TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a4858b00a1
twx-linux/include/uapi/linux
History
Kees Cook ef33f02968 bpf: Replace bpf_lpm_trie_key 0-length array with flexible array 
[ Upstream commit 896880ff30866f386ebed14ab81ce1ad3710cfc4 ]

Replace deprecated 0-length array in struct bpf_lpm_trie_key with
flexible array. Found with GCC 13:

../kernel/bpf/lpm_trie.c:207:51: warning: array subscript i is outside array bounds of 'const __u8[0]' {aka 'const unsigned char[]'} [-Warray-bounds=]
  207 |                                        *(__be16 *)&key->data[i]);
      |                                                   ^~~~~~~~~~~~~
../include/uapi/linux/swab.h:102:54: note: in definition of macro '__swab16'
  102 | #define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
      |                                                      ^
../include/linux/byteorder/generic.h:97:21: note: in expansion of macro '__be16_to_cpu'
   97 | #define be16_to_cpu __be16_to_cpu
      |                     ^~~~~~~~~~~~~
../kernel/bpf/lpm_trie.c:206:28: note: in expansion of macro 'be16_to_cpu'
  206 |                 u16 diff = be16_to_cpu(*(__be16 *)&node->data[i]
^
      |                            ^~~~~~~~~~~
In file included from ../include/linux/bpf.h:7:
../include/uapi/linux/bpf.h:82:17: note: while referencing 'data'
   82 |         __u8    data[0];        /* Arbitrary size */
      |                 ^~~~

And found at run-time under CONFIG_FORTIFY_SOURCE:

  UBSAN: array-index-out-of-bounds in kernel/bpf/lpm_trie.c:218:49
  index 0 is out of range for type '__u8 [*]'

Changing struct bpf_lpm_trie_key is difficult since has been used by
userspace. For example, in Cilium:

	struct egress_gw_policy_key {
	        struct bpf_lpm_trie_key lpm_key;
	        __u32 saddr;
	        __u32 daddr;
	};

While direct references to the "data" member haven't been found, there
are static initializers what include the final member. For example,
the "{}" here:

        struct egress_gw_policy_key in_key = {
                .lpm_key = { 32 + 24, {} },
                .saddr   = CLIENT_IP,
                .daddr   = EXTERNAL_SVC_IP & 0Xffffff,
        };

To avoid the build time and run time warnings seen with a 0-sized
trailing array for struct bpf_lpm_trie_key, introduce a new struct
that correctly uses a flexible array for the trailing bytes,
struct bpf_lpm_trie_key_u8. As part of this, include the "header"
portion (which is just the "prefixlen" member), so it can be used
by anything building a bpf_lpr_trie_key that has trailing members that
aren't a u8 flexible array (like the self-test[1]), which is named
struct bpf_lpm_trie_key_hdr.

Unfortunately, C++ refuses to parse the __struct_group() helper, so
it is not possible to define struct bpf_lpm_trie_key_hdr directly in
struct bpf_lpm_trie_key_u8, so we must open-code the union directly.

Adjust the kernel code to use struct bpf_lpm_trie_key_u8 through-out,
and for the selftest to use struct bpf_lpm_trie_key_hdr. Add a comment
to the UAPI header directing folks to the two new options.

Reported-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Closes: https://paste.debian.net/hidden/ca500597/
Link: https://lore.kernel.org/all/202206281009.4332AA33@keescook/ [1]
Link: https://lore.kernel.org/bpf/20240222155612.it.533-kees@kernel.org
Stable-dep-of: 59f2f841179a ("bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie.")
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-08-19 06:04:27 +02:00
..
android
byteorder
caif
can
cifs
dvb
genwqe
hdlc
hsi
iio
isdn
misc
mmc
netfilter netfilter: nf_tables: rise cap on SELinux secmark context 2024-08-03 08:53:40 +02:00
netfilter_arp
netfilter_bridge netfilter: ebtables: replace zero-length array members 2023-08-22 15:13:20 +02:00
netfilter_ipv4
netfilter_ipv6
nfsd
raid
sched
spi
sunrpc
surface_aggregator
tc_act
tc_ematch
usb USB: Remove remnants of Wireless USB and UWB 2023-08-09 14:17:06 +02:00
a.out.h
acct.h
acrn.h
adb.h
adfs_fs.h
affs_hardblocks.h
agpgart.h
aio_abi.h
am437x-vpfe.h
amt.h
apm_bios.h
arcfb.h
arm_sdei.h
aspeed-lpc-ctrl.h
aspeed-p2a-ctrl.h
aspeed-video.h
atalk.h
atm_eni.h
atm_he.h
atm_idt77105.h
atm_nicstar.h
atm_tcp.h
atm_zatm.h
atm.h
atmapi.h
atmarp.h
atmbr2684.h
atmclip.h
atmdev.h
atmioc.h
atmlec.h
atmmpc.h
atmppp.h
atmsap.h
atmsvc.h
audit.h
auto_dev-ioctl.h
auto_fs4.h
auto_fs.h
auxvec.h
ax25.h
batadv_packet.h
batman_adv.h
baycom.h
bcm933xx_hcs.h
bfs_fs.h
binfmts.h
blkpg.h
blktrace_api.h
blkzoned.h
bpf_common.h
bpf_perf_event.h
bpf.h bpf: Replace bpf_lpm_trie_key 0-length array with flexible array 2024-08-19 06:04:27 +02:00
bpfilter.h
bpqether.h
bsg.h
bt-bmc.h
btf.h
btrfs_tree.h btrfs: remove v0 extent handling 2023-08-21 14:54:48 +02:00
btrfs.h btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args 2024-01-31 16:19:06 -08:00
cachefiles.h
can.h
capability.h
capi.h
cciss_defs.h
cciss_ioctl.h
ccs.h
cdrom.h
cec-funcs.h
cec.h
cfm_bridge.h
cgroupstats.h
chio.h
close_range.h
cn_proc.h connector: Fix invalid conversion in cn_proc.h 2024-07-11 12:49:20 +02:00
coda.h
coff.h
comedi.h
connector.h
const.h
coresight-stm.h
counter.h
cramfs_fs.h
cryptouser.h
cuda.h
cxl_mem.h
cyclades.h
cycx_cfm.h
dcbnl.h
dccp.h
devlink.h devlink: Expose port function commands to control IPsec packet offloads 2023-08-27 17:08:45 -07:00
dlm_device.h
dlm_plock.h
dlm.h
dlmconstants.h
dm-ioctl.h
dm-log-userspace.h
dma-buf.h
dma-heap.h
dns_resolver.h
dqblk_xfs.h
dw100.h
edd.h
efs_fs_sb.h
elf-em.h
elf-fdpic.h binfmt_elf_fdpic: support 64-bit systems 2023-08-23 14:17:42 -07:00
elf.h Merge patch "RISC-V: Add ptrace support for vectors" 2023-09-08 11:24:38 -07:00
errno.h
errqueue.h
erspan.h
ethtool_netlink.h
ethtool.h
eventfd.h
eventpoll.h
ext4.h
f2fs.h
fadvise.h
falloc.h
fanotify.h
fb.h
fcntl.h fs: Pass AT_GETATTR_NOSEC flag to getattr interface function 2023-12-03 07:33:03 +01:00
fd.h
fdreg.h
fib_rules.h
fiemap.h
filter.h
firewire-cdev.h
firewire-constants.h
fou.h
fpga-dfl.h
fs.h
fscrypt.h
fsi.h fsi: sbefifo: Add configurable in-command timeout 2023-08-09 15:43:27 +09:30
fsl_hypervisor.h
fsl_mc.h
fsmap.h
fsverity.h
fuse.h fuse: Rename DIRECT_IO_RELAX to DIRECT_IO_ALLOW_MMAP 2023-12-20 17:01:51 +01:00
futex.h
gameport.h
gen_stats.h
genetlink.h
gfs2_ondisk.h
gpio.h
gsmmux.h tty: n_gsm: add restart flag to extended ioctl config 2023-08-22 15:21:34 +02:00
gtp.h gtp: uapi: fix GTPA_MAX 2023-10-24 12:02:02 +02:00
handshake.h
hash_info.h
hdlc.h
hdlcdrv.h
hdreg.h
hid.h
hiddev.h
hidraw.h
hpet.h
hsr_netlink.h
hw_breakpoint.h
hyperv.h
i2c-dev.h
i2c.h
i2o-dev.h
i8k.h
icmp.h
icmpv6.h
idxd.h
if_addr.h
if_addrlabel.h
if_alg.h
if_arcnet.h
if_arp.h
if_bonding.h
if_bridge.h
if_cablemodem.h
if_eql.h
if_ether.h
if_fc.h
if_fddi.h
if_hippi.h
if_infiniband.h
if_link.h
if_ltalk.h
if_macsec.h
if_packet.h af_packet: Fix fortified memcpy() without flex array. 2023-10-12 09:15:15 +02:00
if_phonet.h
if_plip.h
if_ppp.h
if_pppol2tp.h
if_pppox.h
if_slip.h
if_team.h
if_tun.h
if_tunnel.h
if_vlan.h
if_x25.h
if_xdp.h
if.h
ife.h
igmp.h
ila.h
in6.h uapi: in6: replace temporary label with rfc9486 2024-03-06 14:48:35 +00:00
in_route.h
in.h
inet_diag.h
inotify.h
input-event-codes.h input: Add support for "Do Not Disturb" 2024-07-25 09:50:44 +02:00
input.h
io_uring.h io_uring: add option to remove SQ indirection 2023-08-24 17:16:19 -06:00
ioam6_genl.h
ioam6_iptunnel.h
ioam6.h
ioctl.h
iommu.h
iommufd.h iommu/vt-d: Implement hw_info for iommu capability query 2023-08-18 12:52:15 -03:00
ioprio.h block: uapi: Fix compilation errors using ioprio.h with C++ 2023-08-15 10:06:49 -06:00
ip6_tunnel.h
ip_vs.h
ip.h
ipc.h
ipmi_bmc.h
ipmi_msgdefs.h
ipmi_ssif_bmc.h
ipmi.h
ipsec.h
ipv6_route.h
ipv6.h
irqnr.h
iso_fs.h
isst_if.h
ivtv.h
ivtvfb.h
jffs2.h
joystick.h
kcm.h
kcmp.h
kcov.h
kd.h
kdev_t.h
kernel-page-flags.h
kernel.h
kernelcapi.h
kexec.h crash: hotplug support for kexec_load() 2023-08-24 16:25:14 -07:00
keyboard.h
keyctl.h
kfd_ioctl.h drm/amdkfd: range check cp bad op exception interrupts 2024-05-17 12:02:11 +02:00
kfd_sysfs.h
kvm_para.h
kvm.h
l2tp.h
landlock.h
libc-compat.h
limits.h
lirc.h
llc.h
loadpin.h
loop.h
lp.h
lwtunnel.h
magic.h
major.h
map_to_7segment.h
map_to_14segment.h
matroxfb.h
max2175.h
mctp.h
mdio.h
media-bus-format.h
media.h
mei_uuid.h
mei.h
membarrier.h
memfd.h
mempolicy.h
mii.h
minix_fs.h
mman.h
mmtimer.h
module.h
mount.h fs: add FSCONFIG_CMD_CREATE_EXCL 2023-08-14 18:48:02 +02:00
mpls_iptunnel.h
mpls.h
mptcp.h
mqueue.h
mroute6.h
mroute.h
mrp_bridge.h
msdos_fs.h
msg.h
mtio.h
nbd-netlink.h
nbd.h
ncsi.h
ndctl.h
neighbour.h
net_dropmon.h
net_namespace.h
net_tstamp.h
net.h
netconf.h
netdev.h
netdevice.h
netfilter_arp.h
netfilter_bridge.h
netfilter_ipv4.h
netfilter_ipv6.h
netfilter.h
netlink_diag.h
netlink.h
netrom.h
nexthop.h
nfc.h
nfs2.h
nfs3.h
nfs4_mount.h
nfs4.h
nfs_fs.h
nfs_idmap.h
nfs_mount.h
nfs.h
nfsacl.h
nilfs2_api.h
nilfs2_ondisk.h
nitro_enclaves.h
nl80211-vnd-intel.h
nl80211.h
nsfs.h
nubus.h
nvme_ioctl.h
nvram.h
omap3isp.h
omapfb.h
oom.h
openat2.h
openvswitch.h net: openvswitch: add explicit drop action 2023-08-14 08:01:06 +01:00
packet_diag.h
param.h
parport.h
patchkey.h
pci_regs.h PCI/DPC: Use FIELD_GET() 2024-04-27 17:11:36 +02:00
pci.h
pcitest.h
perf_event.h
personality.h
pfkeyv2.h
pfrut.h
pg.h
phantom.h
phonet.h
pidfd.h
pkt_cls.h
pkt_sched.h netem: add prng attribute to netem_sched_data 2023-08-17 19:15:05 -07:00
pktcdvd.h
pmu.h
poll.h
posix_acl_xattr.h
posix_acl.h
posix_types.h
ppdev.h
ppp_defs.h
ppp-comp.h
ppp-ioctl.h
pps.h
pr.h
prctl.h mm: add a NO_INHERIT flag to the PR_SET_MDWE prctl 2023-12-03 07:33:06 +01:00
psample.h
psci.h
psp-dbc.h
psp-sev.h
ptp_clock.h
ptrace.h
qemu_fw_cfg.h
qnx4_fs.h
qnxtypes.h
qrtr.h
quota.h shmem: prepare shmem quota infrastructure 2023-08-09 09:15:39 +02:00
radeonfb.h
random.h
rds.h
reboot.h
reiserfs_fs.h
reiserfs_xattr.h
remoteproc_cdev.h
resource.h
rfkill.h
rio_cm_cdev.h
rio_mport_cdev.h
rkisp1-config.h
romfs_fs.h
rose.h
route.h
rpl_iptunnel.h
rpl.h
rpmsg_types.h
rpmsg.h
rseq.h
rtc.h
rtnetlink.h
rxrpc.h
scc.h
sched.h
scif_ioctl.h
screen_info.h
sctp.h
seccomp.h
securebits.h
sed-opal.h block: sed-opal: keyring support for SED keys 2023-08-22 11:10:26 -06:00
seg6_genl.h
seg6_hmac.h
seg6_iptunnel.h
seg6_local.h
seg6.h
selinux_netlink.h
sem.h
serial_core.h serial: 8250_bcm7271: improve bcm7271 8250 port 2023-08-22 15:30:59 +02:00
serial_reg.h
serial.h
serio.h
sev-guest.h
shm.h
signal.h
signalfd.h
smc_diag.h
smc.h net/smc: Extend SMCR v2 linkgroup netlink attribute 2023-08-19 12:46:53 +01:00
smiapp.h
snmp.h net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams. 2024-04-03 15:28:39 +02:00
sock_diag.h
socket.h
sockios.h
sonet.h
sonypi.h
sound.h
soundcard.h
stat.h
stddef.h uapi: propagate __struct_group() attributes to the container union 2023-12-08 08:52:22 +01:00
stm.h
string.h
suspend_ioctls.h
swab.h
switchtec_ioctl.h
sync_file.h
synclink.h
sysctl.h
sysinfo.h
target_core_user.h
taskstats.h
tcp_metrics.h
tcp.h
tdx-guest.h
tee.h
termios.h
thermal.h
time_types.h
time.h
timerfd.h
times.h
timex.h
tiocl.h
tipc_config.h
tipc_netlink.h
tipc_sockets_diag.h
tipc.h
tls.h
toshiba.h
tps6594_pfsm.h
tty_flags.h
tty.h
types.h
ublk_cmd.h ublk: zoned: support REQ_OP_ZONE_RESET_ALL 2023-08-20 20:24:34 -06:00
udf_fs_i.h
udmabuf.h
udp.h
uhid.h
uinput.h
uio.h
uleds.h
ultrasound.h
um_timetravel.h
un.h
unistd.h
unix_diag.h
usbdevice_fs.h
usbip.h
user_events.h tracing/user_events: Allow events to persist for perfmon_capable users 2024-06-12 11:12:11 +02:00
userfaultfd.h mm: userfaultfd: document and enable new UFFDIO_POISON feature 2023-08-18 10:12:17 -07:00
userio.h
utime.h
utsname.h
uuid.h
uvcvideo.h
v4l2-common.h
v4l2-controls.h
v4l2-dv-timings.h
v4l2-mediabus.h
v4l2-subdev.h media: v4l2-subdev: Fix a 64bit bug 2023-12-08 08:52:21 +01:00
vbox_err.h
vbox_vmmdev_types.h
vboxguest.h
vdpa.h
vduse.h
veth.h
vfio_ccw.h
vfio_zdev.h
vfio.h iommufd for 6.6 2023-08-30 20:41:37 -07:00
vhost_types.h vdpa: add VHOST_BACKEND_F_ENABLE_AFTER_DRIVER_OK flag 2023-09-03 18:10:22 -04:00
vhost.h
videodev2.h media: mediatek: vcodec: Add capture format to support 10bit raster mode 2023-08-10 07:58:34 +02:00
virtio_9p.h
virtio_balloon.h
virtio_blk.h
virtio_bt.h Bluetooth: HCI: Remove HCI_AMP support 2024-06-12 11:11:55 +02:00
virtio_config.h
virtio_console.h
virtio_crypto.h
virtio_fs.h
virtio_gpio.h
virtio_gpu.h
virtio_i2c.h
virtio_ids.h
virtio_input.h
virtio_iommu.h
virtio_mem.h
virtio_mmio.h
virtio_net.h
virtio_pci.h
virtio_pcidev.h
virtio_pmem.h
virtio_ring.h
virtio_rng.h
virtio_scmi.h
virtio_scsi.h
virtio_snd.h
virtio_types.h
virtio_vsock.h
vm_sockets_diag.h
vm_sockets.h vsock: read from socket's error queue 2023-11-28 17:19:38 +00:00
vmcore.h
vsockmon.h
vt.h
vtpm_proxy.h
wait.h
watch_queue.h
watchdog.h
wireguard.h
wireless.h
wmi.h
wwan.h
x25.h
xattr.h
xdp_diag.h
xfrm.h
xilinx-v4l2-controls.h
zorro_ids.h m68k: amiga: Turn off Warp1260 interrupts during boot 2024-08-03 08:54:17 +02:00
zorro.h