Skip to content

Commit 75d4276

Browse files
torvaldstorvalds
committed
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro: - untangle sys_close() abuses in xt_bpf - deal with register_shrinker() failures in sget() * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fix "netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'" sget(): handle failures of register_shrinker() mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
2 parents 5b6c02f + 040ee69 commit 75d4276

File tree

6 files changed

+60
-15
lines changed

6 files changed

+60
-15
lines changed

fs/super.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -517,7 +517,11 @@ struct super_block *sget_userns(struct file_system_type *type,
517517
hlist_add_head(&s->s_instances, &type->fs_supers);
518518
spin_unlock(&sb_lock);
519519
get_filesystem(type);
520-
register_shrinker(&s->s_shrink);
520+
err = register_shrinker(&s->s_shrink);
521+
if (err) {
522+
deactivate_locked_super(s);
523+
s = ERR_PTR(err);
524+
}
521525
return s;
522526
}
523527

include/linux/bpf.h

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -419,6 +419,8 @@ static inline int bpf_map_attr_numa_node(const union bpf_attr *attr)
419419
attr->numa_node : NUMA_NO_NODE;
420420
}
421421

422+
struct bpf_prog *bpf_prog_get_type_path(const char *name, enum bpf_prog_type type);
423+
422424
#else /* !CONFIG_BPF_SYSCALL */
423425
static inline struct bpf_prog *bpf_prog_get(u32 ufd)
424426
{
@@ -506,6 +508,12 @@ static inline int cpu_map_enqueue(struct bpf_cpu_map_entry *rcpu,
506508
{
507509
return 0;
508510
}
511+
512+
static inline struct bpf_prog *bpf_prog_get_type_path(const char *name,
513+
enum bpf_prog_type type)
514+
{
515+
return ERR_PTR(-EOPNOTSUPP);
516+
}
509517
#endif /* CONFIG_BPF_SYSCALL */
510518

511519
static inline struct bpf_prog *bpf_prog_get_type(u32 ufd,
@@ -514,6 +522,8 @@ static inline struct bpf_prog *bpf_prog_get_type(u32 ufd,
514522
return bpf_prog_get_type_dev(ufd, type, false);
515523
}
516524

525+
bool bpf_prog_get_ok(struct bpf_prog *, enum bpf_prog_type *, bool);
526+
517527
int bpf_prog_offload_compile(struct bpf_prog *prog);
518528
void bpf_prog_offload_destroy(struct bpf_prog *prog);
519529

kernel/bpf/inode.c

Lines changed: 39 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -368,7 +368,45 @@ int bpf_obj_get_user(const char __user *pathname, int flags)
368368
putname(pname);
369369
return ret;
370370
}
371-
EXPORT_SYMBOL_GPL(bpf_obj_get_user);
371+
372+
static struct bpf_prog *__get_prog_inode(struct inode *inode, enum bpf_prog_type type)
373+
{
374+
struct bpf_prog *prog;
375+
int ret = inode_permission(inode, MAY_READ | MAY_WRITE);
376+
if (ret)
377+
return ERR_PTR(ret);
378+
379+
if (inode->i_op == &bpf_map_iops)
380+
return ERR_PTR(-EINVAL);
381+
if (inode->i_op != &bpf_prog_iops)
382+
return ERR_PTR(-EACCES);
383+
384+
prog = inode->i_private;
385+
386+
ret = security_bpf_prog(prog);
387+
if (ret < 0)
388+
return ERR_PTR(ret);
389+
390+
if (!bpf_prog_get_ok(prog, &type, false))
391+
return ERR_PTR(-EINVAL);
392+
393+
return bpf_prog_inc(prog);
394+
}
395+
396+
struct bpf_prog *bpf_prog_get_type_path(const char *name, enum bpf_prog_type type)
397+
{
398+
struct bpf_prog *prog;
399+
struct path path;
400+
int ret = kern_path(name, LOOKUP_FOLLOW, &path);
401+
if (ret)
402+
return ERR_PTR(ret);
403+
prog = __get_prog_inode(d_backing_inode(path.dentry), type);
404+
if (!IS_ERR(prog))
405+
touch_atime(&path);
406+
path_put(&path);
407+
return prog;
408+
}
409+
EXPORT_SYMBOL(bpf_prog_get_type_path);
372410

373411
static void bpf_evict_inode(struct inode *inode)
374412
{

kernel/bpf/syscall.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1057,7 +1057,7 @@ struct bpf_prog *bpf_prog_inc_not_zero(struct bpf_prog *prog)
10571057
}
10581058
EXPORT_SYMBOL_GPL(bpf_prog_inc_not_zero);
10591059

1060-
static bool bpf_prog_get_ok(struct bpf_prog *prog,
1060+
bool bpf_prog_get_ok(struct bpf_prog *prog,
10611061
enum bpf_prog_type *attach_type, bool attach_drv)
10621062
{
10631063
/* not an attachment, just a refcount inc, always allow */

mm/vmscan.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -297,10 +297,13 @@ EXPORT_SYMBOL(register_shrinker);
297297
*/
298298
void unregister_shrinker(struct shrinker *shrinker)
299299
{
300+
if (!shrinker->nr_deferred)
301+
return;
300302
down_write(&shrinker_rwsem);
301303
list_del(&shrinker->list);
302304
up_write(&shrinker_rwsem);
303305
kfree(shrinker->nr_deferred);
306+
shrinker->nr_deferred = NULL;
304307
}
305308
EXPORT_SYMBOL(unregister_shrinker);
306309

net/netfilter/xt_bpf.c

Lines changed: 2 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -55,21 +55,11 @@ static int __bpf_mt_check_fd(int fd, struct bpf_prog **ret)
5555

5656
static int __bpf_mt_check_path(const char *path, struct bpf_prog **ret)
5757
{
58-
mm_segment_t oldfs = get_fs();
59-
int retval, fd;
60-
6158
if (strnlen(path, XT_BPF_PATH_MAX) == XT_BPF_PATH_MAX)
6259
return -EINVAL;
6360

64-
set_fs(KERNEL_DS);
65-
fd = bpf_obj_get_user(path, 0);
66-
set_fs(oldfs);
67-
if (fd < 0)
68-
return fd;
69-
70-
retval = __bpf_mt_check_fd(fd, ret);
71-
sys_close(fd);
72-
return retval;
61+
*ret = bpf_prog_get_type_path(path, BPF_PROG_TYPE_SOCKET_FILTER);
62+
return PTR_ERR_OR_ZERO(*ret);
7363
}
7464

7565
static int bpf_mt_check(const struct xt_mtchk_param *par)

0 commit comments

Comments
 (0)