From ad65262e8beb050a8f6c43988270f587bf620ffaf99b130849b6ef6cb397aa66 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sat, 9 Mar 2019 20:51:03 +0000 Subject: [PATCH] Accepting request 682651 from home:joestringer:branches:security:netfilter - Pull in bpf global data section support patches * Corresponds to changes here: https://github.com/cilium/iproute2/tree/static-data OBS-URL: https://build.opensuse.org/request/show/682651 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iproute2?expand=0&rev=170 --- bpf-bss-section-poc.patch | 113 +++++++++++++++++++++++++++ bpf-data-section-support-poc.patch | 118 +++++++++++++++++++++++++++++ iproute2.changes | 7 ++ iproute2.spec | 6 +- 4 files changed, 242 insertions(+), 2 deletions(-) create mode 100644 bpf-bss-section-poc.patch create mode 100644 bpf-data-section-support-poc.patch diff --git a/bpf-bss-section-poc.patch b/bpf-bss-section-poc.patch new file mode 100644 index 0000000..cd2f3b1 --- /dev/null +++ b/bpf-bss-section-poc.patch @@ -0,0 +1,113 @@ +From 8f256b14edf9fdba3e0c688b76a4124d8627cde1 Mon Sep 17 00:00:00 2001 +From: Joe Stringer +Date: Thu, 24 Jan 2019 20:55:39 -0800 +Subject: [PATCH iproute2-next 2/2] bpf: bss section poc +To: Stephen Hemminger +Cc: netdev@vger.kernel.org, daniel@iogearbox.net + +The .bss section denotes uninitialized data, which is for instance what +clang will generate if a static variable is set to zero by default. +Teach the bpf library about .bss so that such variables can be properly +initialized. + +Signed-off-by: Joe Stringer +--- + lib/bpf.c | 37 +++++++++++++++++++++++++++++++++++-- + 1 file changed, 35 insertions(+), 2 deletions(-) + +diff --git a/lib/bpf.c b/lib/bpf.c +index eb208275ebaa..69eaa5ee732d 100644 +--- a/lib/bpf.c ++++ b/lib/bpf.c +@@ -1159,6 +1159,7 @@ struct bpf_elf_ctx { + int sec_text; + int sec_btf; + int sec_data; ++ int sec_bss; + char license[ELF_MAX_LICENSE_LEN]; + enum bpf_prog_type type; + __u32 ifindex; +@@ -2048,6 +2049,14 @@ static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section, + return 0; + } + ++static int bpf_fetch_bss(struct bpf_elf_ctx *ctx, int section, ++ struct bpf_elf_sec_data *data) ++{ ++ ctx->sec_bss = section; ++ ctx->sec_done[section] = true; ++ return 0; ++} ++ + static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx) + { + fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n", +@@ -2262,6 +2271,11 @@ static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx) + return ctx->sec_data; + } + ++static bool bpf_has_bss_data(const struct bpf_elf_ctx *ctx) ++{ ++ return ctx->sec_bss; ++} ++ + static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec) + { + struct bpf_elf_sec_data data; +@@ -2286,6 +2300,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec) + else if (data.sec_hdr.sh_type == SHT_PROGBITS && + !strcmp(data.sec_name, ".data")) + ret = bpf_fetch_data(ctx, i, &data); ++ else if (data.sec_hdr.sh_type == SHT_NOBITS && ++ !strcmp(data.sec_name, ".bss")) ++ ret = bpf_fetch_bss(ctx, i, &data); + else if (data.sec_hdr.sh_type == SHT_SYMTAB && + !strcmp(data.sec_name, ".symtab")) + ret = bpf_fetch_symtab(ctx, i, &data); +@@ -2414,6 +2431,19 @@ static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *pro + return 0; + } + ++static int bpf_apply_relo_bss(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog, ++ GElf_Rel *relo, GElf_Sym *sym, ++ struct bpf_relo_props *props) ++{ ++ unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn); ++ ++ if (insn_off >= prog->insns_num) ++ return -EINVAL; ++ ++ prog->insns[insn_off].imm = 0; ++ return 0; ++} ++ + static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog, + GElf_Rel *relo, GElf_Sym *sym, + struct bpf_relo_props *props) +@@ -2470,10 +2500,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx, + ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props); + else if (sym.st_shndx == ctx->sec_data) + ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props); ++ else if (sym.st_shndx == ctx->sec_bss) ++ ret = bpf_apply_relo_bss(ctx, prog, &relo, &sym, props); + else if (sym.st_shndx == ctx->sec_text) + ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props); + else +- fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n", ++ fprintf(stderr, "ELF contains non-{bss,call,data,map} related relo data in entry %u pointing to section %u! Compiler bug?!\n", + relo_ent, sym.st_shndx); + if (ret < 0) + return ret; +@@ -2569,7 +2601,8 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section) + return ret; + } + +- if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx)) ++ if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || ++ bpf_has_glob_data(ctx) || bpf_has_bss_data(ctx)) + ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog); + if (ret < 0 && !lderr) + ret = bpf_fetch_prog(ctx, section, &sseen); +-- +2.19.1 + diff --git a/bpf-data-section-support-poc.patch b/bpf-data-section-support-poc.patch new file mode 100644 index 0000000..e3486c3 --- /dev/null +++ b/bpf-data-section-support-poc.patch @@ -0,0 +1,118 @@ +From 4e0dcb220bd77a5ddf0f8956740281efbf1ead90 Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann +Date: Wed, 31 Oct 2018 20:25:22 +0100 +Subject: [PATCH iproute2-next 1/2] bpf: data section support poc +To: Stephen Hemminger +Cc: netdev@vger.kernel.org, daniel@iogearbox.net + +Signed-off-by: Daniel Borkmann +--- + lib/bpf.c | 40 ++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 38 insertions(+), 2 deletions(-) + +diff --git a/lib/bpf.c b/lib/bpf.c +index 45f279fa4a41..eb208275ebaa 100644 +--- a/lib/bpf.c ++++ b/lib/bpf.c +@@ -1142,6 +1142,7 @@ struct bpf_elf_ctx { + Elf_Data *sym_tab; + Elf_Data *str_tab; + Elf_Data *btf_data; ++ Elf_Data *glo_data; + char obj_uid[64]; + int obj_fd; + int btf_fd; +@@ -1157,6 +1158,7 @@ struct bpf_elf_ctx { + int sec_maps; + int sec_text; + int sec_btf; ++ int sec_data; + char license[ELF_MAX_LICENSE_LEN]; + enum bpf_prog_type type; + __u32 ifindex; +@@ -2037,6 +2039,15 @@ static int bpf_fetch_text(struct bpf_elf_ctx *ctx, int section, + return 0; + } + ++static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section, ++ struct bpf_elf_sec_data *data) ++{ ++ ctx->sec_data = section; ++ ctx->glo_data = data->sec_data; ++ ctx->sec_done[section] = true; ++ return 0; ++} ++ + static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx) + { + fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n", +@@ -2246,6 +2257,11 @@ static bool bpf_has_call_data(const struct bpf_elf_ctx *ctx) + return ctx->sec_text; + } + ++static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx) ++{ ++ return ctx->sec_data; ++} ++ + static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec) + { + struct bpf_elf_sec_data data; +@@ -2267,6 +2283,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec) + !strcmp(data.sec_name, ".text") && + check_text_sec) + ret = bpf_fetch_text(ctx, i, &data); ++ else if (data.sec_hdr.sh_type == SHT_PROGBITS && ++ !strcmp(data.sec_name, ".data")) ++ ret = bpf_fetch_data(ctx, i, &data); + else if (data.sec_hdr.sh_type == SHT_SYMTAB && + !strcmp(data.sec_name, ".symtab")) + ret = bpf_fetch_symtab(ctx, i, &data); +@@ -2380,6 +2399,21 @@ static int bpf_apply_relo_map(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog + return 0; + } + ++static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog, ++ GElf_Rel *relo, GElf_Sym *sym, ++ struct bpf_relo_props *props) ++{ ++ unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn); ++ int *data; ++ ++ if (insn_off >= prog->insns_num) ++ return -EINVAL; ++ ++ data = ctx->glo_data->d_buf + sym->st_value; ++ prog->insns[insn_off].imm = *data; ++ return 0; ++} ++ + static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog, + GElf_Rel *relo, GElf_Sym *sym, + struct bpf_relo_props *props) +@@ -2434,10 +2468,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx, + + if (sym.st_shndx == ctx->sec_maps) + ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props); ++ else if (sym.st_shndx == ctx->sec_data) ++ ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props); + else if (sym.st_shndx == ctx->sec_text) + ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props); + else +- fprintf(stderr, "ELF contains non-{map,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n", ++ fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n", + relo_ent, sym.st_shndx); + if (ret < 0) + return ret; +@@ -2533,7 +2569,7 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section) + return ret; + } + +- if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx)) ++ if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx)) + ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog); + if (ret < 0 && !lderr) + ret = bpf_fetch_prog(ctx, section, &sseen); +-- +2.19.1 + diff --git a/iproute2.changes b/iproute2.changes index d02aa7b..687dd12 100644 --- a/iproute2.changes +++ b/iproute2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Mar 6 00:59:48 UTC 2019 - Joe Stringer + +- Pull in bpf global data section support patches + * Corresponds to changes here: + https://github.com/cilium/iproute2/tree/static-data + ------------------------------------------------------------------- Sat Jan 26 10:39:56 UTC 2019 - mkubecek@suse.cz diff --git a/iproute2.spec b/iproute2.spec index 5848344..cfa6a32 100644 --- a/iproute2.spec +++ b/iproute2.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -38,6 +38,8 @@ Patch4: xfrm-support-displaying-transformations-used-for-Mob.patch Patch6: split-link-and-compile-steps-for-binaries.patch Patch7: examples-fix-bashisms-in-example-script.patch Patch102: Revert-emp-fix-warning-on-deprecated-bison-directive.patch +Patch201: bpf-data-section-support-poc.patch +Patch202: bpf-bss-section-poc.patch BuildRequires: bison BuildRequires: db-devel BuildRequires: fdupes @@ -84,7 +86,7 @@ bash command line completion support for iproute. %prep %setup -qn %name-%rversion -%patch -P 1 -P 2 -P 3 -P 4 -P 6 -P 7 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 6 -P 7 -P 201 -P 202 -p1 %if 0%{?sles_version} == 11 %patch -P 102 -p1 %endif