[GIT PULL] bpf for v6.12-rc6

From: Daniel Borkmann
Date: Thu Oct 31 2024 - 19:19:36 EST


Hi Linus,

The following changes since commit ae90f6a6170d7a7a1aa4fddf664fbd093e3023bc:

Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf (2024-10-24 16:53:20 -0700)

are available in the Git repository at:

https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git tags/bpf-fixes

for you to fetch changes up to c40dd8c4732551605712985bc5b7045094c6458d:

bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled (2024-10-31 16:15:21 +0100)

----------------------------------------------------------------
BPF fixes:

- Fix BPF verifier to force a checkpoint when the program's jump
history becomes too long (Eduard Zingerman)

- Add several fixes to the BPF bits iterator addressing issues
like memory leaks and overflow problems (Hou Tao)

- Fix an out-of-bounds write in trie_get_next_key (Byeonguk Jeong)

- Fix BPF test infra's LIVE_FRAME frame update after a page has
been recycled (Toke Høiland-Jørgensen)

- Fix BPF verifier and undo the 40-bytes extra stack space for
bpf_fastcall patterns due to various bugs (Eduard Zingerman)

- Fix a BPF sockmap race condition which could trigger a NULL
pointer dereference in sock_map_link_update_prog (Cong Wang)

- Fix tcp_bpf_recvmsg_parser to retrieve seq_copied from tcp_sk
under the socket lock (Jiayuan Chen)

Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>

----------------------------------------------------------------
Alexei Starovoitov (1):
Merge branch 'fixes-for-bits-iterator'

Byeonguk Jeong (2):
bpf: Fix out-of-bounds write in trie_get_next_key()
selftests/bpf: Add test for trie_get_next_key()

Cong Wang (1):
sock_map: fix a NULL pointer dereference in sock_map_link_update_prog()

Eduard Zingerman (3):
bpf: Force checkpoint when jmp history is too long
selftests/bpf: Test with a very short loop
bpf: disallow 40-bytes extra stack for bpf_fastcall patterns

Hou Tao (5):
bpf: Free dynamically allocated bits in bpf_iter_bits_destroy()
bpf: Add bpf_mem_alloc_check_size() helper
bpf: Check the validity of nr_words in bpf_iter_bits_new()
bpf: Use __u64 to save the bits in bits iterator
selftests/bpf: Add three test cases for bits_iter

Jiayuan Chen (1):
bpf: fix filed access without lock

Toke Høiland-Jørgensen (1):
bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled

include/linux/bpf_mem_alloc.h | 3 +
kernel/bpf/helpers.c | 54 ++++++++--
kernel/bpf/lpm_trie.c | 2 +-
kernel/bpf/memalloc.c | 14 ++-
kernel/bpf/verifier.c | 23 ++---
net/bpf/test_run.c | 1 +
net/core/sock_map.c | 4 +
net/ipv4/tcp_bpf.c | 7 +-
.../bpf/map_tests/lpm_trie_map_get_next_key.c | 109 +++++++++++++++++++++
.../selftests/bpf/progs/verifier_bits_iter.c | 61 +++++++++++-
.../selftests/bpf/progs/verifier_bpf_fastcall.c | 55 -----------
.../selftests/bpf/progs/verifier_search_pruning.c | 23 +++++
tools/testing/selftests/bpf/veristat.cfg | 1 +
13 files changed, 269 insertions(+), 88 deletions(-)
create mode 100644 tools/testing/selftests/bpf/map_tests/lpm_trie_map_get_next_key.c