JIRA: https://issues.redhat.com/browse/RHEL-107194
commit b1992c3772e69a6fd0e3fc81cd4d2820c8b6eca0
Author: Masahiro Yamada <masahiroy@kernel.org>
Date: Sat Apr 27 23:55:02 2024 +0900
kbuild: use $(src) instead of $(srctree)/$(src) for source directory
Kbuild conventionally uses $(obj)/ for generated files, and $(src)/ for
checked-in source files. It is merely a convention without any functional
difference. In fact, $(obj) and $(src) are exactly the same, as defined
in scripts/Makefile.build:
src := $(obj)
When the kernel is built in a separate output directory, $(src) does
not accurately reflect the source directory location. While Kbuild
resolves this discrepancy by specifying VPATH=$(srctree) to search for
source files, it does not cover all cases. For example, when adding a
header search path for local headers, -I$(srctree)/$(src) is typically
passed to the compiler.
This introduces inconsistency between upstream and downstream Makefiles
because $(src) is used instead of $(srctree)/$(src) for the latter.
To address this inconsistency, this commit changes the semantics of
$(src) so that it always points to the directory in the source tree.
Going forward, the variables used in Makefiles will have the following
meanings:
$(obj) - directory in the object tree
$(src) - directory in the source tree (changed by this commit)
$(objtree) - the top of the kernel object tree
$(srctree) - the top of the kernel source tree
Consequently, $(srctree)/$(src) in upstream Makefiles need to be replaced
with $(src).
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nicolas Schier <nicolas@fjasle.eu>
Conflicts:
There is a extensive list of fixes/conflicts due the amount of files originally
changed by this commit, plus the difference of rhel-9 code against upstream. All
conflicts/differences are listed below:
- Context difference at Documentation/Makefile since RHEL 9 does not have the
change "docs: allow to pass extra DOCS_CSS themes via make" and later changes.
- Conflict at Documentation/devicetree/bindings/Makefile, patch find_cmd instead
of find_all_cmd since RHEL-9 doesn't have "dt-bindings: Consider
DT_SCHEMA_FILES when finding all json-schema", "dt-bindings: kbuild: Split
targets out to separate rules" and later changes.
- Conflict at Documentation/kbuild/makefiles.rst due different identation since
RHEL-9 doesn't have the change "docs/kbuild/makefiles: clean up indentation
and whitespace"
- Patched additional $(srctree)/$(src) references at:
* arch/arm/mach-davinci/Makefile
* arch/arm/mach-omap2/Makefile
* arch/arm/mach-spear/Makefile
* arch/arm/plat-pxa/Makefile
* arch/arm/plat-versatile/Makefile
* arch/ia64/kernel/Makefile
* arch/nds32/boot/Makefile
* arch/nds32/kernel/vdso/Makefile
* drivers/net/ethernet/hisilicon/hns3/hns3pf/Makefile
* drivers/net/ethernet/hisilicon/hns3/hns3vf/Makefile
* drivers/staging/rtl8188eu/Makefile
* drivers/staging/unisys/visorhba/Makefile
* drivers/staging/unisys/visornic/Makefile
* scripts/gcc-plugins/Makefile
Since RHEL-9 does not have later upstream changes that dropped/made those
references uneeded.
- Conflict at arch/arm/mach-s3c/Makefile since RHEL-9 doesn't have
"ARM: s3c: remove s3c24xx specific hacks" and related changes. Also,
extra locations needed patching because of not having the changes
"ARM: s3c: remove all s3c24xx support" and "ARM: s3c: fix include path".
Due lacking the last change also arch/arm/mach-s3c/Makefile.s3c64xx needs
additional two places patched as well.
- Conflict at arch/arm/plat-orion/Makefile since RHEL-9 doesn't have
the commit "ARM: orion: fix include path" and its previous related
changes.
- Dropped changes for arch/loongarch since it doesn't exist on rhel-9
- Dropped changes to arch/parisc/kernel/{vdso32,vdso64}/Makefile since RHEL 9
does not have the change "parisc: Add vDSO support" and later updates to it.
- Dropped change to arch/riscv/kernel/compat_vdso/Makefile since RHEL 9 does
not have the change "riscv: compat: vdso: Add COMPAT_VDSO base code implementation"
- Dropped change to arch/riscv/kvm/Makefile since there is no KVM support/commits
in RHEL 9 for riscv.
- Apply change for arch/riscv/kernel/vdso/Makefile in a different place since
RHEL-9 does not have the change "riscv: explicitly use symbol offsets for VDSO"
which changed the location of the $(srctree)/$(src) reference
- Dropped change to certs/Makefile related to check-blacklist-hashes.awk since
that script was only added with commit "certs: Check that builtin blacklist
hashes are valid" which is not backported/available in RHEL 9 code right now.
- Dropped change to drivers/md/dm-vdo/Makefile since dm-vdo was never backported
to RHEL-9 main.
- Dropped change to drivers/net/ethernet/fungible/funeth/Makefile since fungible
ethernet driver/devices code is not available/backported to RHEL-9.
- Fixed conflict at drivers/net/ethernet/hisilicon/hns3/Makefile since RHEL-9
does not have the change "net: hns3: refactor hns3 makefile to support
hns3_common module"
- Fixed conflict at drivers/net/wireless/intel/iwlwifi/mvm/Makefile due already
backported commit "wifi: iwlwifi: mvm: implement link grading"
- Dropped change to init/Makefile since we are not backporting
"kbuild: build init/built-in.a just once" that introduced the section patched.
- Dropped change to rust/Makefile since there is no rust support backported
to RHEL-9.
- Fixed conflict at scripts/dtc/Makefile since RHEL-9 does not have the change
"dt-bindings: kbuild: Use DTB files for validation"
- Dropped change to security/tomoyo/Makefile since it's not needed, it's just
reverting the change "tomoyo: fix broken dependency on *.conf.default" which
was never applied to RHEL-9. However, we also bring a different change/patch
location since RHEL-9 does not have the change "tomoyo: Omit use of bin2c".
- Dropped change to usr/include/Makefile since "kbuild: move headers_check.pl to
usr/include/" is not being backported to RHEL-9.
- Misc/minor context differences at other places.
Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-94688
The sandboxer can receive the character "a" as input from the
environment variable LL_SCOPE to restrict sandboxed processes from
connecting to an abstract UNIX socket created by a process outside of
the sandbox.
Example
=======
Create an abstract UNIX socket to listen with socat(1):
socat abstract-listen:mysocket -
Create a sandboxed shell and pass the character "a" to LL_SCOPED:
LL_FS_RO=/ LL_FS_RW=. LL_SCOPED="a" ./sandboxer /bin/bash
Note that any other form of input (e.g. "a:a", "aa", etc) is not
acceptable.
If the sandboxed process tries to connect to the listening socket, the
connection will fail:
socat - abstract-connect:mysocket
Signed-off-by: Tahera Fahimi <fahimitahera@gmail.com>
Link: https://lore.kernel.org/r/d8af908f00b77415caa3eb0f4de631c3794e4909.1725494372.git.fahimitahera@gmail.com
[mic: Improve commit message, simplify check_ruleset_scope() with
inverted error code and only one scoped change, always unset environment
variable]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
(cherry picked from commit 369b48b43a09f995876bb2e88d78845eb2a80212)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-85303
Commit b35108a51cf7 ("jiffies: Define secs_to_jiffies()") introduced
secs_to_jiffies(). As the value here is a multiple of 1000, use
secs_to_jiffies() instead of msecs_to_jiffies to avoid the multiplication.
This is converted using scripts/coccinelle/misc/secs_to_jiffies.cocci with
the following Coccinelle rules:
@@ constant C; @@
- msecs_to_jiffies(C * 1000)
+ secs_to_jiffies(C)
@@ constant C; @@
- msecs_to_jiffies(C * MSEC_PER_SEC)
+ secs_to_jiffies(C)
Link: https://lkml.kernel.org/r/20241210-converge-secs-to-jiffies-v3-18-ddfefd7e9f2a@linux.microsoft.com
Signed-off-by: Easwar Hariharan <eahariha@linux.microsoft.com>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Alexander Gordeev <agordeev@linux.ibm.com>
Cc: Andrew Lunn <andrew+netdev@lunn.ch>
Cc: Anna-Maria Behnsen <anna-maria@linutronix.de>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Christian Borntraeger <borntraeger@linux.ibm.com>
Cc: Daniel Mack <daniel@zonque.org>
Cc: David Airlie <airlied@gmail.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Dick Kennedy <dick.kennedy@broadcom.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Florian Fainelli <florian.fainelli@broadcom.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Haojian Zhuang <haojian.zhuang@gmail.com>
Cc: Heiko Carstens <hca@linux.ibm.com>
Cc: Ilya Dryomov <idryomov@gmail.com>
Cc: Jack Wang <jinpu.wang@cloud.ionos.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: James Smart <james.smart@broadcom.com>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Jeff Johnson <jjohnson@kernel.org>
Cc: Jeff Johnson <quic_jjohnson@quicinc.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Jeroen de Borst <jeroendb@google.com>
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Cc: Johan Hedberg <johan.hedberg@gmail.com>
Cc: Josh Poimboeuf <jpoimboe@kernel.org>
Cc: Jozsef Kadlecsik <kadlec@netfilter.org>
Cc: Julia Lawall <julia.lawall@inria.fr>
Cc: Kalle Valo <kvalo@kernel.org>
Cc: Louis Peens <louis.peens@corigine.com>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Cc: Luiz Augusto von Dentz <luiz.dentz@gmail.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Madhavan Srinivasan <maddy@linux.ibm.com>
Cc: Marcel Holtmann <marcel@holtmann.org>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Miroslav Benes <mbenes@suse.cz>
Cc: Naveen N Rao <naveen@kernel.org>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Nicolas Palix <nicolas.palix@imag.fr>
Cc: Oded Gabbay <ogabbay@kernel.org>
Cc: Ofir Bitton <obitton@habana.ai>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Praveen Kaligineedi <pkaligineedi@google.com>
Cc: Ray Jui <rjui@broadcom.com>
Cc: Robert Jarzmik <robert.jarzmik@free.fr>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Cc: Roger Pau Monné <roger.pau@citrix.com>
Cc: Russell King <linux@armlinux.org.uk>
Cc: Scott Branden <sbranden@broadcom.com>
Cc: Shailend Chand <shailend@google.com>
Cc: Simona Vetter <simona@ffwll.ch>
Cc: Simon Horman <horms@kernel.org>
Cc: Sven Schnelle <svens@linux.ibm.com>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Cc: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
(cherry picked from commit 6d072c0ba332e2ecdf30c4b0a9de475fa778a8fb)
Signed-off-by: Denis Aleksandrov <daleksan@redhat.com>
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/5490
JIRA: https://issues.redhat.com/browse/RHEL-8810
Depends on: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/3454
Landlock allows unprivileged user processes to build security sandboxes. It is used by various user-space programs so it's beneficial to enable it also for RHEL users. This backport moves landlock in line with Linux v6.10-rc1, as further improvements will require more extensive backports to the Linux filesystem.
Requested by Mickaël Salaün <mic@digikod.net> during LPC this year.
Omitted-fix: 39ba2b9ac6fd ("ubifs: add support for FS_IOC_GETFSSYSFSPATH")
Omitted-fix: 9e3f1c593675 ("selftests/move_mount_set_group:Make tests build with old libc")
Omitted-fix: 4cfa8a873d3e ("tools/include: Sync uapi/linux/fs.h with the kernel sources")
Omitted-fix: 54a6e6bbf3be ("landlock: Add signal scoping")
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
Approved-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
Approved-by: Ondrej Mosnáček <omosnacek@gmail.com>
Approved-by: Wander Lairson Costa <wander@redhat.com>
Approved-by: Ricardo Robaina <rrobaina@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>
Merged-by: Patrick Talbert <ptalbert@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
Add IOCTL support to the Landlock sample tool.
The IOCTL right is grouped with the read-write rights in the sample
tool, as some IOCTL requests provide features that mutate state.
Signed-off-by: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20240419161122.2023765-9-gnoack@google.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>
(cherry picked from commit cd13738d44c9863ce54243fdcc2d228233f23355)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
If you want to specify that no port can be bind()ed, you would think
(looking quickly at both help message and code) that setting
LL_TCP_BIND="" would do it.
However the code splits on ":" then applies atoi(), which does not allow
checking for errors. Passing an empty string returns 0, which is
interpreted as "allow bind(0)", which means bind to any ephemeral port.
This bug occurs whenever passing an empty string or when leaving a
trailing/leading colon, making it impossible to completely deny bind().
To reproduce:
export LL_FS_RO="/" LL_FS_RW="" LL_TCP_BIND=""
./sandboxer strace -e bind nc -n -vvv -l -p 0
Executing the sandboxed command...
bind(3, {sa_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr("0.0.0.0")}, 16) = 0
Listening on 0.0.0.0 37629
Use strtoull(3) instead, which allows error checking. Check that the
entire string has been parsed correctly without overflows/underflows,
but not that the __u64 (the type of struct landlock_net_port_attr.port)
is a valid __u16 port: that is already done by the kernel.
Fixes: 5e990dcef12e ("samples/landlock: Support TCP restrictions")
Signed-off-by: Matthieu Buffet <matthieu@buffet.re>
Link: https://lore.kernel.org/r/20241019151534.1400605-2-matthieu@buffet.re
Signed-off-by: Mickaël Salaün <mic@digikod.net>
(cherry picked from commit 387285530d1d4bdba8c5dff5aeabd8d71638173f)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
Pointer env_port_name changes after strsep(). Memory allocated via
strdup() will not be freed if landlock_add_rule() returns non-zero value.
Fixes: 5e990dcef12e ("samples/landlock: Support TCP restrictions")
Signed-off-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Reviewed-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Link: https://lore.kernel.org/r/20240326095625.3576164-1-ivanov.mikhail1@huawei-partners.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>
(cherry picked from commit 42212936d9d811c7cf6efc4804747a6c417aafd4)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
Instead of creating a hard error and aborting the sandbox creation,
accept file path not usable in the LL_FS_RO and LL_FS_RW environment
variables but only print a warning. This makes it easier to test, for
instance with LL_FS_RO="${PATH}:/usr/lib:/lib"
Print that we are going to execute the command in the sandbox before
doing so.
Rename "launch" to "execute", and improve header description.
Reviewed-by: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20240307143849.1517218-1-mic@digikod.net
[mic: Improve header description as suggested by Günther]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
(cherry picked from commit a17c60e533f5cd832e77e0d194e2e0bb663371b6)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
Add TCP restrictions to the sandboxer demo. It's possible to allow a
sandboxer to bind/connect to a list of specified ports restricting
network actions to the rest of them. This is controlled with the new
LL_TCP_BIND and LL_TCP_CONNECT environment variables.
Rename ENV_PATH_TOKEN to ENV_DELIMITER.
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Link: https://lore.kernel.org/r/20231026014751.414649-12-konstantin.meskhidze@huawei.com
[mic: Extend commit message]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
(cherry picked from commit 5e990dcef12eebf683d209bac5e14591308dc216)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-77170
commit 1dbb4f0235a450f22e518124cbf9b922802ce38f
Author: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Date: Wed Nov 16 18:29:56 2022 +0200
virt: acrn: Mark the uuid field as unused
After the commits for userspace (see Link tags below) the uuid field
is not being used in the ACRN code. Update kernel to reflect these
changes, i.e. do the following:
- adding a comment explaining that it's not used anymore
- replacing the specific type by a raw buffer
- updating the example code accordingly
The advertised field confused users and actually never been used.
So the wrong part here is that kernel puts something which userspace
never used and hence this may confuse a reader of this code.
Note, that there is only a single tool that had been prepared a year
ago for these forthcoming changes in the kernel.
Link: https://github.com/projectacrn/acrn-hypervisor/commit/da0d24326ed6
Link: https://github.com/projectacrn/acrn-hypervisor/commit/bb0327e70097
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Rafael J. Wysocki <rafael@kernel.org>
Link: https://lore.kernel.org/r/20221116162956.72658-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: David Arcari <darcari@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-63880
commit fdf1c728fac541891ef1aa773bfd42728626769c
Author: Jiangshan Yi <yijiangshan@kylinos.cn>
Date: Thu Aug 15 21:55:24 2024 +0800
samples/bpf: Fix compilation errors with cf-protection option
Currently, compiling the bpf programs will result the compilation errors
with the cf-protection option as follows in arm64 and loongarch64 machine
when using gcc 12.3.1 and clang 17.0.6. This commit fixes the compilation
errors by limited the cf-protection option only used in x86 platform.
[root@localhost linux]# make M=samples/bpf
......
CLANG-bpf samples/bpf/xdp2skb_meta_kern.o
error: option 'cf-protection=return' cannot be specified on this target
error: option 'cf-protection=branch' cannot be specified on this target
2 errors generated.
CLANG-bpf samples/bpf/syscall_tp_kern.o
error: option 'cf-protection=return' cannot be specified on this target
error: option 'cf-protection=branch' cannot be specified on this target
2 errors generated.
......
Fixes: 34f6e38f58db ("samples/bpf: fix warning with ignored-attributes")
Reported-by: Jiangshan Yi <yijiangshan@kylinos.cn>
Signed-off-by: Jiangshan Yi <yijiangshan@kylinos.cn>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Tested-by: Qiang Wang <wangqiang1@kylinos.cn>
Link: https://lore.kernel.org/bpf/20240815135524.140675-1-13667453960@163.com
Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
Add a comment to clarify how to handle best-effort backwards
compatibility for LANDLOCK_ACCESS_FS_REFER.
The "refer" access is special because these operations are always
forbidden in ABI 1, unlike most other operations, which are permitted
when using Landlock ABI levels where they are not supported yet.
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20221107181651.4555-1-gnoack3000@gmail.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>
(cherry picked from commit f6e53fb2d7bd70547ba53232415976cb70ad6d97)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
Update the sandboxer sample to restrict truncate actions. This is
automatically enabled by default if the running kernel supports
LANDLOCK_ACCESS_FS_TRUNCATE, except for the paths listed in the
LL_FS_RW environment variable.
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20221018182216.301684-11-gnoack3000@gmail.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>
(cherry picked from commit faeb9197669c23d983f6485d278b20f0194432f4)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
Extend the help with the latest Landlock ABI version supported by the
sandboxer.
Inform users about the sandboxer or the kernel not being up-to-date.
Make the version check code easier to update and harder to misuse.
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Reviewed-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20220923154207.3311629-2-mic@digikod.net
(cherry picked from commit 903cfe8a7aa8894ae60ef47a9c011e551d7bafef)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
Add LANDLOCK_ACCESS_FS_REFER to the "roughly write" access rights and
leverage the Landlock ABI version to only try to enforce it if it is
supported by the running kernel.
Reviewed-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lore.kernel.org/r/20220506161102.525323-10-mic@digikod.net
(cherry picked from commit 76b902f874ff4de9c1078489d4c7678a64105ea6)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
Let's follow a consistent and documented coding style. Everything may
not be to our liking but it is better than tacit knowledge. Moreover,
this will help maintain style consistency between different developers.
This contains only whitespace changes.
Automatically formatted with:
clang-format-14 -i samples/landlock/*.[ch]
Link: https://lore.kernel.org/r/20220506160513.523257-8-mic@digikod.net
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
(cherry picked from commit 81709f3dccacf4104a4bc2daa80bdd767a9c4c54)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
In preparation to a following commit, add clang-format on and
clang-format off stanzas around constant definitions. This enables to
keep aligned values, which is much more readable than packed
definitions.
Link: https://lore.kernel.org/r/20220506160513.523257-7-mic@digikod.net
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
(cherry picked from commit 9805a722db071e1772b80e6e0ff33f35355639ac)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-8810
Clang static analysis reports this error
sandboxer.c:134:8: warning: Potential leak of memory
pointed to by 'path_list'
ret = 0;
^
path_list is allocated in parse_path() but never freed.
Signed-off-by: Tom Rix <trix@redhat.com>
Link: https://lore.kernel.org/r/20210428213852.2874324-1-trix@redhat.com
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
(cherry picked from commit 66b513b7c64a7290c1fbb88e657f7cece992e131)
Signed-off-by: Ryan Sullivan <rysulliv@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-53898
Upstream Status: since v6.11
Tested: with the hid-tools test suite and some hardware
commit a67a1deb11d9a692366100d9ba9fb3aeb0c7707b
Author: Benjamin Tissoires <bentiss@kernel.org>
Date: Fri Jul 5 14:06:22 2024 +0200
HID: samples: fix the 2 struct_ops definitions
Turns out that this is not compiling anymore because the hid_bpf_ops
struct_ops definition had a change during the revisions.
Fixes: e342d6f6f7d8 ("HID: samples: convert the 2 HID-BPF samples into struct_ops")
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-53898
Upstream Status: since v6.12
Tested: with the hid-tools test suite and some hardware
commit e342d6f6f7d82b48c4540b947d8032a3b7b3e6f8
Author: Benjamin Tissoires <bentiss@kernel.org>
Date: Sat Jun 8 11:01:17 2024 +0200
HID: samples: convert the 2 HID-BPF samples into struct_ops
This is mostly mechanical: attach_prog is dropped, and
the SEC are converted into struct_ops.
Link: https://lore.kernel.org/r/20240608-hid_bpf_struct_ops-v3-5-6ac6ade58329@kernel.org
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/5887
Rebase the BPF subsystem to upstream version 6.11.
JIRA: https://issues.redhat.com/browse/RHEL-30774
Omitted-fix: f64c1a4593391 ("selftests/hid: disable struct_ops auto-attach")
Not applicable since RHEL 9 doesn't have d7696738d66b4 ("selftests/hid: convert the hid_bpf selftests with struct_ops")
Signed-off-by: Viktor Malik <vmalik@redhat.com>
Approved-by: Jerome Marchand <jmarchan@redhat.com>
Approved-by: Toke Høiland-Jørgensen <toke@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>
Merged-by: Rado Vrbovsky <rvrbovsk@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-67885
Conflicts: fix unsupported drivers
drivers/media/common/saa7146/saa7146_fops.c
drivers/media/pci/bt8xx/bttv-driver.c
drivers/media/pci/cx18/cx18-streams.c
drivers/media/pci/mgb4/mgb4_vin.c
drivers/media/pci/mgb4/mgb4_vout.c
drivers/media/platform/amphion/vpu_v4l2.c
drivers/media/platform/aspeed-video.c
drivers/media/platform/microchip/microchip-isc-base.c
drivers/media/platform/nuvoton/npcm-video.c
drivers/media/platform/nxp/imx7-media-csi.c
drivers/media/platform/nxp/imx8-isi/imx8-isi-video.c
drivers/media/platform/renesas/rzg2l-cru/rzg2l-video.c
drivers/media/platform/st/stm32/stm32-dcmipp/dcmipp-bytecap.c
drivers/media/platform/stm32/stm32-dcmi.c
drivers/media/platform/sunxi/sun6i-csi/sun6i_csi_capture.c
drivers/media/platform/ti/j721e-csi2rx/j721e-csi2rx.c
drivers/media/test-drivers/vimc/vimc-capture.c
drivers/media/test-drivers/vivid/vivid-core.c
drivers/staging/media/meson/vdec/vdec.c
drivers/staging/media/starfive/camss/stf-video.c
drivers/staging/media/sunxi/sun6i-isp/sun6i_isp_capture.c
drivers/staging/media/sunxi/sun6i-isp/sun6i_isp_params.c
commit 80c2b40a51393add616a1fd186a1cc10bd676a3f
Author: Benjamin Gaignard <benjamin.gaignard@collabora.com>
Date: Mon, 11 Dec 2023 14:32:49 +0100
Rename min_buffers_needed into min_queued_buffers and update
the documentation about it.
Signed-off-by: Benjamin Gaignard <benjamin.gaignard@collabora.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
[hverkuil: Drop the change where min_queued_buffers + 1 buffers would be]
[hverkuil: allocated. Now this patch only renames this field instead of making]
[hverkuil: a functional change as well.]
[hverkuil: Renamed 3 remaining min_buffers_needed occurrences.]
Signed-off-by: Kate Hsuan <hpa@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-67885
commit dfb99b050e4bc5bfb74973761752395d82644e48
Author: Thomas Gleixner <tglx@linutronix.de>
Date: Tue, 7 Jun 2022 16:11:25 +0200
Based on the normalized pattern:
this program is free software you may redistribute it and/or modify it
under the terms of the gnu general public license as published by the
free software foundation version 2 of the license the software is
provided as is without warranty of any kind express or implied
including but not limited to the warranties of merchantability fitness
for a particular purpose and noninfringement in no event shall the
authors or copyright holders be liable for any claim damages or other
liability whether in an action of contract tort or otherwise arising
from out of or in connection with the software or the use or other
dealings in the software
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kate Hsuan <hpa@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-30774
commit 1b0215a3633a4c54ed7ec3af93e7a782dda8d965
Author: Ying Zhang <yingzhang098@163.com>
Date: Tue May 21 16:17:02 2024 +0000
bpf: Remove unused variable "prev_state"
The variable "prev_state" is not used for any actual operations
v2: Fix commit message and description.
Signed-off-by: Ying Zhang <yingzhang098@163.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/bpf/20240521161702.4339-1-yingzhang098@163.com
Signed-off-by: Viktor Malik <vmalik@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-52657
Tested: by AMD
Conflicts: trace headers aren't split in different stages like upstream; trace-events-sample is behind on the tests so the number of arguments is lower
commit e52750fb1458ae9ea5860a08ed7a149185bc5b97
Author: Steven Rostedt <rostedt@goodmis.org>
Date: Tue Oct 22 19:36:28 2024 +0000
tracing: Add __print_dynamic_array() helper
When printing a dynamic array in a trace event, the method is rather ugly.
It has the format of:
__print_array(__get_dynamic_array(array),
__get_dynmaic_array_len(array) / el_size, el_size)
Since dynamic arrays are known to the tracing infrastructure, create a
helper macro that does the above for you.
__print_dynamic_array(array, el_size)
Which would expand to the same output.
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Avadhut Naik <avadhut.naik@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
Link: https://lore.kernel.org/r/20241022194158.110073-3-avadhut.naik@amd.com
Signed-off-by: Aristeu Rozanski <arozansk@redhat.com>
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/5693
Rebase BPF subsystem to upstream version 6.10
JIRA: https://issues.redhat.com/browse/RHEL-30773
JIRA: https://issues.redhat.com/browse/RHEL-64874
CVE: CVE-2024-38564
Omitted-fix: 2897b1e2a2f4 ("selftests/bpf: Fix arena_atomics failure due to llvm change")
Fix for a bug caused by a not yet released version of LLVM. Will be backported with 6.12 rebase where it belongs.
Omitted-fix: ff9fbcafbaf1 ("selftests/hid: fix bpf_wq new API")
The fixed test is not yet present in RHEL 9.
Signed-off-by: Viktor Malik <vmalik@redhat.com>
Approved-by: Chris von Recklinghausen <crecklin@redhat.com>
Approved-by: Derek Barbosa <debarbos@redhat.com>
Approved-by: Jerome Marchand <jmarchan@redhat.com>
Approved-by: Toke Høiland-Jørgensen <toke@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>
Merged-by: Rado Vrbovsky <rvrbovsk@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-30773
commit 397658ddc88ce3c21d2aa3bed8e15fc69dfec946
Author: Tao Chen <chen.dylane@gmail.com>
Date: Mon Apr 29 00:10:32 2024 +0800
samples/bpf: Add valid info for VMLINUX_BTF
When I use the command 'make M=samples/bpf' to compile samples/bpf code
in ubuntu 22.04, the error info occured:
Cannot find a vmlinux for VMLINUX_BTF at any of " /home/ubuntu/code/linux/vmlinux",
build the kernel or set VMLINUX_BTF or VMLINUX_H variable
Others often encounter this kind of issue, new kernel has the vmlinux, so we can
set the path in error info which seems more intuitive, like:
Cannot find a vmlinux for VMLINUX_BTF at any of " /home/ubuntu/code/linux/vmlinux",
buiild the kernel or set VMLINUX_BTF like "VMLINUX_BTF=/sys/kernel/btf/vmlinux" or
VMLINUX_H variable
Signed-off-by: Tao Chen <chen.dylane@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20240428161032.239043-1-chen.dylane@gmail.com
Signed-off-by: Viktor Malik <vmalik@redhat.com>
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/5586
JIRA: https://issues.redhat.com/browse/RHEL-64700
BPF kprobe session probes, which are coming in BPF 6.10 rebase for RHEL 9.6, use fprobe as the underlying tracing mechanism. This MR backports the fprobe patches which are required for session probes to work. Since there were several conflicts in the backport, I'm posting these separately (rather than taking them as a part of the BPF rebase) to get better review and testing.
Signed-off-by: Viktor Malik <vmalik@redhat.com>
Approved-by: Chris von Recklinghausen <crecklin@redhat.com>
Approved-by: Rafael Aquini <raquini@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>
Merged-by: Rado Vrbovsky <rvrbovsk@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-64700
Conflicts: small change due to upstream commit
2752741080f8 ("fprobe: add recursion detection in fprobe_exit_handler")
previously backported out-of-order, aligning with upstream
code to prevent future conflicts
commit cb16330d12741f6dae56aad5acf62f5be3a06c4e
Author: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Date: Tue Jun 6 21:39:55 2023 +0900
fprobe: Pass return address to the handlers
Pass return address as 'ret_ip' to the fprobe entry and return handlers
so that the fprobe user handler can get the reutrn address without
analyzing arch-dependent pt_regs.
Link: https://lore.kernel.org/all/168507467664.913472.11642316698862778600.stgit@mhiramat.roam.corp.google.com/
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Viktor Malik <vmalik@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-64700
Conflicts: several conflicts in kernel/trace/fprobe.c due to commits
2752741080f8 ("fprobe: add recursion detection in fprobe_exit_handler")
3cc4e2c5fbae ("fprobe: make fprobe_kprobe_handler recursion free")
previously backported out-of-order.
commit 76d0de5729c0569c4071e7f21fcab394e502f03a
Author: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Date: Thu Feb 2 00:56:01 2023 +0900
fprobe: Pass entry_data to handlers
Pass the private entry_data to the entry and exit handlers so that
they can share the context data, something like saved function
arguments etc.
User must specify the private entry_data size by @entry_data_size
field before registering the fprobe.
Link: https://lkml.kernel.org/r/167526696173.433354.17408372048319432574.stgit@mhiramat.roam.corp.google.com
Cc: Florent Revest <revest@chromium.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Viktor Malik <vmalik@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-23649
commit 896880ff30866f386ebed14ab81ce1ad3710cfc4
Author: Kees Cook <keescook@chromium.org>
Date: Thu Feb 22 07:56:15 2024 -0800
bpf: Replace bpf_lpm_trie_key 0-length array with flexible array
Replace deprecated 0-length array in struct bpf_lpm_trie_key with
flexible array. Found with GCC 13:
../kernel/bpf/lpm_trie.c:207:51: warning: array subscript i is outside array bounds of 'const __u8[0]' {aka 'const unsigned char[]'} [-Warray-bounds=]
207 | *(__be16 *)&key->data[i]);
| ^~~~~~~~~~~~~
../include/uapi/linux/swab.h:102:54: note: in definition of macro '__swab16'
102 | #define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
| ^
../include/linux/byteorder/generic.h:97:21: note: in expansion of macro '__be16_to_cpu'
97 | #define be16_to_cpu __be16_to_cpu
| ^~~~~~~~~~~~~
../kernel/bpf/lpm_trie.c:206:28: note: in expansion of macro 'be16_to_cpu'
206 | u16 diff = be16_to_cpu(*(__be16 *)&node->data[i]
^
| ^~~~~~~~~~~
In file included from ../include/linux/bpf.h:7:
../include/uapi/linux/bpf.h:82:17: note: while referencing 'data'
82 | __u8 data[0]; /* Arbitrary size */
| ^~~~
And found at run-time under CONFIG_FORTIFY_SOURCE:
UBSAN: array-index-out-of-bounds in kernel/bpf/lpm_trie.c:218:49
index 0 is out of range for type '__u8 [*]'
Changing struct bpf_lpm_trie_key is difficult since has been used by
userspace. For example, in Cilium:
struct egress_gw_policy_key {
struct bpf_lpm_trie_key lpm_key;
__u32 saddr;
__u32 daddr;
};
While direct references to the "data" member haven't been found, there
are static initializers what include the final member. For example,
the "{}" here:
struct egress_gw_policy_key in_key = {
.lpm_key = { 32 + 24, {} },
.saddr = CLIENT_IP,
.daddr = EXTERNAL_SVC_IP & 0Xffffff,
};
To avoid the build time and run time warnings seen with a 0-sized
trailing array for struct bpf_lpm_trie_key, introduce a new struct
that correctly uses a flexible array for the trailing bytes,
struct bpf_lpm_trie_key_u8. As part of this, include the "header"
portion (which is just the "prefixlen" member), so it can be used
by anything building a bpf_lpr_trie_key that has trailing members that
aren't a u8 flexible array (like the self-test[1]), which is named
struct bpf_lpm_trie_key_hdr.
Unfortunately, C++ refuses to parse the __struct_group() helper, so
it is not possible to define struct bpf_lpm_trie_key_hdr directly in
struct bpf_lpm_trie_key_u8, so we must open-code the union directly.
Adjust the kernel code to use struct bpf_lpm_trie_key_u8 through-out,
and for the selftest to use struct bpf_lpm_trie_key_hdr. Add a comment
to the UAPI header directing folks to the two new options.
Reported-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Closes: https://paste.debian.net/hidden/ca500597/
Link: https://lore.kernel.org/all/202206281009.4332AA33@keescook/ [1]
Link: https://lore.kernel.org/bpf/20240222155612.it.533-kees@kernel.org
Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-61687
commit 0756bec2e45b206ccb5fc3e8791c08d696dd06f7
Author: Jeff Johnson <quic_jjohnson@quicinc.com>
Date: Mon Jul 15 12:27:09 2024 -0700
vfio-mdev: add missing MODULE_DESCRIPTION() macros
Since commit 1fffe7a34c89 ("script: modpost: emit a warning when the
description is missing"), a module without a MODULE_DESCRIPTION() will
result in a warning with make W=1. The following warnings are being
observed in samples/vfio-mdev:
WARNING: modpost: missing MODULE_DESCRIPTION() in samples/vfio-mdev/mtty.o
WARNING: modpost: missing MODULE_DESCRIPTION() in samples/vfio-mdev/mdpy.o
WARNING: modpost: missing MODULE_DESCRIPTION() in samples/vfio-mdev/mdpy-fb.o
WARNING: modpost: missing MODULE_DESCRIPTION() in samples/vfio-mdev/mbochs.o
Add the missing invocations of the MODULE_DESCRIPTION() macro to these
modules. And in the case of mtty.c, remove the now redundant instance
of the MODULE_INFO() macro.
Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
Link: https://lore.kernel.org/r/20240715-md-vfio-mdev-v2-1-59a4c5e924bc@quicinc.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-23644
commit 32f24938a1fce95fce314c1fa9a72af74588ea6c
Author: Colin Ian King <colin.i.king@gmail.com>
Date: Tue Dec 19 15:23:07 2023 +0000
samples/bpf: Use %lu format specifier for unsigned long values
Currently %ld format specifiers are being used for unsigned long
values. Fix this by using %lu instead. Cleans up cppcheck warnings:
warning: %ld in format string (no. 1) requires 'long' but the argument
type is 'unsigned long'. [invalidPrintfArgType_sint]
Signed-off-by: Colin Ian King <colin.i.king@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/bpf/20231219152307.368921-1-colin.i.king@gmail.com
Signed-off-by: Viktor Malik <vmalik@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-27741
commit 27d9a0fdb53f05c93ed9c674b870c8add451697e
Author: Hao Ge <gehao@kylinos.cn>
Date: Thu Mar 30 14:09:04 2023 +0800
kmemleak-test: fix kmemleak_test.c build logic
kmemleak-test.c was moved to the samples directory in 1abbef4f51
("mm,kmemleak-test.c: move kmemleak-test.c to samples dir").
If CONFIG_DEBUG_KMEMLEAK_TEST=m and CONFIG_SAMPLES is unset,
kmemleak-test.c will be unnecessarily compiled.
So move the entry for CONFIG_DEBUG_KMEMLEAK_TEST from mm/Kconfig and add a
new CONFIG_SAMPLE_KMEMLEAK in samples/ to control whether kmemleak-test.c
is built or not.
Link: https://lkml.kernel.org/r/20230330060904.292975-1-gehao@kylinos.cn
Fixes: 1abbef4f51 ("mm,kmemleak-test.c: move kmemleak-test.c to samples dir")
Signed-off-by: Hao Ge <gehao@kylinos.cn>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Alex Gaynor <alex.gaynor@gmail.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Finn Behrens <me@kloenk.dev>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Tony Krowiak <akrowiak@linux.ibm.com>
Cc: Ye Xingchen <ye.xingchen@zte.com.cn>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Chris von Recklinghausen <crecklin@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-27741
commit e4fc6580b0796bcba8ca12c2c4b0352d280c91e5
Author: Miguel Ojeda <ojeda@kernel.org>
Date: Sat Jul 3 17:21:12 2021 +0200
samples: add first Rust examples
The beginning of a set of Rust modules that showcase how Rust
modules look like and how to use the abstracted kernel features.
It also includes an example of a Rust host program with
several modules.
These samples also double as tests in the CI.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Co-developed-by: Alex Gaynor <alex.gaynor@gmail.com>
Signed-off-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-developed-by: Finn Behrens <me@kloenk.de>
Signed-off-by: Finn Behrens <me@kloenk.de>
Co-developed-by: Wedson Almeida Filho <wedsonaf@google.com>
Signed-off-by: Wedson Almeida Filho <wedsonaf@google.com>
Co-developed-by: Milan Landaverde <milan@mdaverde.com>
Signed-off-by: Milan Landaverde <milan@mdaverde.com>
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Signed-off-by: Chris von Recklinghausen <crecklin@redhat.com>
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/4027
JIRA: https://issues.redhat.com/browse/RHEL-31939
This started as a request to backport 3652117f85481 ("eventfd: simplify eventfd_signal()") for an mlx5 driver update.
After adding dependencies and related changes from the series, I got very close to having an update of fs/eventfd.c to v6.8. So I added a couple of fixes to make it complete.
With this series, "git diff v6.8 -- fs/eventfd.c include/{,uapi/}linux/eventfd.h" is empty.
Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
Approved-by: David Airlie <airlied@redhat.com>
Approved-by: Ivan Vecera <ivecera@redhat.com>
Approved-by: Aristeu Rozanski <arozansk@redhat.com>
Approved-by: Rafael Aquini <aquini@redhat.com>
Merged-by: Lucas Zampieri <lzampier@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-31939
Conflicts:
- In vfio, due to already backported commits:
18c198c96a81 ("vfio/pci: Create persistent INTx handler")
675daf435e9f ("vfio/platform: Create persistent IRQ handlers")
- Dropped hunks for nonexistent files in RHEL.
commit 3652117f854819a148ff0fbe4492587d3520b5e5
Author: Christian Brauner <brauner@kernel.org>
Date: Wed Nov 22 13:48:23 2023 +0100
eventfd: simplify eventfd_signal()
Ever since the eventfd type was introduced back in 2007 in commit
e1ad7468c7 ("signal/timer/event: eventfd core") the eventfd_signal()
function only ever passed 1 as a value for @n. There's no point in
keeping that additional argument.
Link: https://lore.kernel.org/r/20231122-vfs-eventfd-signal-v2-2-bd549b14ce0c@kernel.org
Acked-by: Xu Yilun <yilun.xu@intel.com>
Acked-by: Andrew Donnellan <ajd@linux.ibm.com> # ocxl
Acked-by: Eric Farman <farman@linux.ibm.com> # s390
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-23643
commit 37db10bc247d5d0b448babd7ff386f092246e732
Author: Viktor Malik <vmalik@redhat.com>
Date: Wed Oct 25 08:19:14 2023 +0200
samples/bpf: Allow building with custom bpftool
samples/bpf build its own bpftool boostrap to generate vmlinux.h as well
as some BPF objects. This is a redundant step if bpftool has been
already built, so update samples/bpf/Makefile such that it accepts a
path to bpftool passed via the BPFTOOL variable. The approach is
practically the same as tools/testing/selftests/bpf/Makefile uses.
Signed-off-by: Viktor Malik <vmalik@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/bd746954ac271b02468d8d951ff9f11e655d485b.1698213811.git.vmalik@redhat.com
Signed-off-by: Artem Savkov <asavkov@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-23643
commit 870f09f1ba3014e2c157b14299c172b4bb716638
Author: Viktor Malik <vmalik@redhat.com>
Date: Wed Oct 25 08:19:12 2023 +0200
samples/bpf: Allow building with custom CFLAGS/LDFLAGS
Currently, it is not possible to specify custom flags when building
samples/bpf. The flags are defined in TPROGS_CFLAGS/TPROGS_LDFLAGS
variables, however, when trying to override those from the make command,
compilation fails.
For example, when trying to build with PIE:
$ make -C samples/bpf TPROGS_CFLAGS="-fpie" TPROGS_LDFLAGS="-pie"
This is because samples/bpf/Makefile updates these variables, especially
appends include paths to TPROGS_CFLAGS and these updates are overridden
by setting the variables from the make command.
This patch introduces variables TPROGS_USER_CFLAGS/TPROGS_USER_LDFLAGS
for this purpose, which can be set from the make command and their
values are propagated to TPROGS_CFLAGS/TPROGS_LDFLAGS.
Signed-off-by: Viktor Malik <vmalik@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/2d81100b830a71f0e72329cc7781edaefab75f62.1698213811.git.vmalik@redhat.com
Signed-off-by: Artem Savkov <asavkov@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-23643
commit 69a19170303ff2f802049be94cfcf62f714002a3
Author: Denys Zagorui <dzagorui@cisco.com>
Date: Thu Oct 19 04:35:21 2023 -0700
samples: bpf: Fix syscall_tp openat argument
This modification doesn't change behaviour of the syscall_tp
But such code is often used as a reference so it should be
correct anyway
Signed-off-by: Denys Zagorui <dzagorui@cisco.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20231019113521.4103825-1-dzagorui@cisco.com
Signed-off-by: Artem Savkov <asavkov@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-23643
commit 9e09b75079e229b08f12a732712100fdb9af8cab
Author: Ruowen Qin <ruowenq2@illinois.edu>
Date: Tue Sep 26 23:50:30 2023 -0500
samples/bpf: Add -fsanitize=bounds to userspace programs
The sanitizer flag, which is supported by both clang and gcc, would make
it easier to debug array index out-of-bounds problems in these programs.
Make the Makfile smarter to detect ubsan support from the compiler and
add the '-fsanitize=bounds' accordingly.
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com>
Signed-off-by: Jinghao Jia <jinghao7@illinois.edu>
Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Tested-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Link: https://lore.kernel.org/bpf/20230927045030.224548-2-ruowenq2@illinois.edu
Signed-off-by: Artem Savkov <asavkov@redhat.com>
JIRA: https://issues.redhat.com/browse/RHEL-23643
commit 9220c3ef6fefbf18f24aeedb1142a642b3de0596
Author: Jinghao Jia <jinghao@linux.ibm.com>
Date: Sun Sep 17 16:42:20 2023 -0500
samples/bpf: syscall_tp_user: Fix array out-of-bound access
Commit 06744f24696e ("samples/bpf: Add openat2() enter/exit tracepoint
to syscall_tp sample") added two more eBPF programs to support the
openat2() syscall. However, it did not increase the size of the array
that holds the corresponding bpf_links. This leads to an out-of-bound
access on that array in the bpf_object__for_each_program loop and could
corrupt other variables on the stack. On our testing QEMU, it corrupts
the map1_fds array and causes the sample to fail:
# ./syscall_tp
prog #0: map ids 4 5
verify map:4 val: 5
map_lookup failed: Bad file descriptor
Dynamically allocate the array based on the number of programs reported
by libbpf to prevent similar inconsistencies in the future
Fixes: 06744f24696e ("samples/bpf: Add openat2() enter/exit tracepoint to syscall_tp sample")
Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com>
Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu>
Signed-off-by: Jinghao Jia <jinghao7@illinois.edu>
Link: https://lore.kernel.org/r/20230917214220.637721-4-jinghao7@illinois.edu
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Artem Savkov <asavkov@redhat.com>
Herton R. Krzesinski
Ryan Sullivan
Denis Aleksandrov
Augusto Caringi
Patrick Talbert
David Arcari
Jerome Marchand
Benjamin Tissoires
Rado Vrbovsky
Kate Hsuan
Viktor Malik
Aristeu Rozanski
Alex Williamson
Chris von Recklinghausen
Lucas Zampieri
Michal Schmidt
Artem Savkov