hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB2AQ3 CVE: CVE-2023-52920
--------------------------------
Fix kabi breakage in struct bpf_verifier_state and bpf_verifier_env.
Fixes: f6c4972ba798 ("bpf: support non-r10 register spill/fill to/from stack in precision tracking") Signed-off-by: Pu Lehui pulehui@huawei.com --- include/linux/bpf_verifier.h | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index 6cbc3f6834b3..1447d41474f5 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -341,6 +341,12 @@ struct bpf_func_state { KABI_RESERVE(4) };
+KABI_BROKEN_REMOVE( +struct bpf_idx_pair { + u32 prev_idx; + u32 idx; +}) + #define MAX_CALL_FRAMES 8
/* instruction history flags, used in bpf_jmp_history_entry.flags field */ @@ -451,7 +457,8 @@ struct bpf_verifier_state { * For most states jmp_history_cnt is [0-3]. * For loops can go up to ~40. */ - struct bpf_jmp_history_entry *jmp_history; + KABI_REPLACE(struct bpf_idx_pair *jmp_history, + struct bpf_jmp_history_entry *jmp_history) u32 jmp_history_cnt; u32 dfs_depth; u32 callback_unroll_depth; @@ -699,7 +706,6 @@ struct bpf_verifier_env { int cur_stack; } cfg; struct backtrack_state bt; - struct bpf_jmp_history_entry *cur_hist_ent; u32 pass_cnt; /* number of times do_check() was called */ u32 subprog_cnt; /* number of instructions analyzed by the verifier */ @@ -733,7 +739,7 @@ struct bpf_verifier_env { */ char tmp_str_buf[TMP_STR_BUF_LEN];
- KABI_RESERVE(1) + KABI_USE(1, struct bpf_jmp_history_entry *cur_hist_ent) KABI_RESERVE(2) KABI_RESERVE(3) KABI_RESERVE(4)