NOBITS && -+ !strcmp(data.sec_name, ".bss")) -+ ret = bpf_fetch_bss(ctx, i, &data); - else if (data.sec_hdr.sh_type == SHT_SYMTAB && - !strcmp(data.sec_name, ".symtab")) - ret = bpf_fetch_symtab(ctx, i, &data); -@@ -2438,6 +2455,19 @@ static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *pro - return 0; - } - -+static int bpf_apply_relo_bss(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog, -+ GElf_Rel *relo, GElf_Sym *sym, -+ struct bpf_relo_props *props) -+{ -+ unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn); -+ -+ if (insn_off >= prog->insns_num) -+ return -EINVAL; -+ -+ prog->insns[insn_off].imm = 0; -+ return 0; -+} -+ - static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog, - GElf_Rel *relo, GElf_Sym *sym, - struct bpf_relo_props *props) -@@ -2494,10 +2524,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx, - ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props); - else if (sym.st_shndx == ctx->sec_data) - ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props); -+ else if (sym.st_shndx == ctx->sec_bss) -+ ret = bpf_apply_relo_bss(ctx, prog, &relo, &sym, props); - else if (sym.st_shndx == ctx->sec_text) - ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props); - else -- fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n", -+ fprintf(stderr, "ELF contains non-{bss,call,data,map} related relo data in entry %u pointing to section %u! Compiler bug?!\n", - relo_ent, sym.st_shndx); - if (ret < 0) - return ret; -@@ -2593,7 +2625,8 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section) - return ret; - } - -- if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx)) -+ if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || -+ bpf_has_glob_data(ctx) || bpf_has_bss_data(ctx)) - ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog); - if (ret < 0 && !lderr) - ret = bpf_fetch_prog(ctx, section, &sseen); diff --git a/bpf-data-section-support-poc.patch b/bpf-data-section-support-poc.patch deleted file mode 100644 index 250334e..0000000 --- a/bpf-data-section-support-poc.patch +++ /dev/null @@ -1,111 +0,0 @@ -From: Daniel Borkmann -Subject: bpf: data section support poc -Patch-mainline: No, status unknown, seems to be implemented in libbpf instead -References: none - -Signed-off-by: Daniel Borkmann ---- - lib/bpf.c | 40 ++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 38 insertions(+), 2 deletions(-) - ---- a/lib/bpf.c -+++ b/lib/bpf.c -@@ -1147,6 +1147,7 @@ struct bpf_elf_ctx { - Elf_Data *sym_tab; - Elf_Data *str_tab; - Elf_Data *btf_data; -+ Elf_Data *glo_data; - char obj_uid[64]; - int obj_fd; - int btf_fd; -@@ -1162,6 +1163,7 @@ struct bpf_elf_ctx { - int sec_maps; - int sec_text; - int sec_btf; -+ int sec_data; - char license[ELF_MAX_LICENSE_LEN]; - enum bpf_prog_type type; - __u32 ifindex; -@@ -2057,6 +2059,15 @@ static int bpf_fetch_text(struct bpf_elf_ctx *ctx, int section, - return 0; - } - -+static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section, -+ struct bpf_elf_sec_data *data) -+{ -+ ctx->sec_data = section; -+ ctx->glo_data = data->sec_data; -+ ctx->sec_done[section] = true; -+ return 0; -+} -+ - static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx) - { - fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n", -@@ -2270,6 +2281,11 @@ static bool bpf_has_call_data(const struct bpf_elf_ctx *ctx) - return ctx->sec_text; - } - -+static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx) -+{ -+ return ctx->sec_data; -+} -+ - static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec) - { - struct bpf_elf_sec_data data; -@@ -2291,6 +2307,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec) - !strcmp(data.sec_name, ".text") && - check_text_sec) - ret = bpf_fetch_text(ctx, i, &data); -+ else if (data.sec_hdr.sh_type == SHT_PROGBITS && -+ !strcmp(data.sec_name, ".data")) -+ ret = bpf_fetch_data(ctx, i, &data); - else if (data.sec_hdr.sh_type == SHT_SYMTAB && - !strcmp(data.sec_name, ".symtab")) - ret = bpf_fetch_symtab(ctx, i, &data); -@@ -2404,6 +2423,21 @@ static int bpf_apply_relo_map(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog - return 0; - } - -+static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog, -+ GElf_Rel *relo, GElf_Sym *sym, -+ struct bpf_relo_props *props) -+{ -+ unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn); -+ int *data; -+ -+ if (insn_off >= prog->insns_num) -+ return -EINVAL; -+ -+ data = ctx->glo_data->d_buf + sym->st_value; -+ prog->insns[insn_off].imm = *data; -+ return 0; -+} -+ - static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog, - GElf_Rel *relo, GElf_Sym *sym, - struct bpf_relo_props *props) -@@ -2458,10 +2492,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx, - - if (sym.st_shndx == ctx->sec_maps) - ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props); -+ else if (sym.st_shndx == ctx->sec_data) -+ ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props); - else if (sym.st_shndx == ctx->sec_text) - ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props); - else -- fprintf(stderr, "ELF contains non-{map,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n", -+ fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n", - relo_ent, sym.st_shndx); - if (ret < 0) - return ret; -@@ -2557,7 +2593,7 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section) - return ret; - } - -- if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx)) -+ if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx)) - ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog); - if (ret < 0 && !lderr) - ret = bpf_fetch_prog(ctx, section, &sseen); diff --git a/iproute2.changes b/iproute2.changes index 4f87709..5aed6d8 100644 --- a/iproute2.changes +++ b/iproute2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jun 17 10:50:43 UTC 2020 - Dirk Mueller + +- remove bpf-bss-section-poc.patch, bpf-data-section-support-poc.patch: + * these patches should be obsolete with cilium 1.7 and they never + went upstream, so we can drop it (jsc#SLE-9813) + ------------------------------------------------------------------- Wed Jun 3 19:39:59 UTC 2020 - Jan Engelhardt diff --git a/iproute2.spec b/iproute2.spec index 7803695..814c9e1 100644 --- a/iproute2.spec +++ b/iproute2.spec @@ -35,8 +35,6 @@ Patch2: use-sysconf-_SC_CLK_TCK-if-HZ-undefined.patch Patch3: add-explicit-typecast-to-avoid-gcc-warning.patch Patch4: xfrm-support-displaying-transformations-used-for-Mob.patch Patch6: split-link-and-compile-steps-for-binaries.patch -Patch201: bpf-data-section-support-poc.patch -Patch202: bpf-bss-section-poc.patch BuildRequires: bison BuildRequires: db-devel BuildRequires: fdupes