Accepting request 682651 from home:joestringer:branches:security:netfilter
- Pull in bpf global data section support patches * Corresponds to changes here: https://github.com/cilium/iproute2/tree/static-data OBS-URL: https://build.opensuse.org/request/show/682651 OBS-URL: https://build.opensuse.org/package/show/security:netfilter/iproute2?expand=0&rev=170
This commit is contained in:
parent
3c15018b58
commit
ad65262e8b
113
bpf-bss-section-poc.patch
Normal file
113
bpf-bss-section-poc.patch
Normal file
@ -0,0 +1,113 @@
|
|||||||
|
From 8f256b14edf9fdba3e0c688b76a4124d8627cde1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Joe Stringer <joe@wand.net.nz>
|
||||||
|
Date: Thu, 24 Jan 2019 20:55:39 -0800
|
||||||
|
Subject: [PATCH iproute2-next 2/2] bpf: bss section poc
|
||||||
|
To: Stephen Hemminger <stephen@networkplumber.org>
|
||||||
|
Cc: netdev@vger.kernel.org, daniel@iogearbox.net
|
||||||
|
|
||||||
|
The .bss section denotes uninitialized data, which is for instance what
|
||||||
|
clang will generate if a static variable is set to zero by default.
|
||||||
|
Teach the bpf library about .bss so that such variables can be properly
|
||||||
|
initialized.
|
||||||
|
|
||||||
|
Signed-off-by: Joe Stringer <joe@wand.net.nz>
|
||||||
|
---
|
||||||
|
lib/bpf.c | 37 +++++++++++++++++++++++++++++++++++--
|
||||||
|
1 file changed, 35 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/bpf.c b/lib/bpf.c
|
||||||
|
index eb208275ebaa..69eaa5ee732d 100644
|
||||||
|
--- a/lib/bpf.c
|
||||||
|
+++ b/lib/bpf.c
|
||||||
|
@@ -1159,6 +1159,7 @@ struct bpf_elf_ctx {
|
||||||
|
int sec_text;
|
||||||
|
int sec_btf;
|
||||||
|
int sec_data;
|
||||||
|
+ int sec_bss;
|
||||||
|
char license[ELF_MAX_LICENSE_LEN];
|
||||||
|
enum bpf_prog_type type;
|
||||||
|
__u32 ifindex;
|
||||||
|
@@ -2048,6 +2049,14 @@ static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section,
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int bpf_fetch_bss(struct bpf_elf_ctx *ctx, int section,
|
||||||
|
+ struct bpf_elf_sec_data *data)
|
||||||
|
+{
|
||||||
|
+ ctx->sec_bss = section;
|
||||||
|
+ ctx->sec_done[section] = true;
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx)
|
||||||
|
{
|
||||||
|
fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n",
|
||||||
|
@@ -2262,6 +2271,11 @@ static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx)
|
||||||
|
return ctx->sec_data;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static bool bpf_has_bss_data(const struct bpf_elf_ctx *ctx)
|
||||||
|
+{
|
||||||
|
+ return ctx->sec_bss;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
|
||||||
|
{
|
||||||
|
struct bpf_elf_sec_data data;
|
||||||
|
@@ -2286,6 +2300,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
|
||||||
|
else if (data.sec_hdr.sh_type == SHT_PROGBITS &&
|
||||||
|
!strcmp(data.sec_name, ".data"))
|
||||||
|
ret = bpf_fetch_data(ctx, i, &data);
|
||||||
|
+ else if (data.sec_hdr.sh_type == SHT_NOBITS &&
|
||||||
|
+ !strcmp(data.sec_name, ".bss"))
|
||||||
|
+ ret = bpf_fetch_bss(ctx, i, &data);
|
||||||
|
else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
|
||||||
|
!strcmp(data.sec_name, ".symtab"))
|
||||||
|
ret = bpf_fetch_symtab(ctx, i, &data);
|
||||||
|
@@ -2414,6 +2431,19 @@ static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *pro
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int bpf_apply_relo_bss(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
|
||||||
|
+ GElf_Rel *relo, GElf_Sym *sym,
|
||||||
|
+ struct bpf_relo_props *props)
|
||||||
|
+{
|
||||||
|
+ unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn);
|
||||||
|
+
|
||||||
|
+ if (insn_off >= prog->insns_num)
|
||||||
|
+ return -EINVAL;
|
||||||
|
+
|
||||||
|
+ prog->insns[insn_off].imm = 0;
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
|
||||||
|
GElf_Rel *relo, GElf_Sym *sym,
|
||||||
|
struct bpf_relo_props *props)
|
||||||
|
@@ -2470,10 +2500,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
|
||||||
|
ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props);
|
||||||
|
else if (sym.st_shndx == ctx->sec_data)
|
||||||
|
ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props);
|
||||||
|
+ else if (sym.st_shndx == ctx->sec_bss)
|
||||||
|
+ ret = bpf_apply_relo_bss(ctx, prog, &relo, &sym, props);
|
||||||
|
else if (sym.st_shndx == ctx->sec_text)
|
||||||
|
ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props);
|
||||||
|
else
|
||||||
|
- fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
|
||||||
|
+ fprintf(stderr, "ELF contains non-{bss,call,data,map} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
|
||||||
|
relo_ent, sym.st_shndx);
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
|
@@ -2569,7 +2601,8 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx))
|
||||||
|
+ if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) ||
|
||||||
|
+ bpf_has_glob_data(ctx) || bpf_has_bss_data(ctx))
|
||||||
|
ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog);
|
||||||
|
if (ret < 0 && !lderr)
|
||||||
|
ret = bpf_fetch_prog(ctx, section, &sseen);
|
||||||
|
--
|
||||||
|
2.19.1
|
||||||
|
|
118
bpf-data-section-support-poc.patch
Normal file
118
bpf-data-section-support-poc.patch
Normal file
@ -0,0 +1,118 @@
|
|||||||
|
From 4e0dcb220bd77a5ddf0f8956740281efbf1ead90 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Borkmann <daniel@iogearbox.net>
|
||||||
|
Date: Wed, 31 Oct 2018 20:25:22 +0100
|
||||||
|
Subject: [PATCH iproute2-next 1/2] bpf: data section support poc
|
||||||
|
To: Stephen Hemminger <stephen@networkplumber.org>
|
||||||
|
Cc: netdev@vger.kernel.org, daniel@iogearbox.net
|
||||||
|
|
||||||
|
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
||||||
|
---
|
||||||
|
lib/bpf.c | 40 ++++++++++++++++++++++++++++++++++++++--
|
||||||
|
1 file changed, 38 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/bpf.c b/lib/bpf.c
|
||||||
|
index 45f279fa4a41..eb208275ebaa 100644
|
||||||
|
--- a/lib/bpf.c
|
||||||
|
+++ b/lib/bpf.c
|
||||||
|
@@ -1142,6 +1142,7 @@ struct bpf_elf_ctx {
|
||||||
|
Elf_Data *sym_tab;
|
||||||
|
Elf_Data *str_tab;
|
||||||
|
Elf_Data *btf_data;
|
||||||
|
+ Elf_Data *glo_data;
|
||||||
|
char obj_uid[64];
|
||||||
|
int obj_fd;
|
||||||
|
int btf_fd;
|
||||||
|
@@ -1157,6 +1158,7 @@ struct bpf_elf_ctx {
|
||||||
|
int sec_maps;
|
||||||
|
int sec_text;
|
||||||
|
int sec_btf;
|
||||||
|
+ int sec_data;
|
||||||
|
char license[ELF_MAX_LICENSE_LEN];
|
||||||
|
enum bpf_prog_type type;
|
||||||
|
__u32 ifindex;
|
||||||
|
@@ -2037,6 +2039,15 @@ static int bpf_fetch_text(struct bpf_elf_ctx *ctx, int section,
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int bpf_fetch_data(struct bpf_elf_ctx *ctx, int section,
|
||||||
|
+ struct bpf_elf_sec_data *data)
|
||||||
|
+{
|
||||||
|
+ ctx->sec_data = section;
|
||||||
|
+ ctx->glo_data = data->sec_data;
|
||||||
|
+ ctx->sec_done[section] = true;
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void bpf_btf_report(int fd, struct bpf_elf_ctx *ctx)
|
||||||
|
{
|
||||||
|
fprintf(stderr, "\nBTF debug data section \'.BTF\' %s%s (%d)!\n",
|
||||||
|
@@ -2246,6 +2257,11 @@ static bool bpf_has_call_data(const struct bpf_elf_ctx *ctx)
|
||||||
|
return ctx->sec_text;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static bool bpf_has_glob_data(const struct bpf_elf_ctx *ctx)
|
||||||
|
+{
|
||||||
|
+ return ctx->sec_data;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
|
||||||
|
{
|
||||||
|
struct bpf_elf_sec_data data;
|
||||||
|
@@ -2267,6 +2283,9 @@ static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx, bool check_text_sec)
|
||||||
|
!strcmp(data.sec_name, ".text") &&
|
||||||
|
check_text_sec)
|
||||||
|
ret = bpf_fetch_text(ctx, i, &data);
|
||||||
|
+ else if (data.sec_hdr.sh_type == SHT_PROGBITS &&
|
||||||
|
+ !strcmp(data.sec_name, ".data"))
|
||||||
|
+ ret = bpf_fetch_data(ctx, i, &data);
|
||||||
|
else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
|
||||||
|
!strcmp(data.sec_name, ".symtab"))
|
||||||
|
ret = bpf_fetch_symtab(ctx, i, &data);
|
||||||
|
@@ -2380,6 +2399,21 @@ static int bpf_apply_relo_map(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int bpf_apply_relo_glob(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
|
||||||
|
+ GElf_Rel *relo, GElf_Sym *sym,
|
||||||
|
+ struct bpf_relo_props *props)
|
||||||
|
+{
|
||||||
|
+ unsigned int insn_off = relo->r_offset / sizeof(struct bpf_insn);
|
||||||
|
+ int *data;
|
||||||
|
+
|
||||||
|
+ if (insn_off >= prog->insns_num)
|
||||||
|
+ return -EINVAL;
|
||||||
|
+
|
||||||
|
+ data = ctx->glo_data->d_buf + sym->st_value;
|
||||||
|
+ prog->insns[insn_off].imm = *data;
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static int bpf_apply_relo_call(struct bpf_elf_ctx *ctx, struct bpf_elf_prog *prog,
|
||||||
|
GElf_Rel *relo, GElf_Sym *sym,
|
||||||
|
struct bpf_relo_props *props)
|
||||||
|
@@ -2434,10 +2468,12 @@ static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
|
||||||
|
|
||||||
|
if (sym.st_shndx == ctx->sec_maps)
|
||||||
|
ret = bpf_apply_relo_map(ctx, prog, &relo, &sym, props);
|
||||||
|
+ else if (sym.st_shndx == ctx->sec_data)
|
||||||
|
+ ret = bpf_apply_relo_glob(ctx, prog, &relo, &sym, props);
|
||||||
|
else if (sym.st_shndx == ctx->sec_text)
|
||||||
|
ret = bpf_apply_relo_call(ctx, prog, &relo, &sym, props);
|
||||||
|
else
|
||||||
|
- fprintf(stderr, "ELF contains non-{map,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
|
||||||
|
+ fprintf(stderr, "ELF contains non-{map,data,call} related relo data in entry %u pointing to section %u! Compiler bug?!\n",
|
||||||
|
relo_ent, sym.st_shndx);
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
|
@@ -2533,7 +2569,7 @@ static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx))
|
||||||
|
+ if (bpf_has_map_data(ctx) || bpf_has_call_data(ctx) || bpf_has_glob_data(ctx))
|
||||||
|
ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen, &prog);
|
||||||
|
if (ret < 0 && !lderr)
|
||||||
|
ret = bpf_fetch_prog(ctx, section, &sseen);
|
||||||
|
--
|
||||||
|
2.19.1
|
||||||
|
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 6 00:59:48 UTC 2019 - Joe Stringer <joe@cilium.io>
|
||||||
|
|
||||||
|
- Pull in bpf global data section support patches
|
||||||
|
* Corresponds to changes here:
|
||||||
|
https://github.com/cilium/iproute2/tree/static-data
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Jan 26 10:39:56 UTC 2019 - mkubecek@suse.cz
|
Sat Jan 26 10:39:56 UTC 2019 - mkubecek@suse.cz
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
# license that conforms to the Open Source Definition (Version 1.9)
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
# published by the Open Source Initiative.
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
@ -38,6 +38,8 @@ Patch4: xfrm-support-displaying-transformations-used-for-Mob.patch
|
|||||||
Patch6: split-link-and-compile-steps-for-binaries.patch
|
Patch6: split-link-and-compile-steps-for-binaries.patch
|
||||||
Patch7: examples-fix-bashisms-in-example-script.patch
|
Patch7: examples-fix-bashisms-in-example-script.patch
|
||||||
Patch102: Revert-emp-fix-warning-on-deprecated-bison-directive.patch
|
Patch102: Revert-emp-fix-warning-on-deprecated-bison-directive.patch
|
||||||
|
Patch201: bpf-data-section-support-poc.patch
|
||||||
|
Patch202: bpf-bss-section-poc.patch
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
BuildRequires: db-devel
|
BuildRequires: db-devel
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
@ -84,7 +86,7 @@ bash command line completion support for iproute.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -qn %name-%rversion
|
%setup -qn %name-%rversion
|
||||||
%patch -P 1 -P 2 -P 3 -P 4 -P 6 -P 7 -p1
|
%patch -P 1 -P 2 -P 3 -P 4 -P 6 -P 7 -P 201 -P 202 -p1
|
||||||
%if 0%{?sles_version} == 11
|
%if 0%{?sles_version} == 11
|
||||||
%patch -P 102 -p1
|
%patch -P 102 -p1
|
||||||
%endif
|
%endif
|
||||||
|
Loading…
Reference in New Issue
Block a user