Closed disaster123 closed 4 years ago
While using kpatch-build 0.9.1 and building the following patch:
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 1d63ab3a8..f9e5fa9ba 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1999,6 +1999,54 @@ out_free: return err; } + +#define BPF_PROG_RUN2(prog, ctx) ({ \ + u32 ret; \ + cant_sleep(); \ + if (static_key_enabled(&bpf_stats_enabled_key)) { \ + struct bpf_prog_stats *stats; \ + u64 start = sched_clock(); \ + ret = (*(prog)->bpf_func)(ctx, (prog)->insnsi); \ + stats = this_cpu_ptr(prog->aux->stats); \ + u64_stats_update_begin(&stats->syncp); \ + stats->cnt++; \ + stats->nsecs += sched_clock() - start; \ + u64_stats_update_end(&stats->syncp); \ + } else { \ + ret = (*(prog)->bpf_func)(ctx, (prog)->insnsi); \ + } \ + ret; }) + +static inline u32 bpf_prog_run_clear_cb2(const struct bpf_prog *prog, + struct sk_buff *skb) +{ + u8 *cb_data = bpf_skb_cb(skb); + u32 res; + + if (unlikely(prog->cb_access)) + memset(cb_data, 0, BPF_SKB_CB_LEN); + + preempt_disable(); + res = BPF_PROG_RUN2(prog, skb); + preempt_enable(); + return res; +} + +static unsigned int run_filter2(struct sk_buff *skb, + const struct sock *sk, + unsigned int res) +{ + struct sk_filter *filter; + + rcu_read_lock(); + filter = rcu_dereference(sk->sk_filter); + if (filter != NULL) + res = bpf_prog_run_clear_cb2(filter->prog, skb); + rcu_read_unlock(); + + return res; +} + static unsigned int run_filter(struct sk_buff *skb, const struct sock *sk, unsigned int res) @@ -2167,7 +2215,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, int skb_len = skb->len; unsigned int snaplen, res; unsigned long status = TP_STATUS_USER; - unsigned short macoff, netoff, hdrlen; + unsigned short macoff, hdrlen; + unsigned int netoff; struct sk_buff *copy_skb = NULL; struct timespec ts; __u32 ts_status; @@ -2202,7 +2251,7 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, snaplen = skb->len; - res = run_filter(skb, sk, snaplen); + res = run_filter2(skb, sk, snaplen); if (!res) goto drop_n_restore; @@ -2236,6 +2285,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, } macoff = netoff - maclen; } + if (netoff > USHRT_MAX) { + atomic_inc(&po->tp_drops); + goto drop_n_restore; + } if (po->tp_version <= TPACKET_V2) { if (macoff + snaplen > po->rx_ring.frame_size) { if (po->copy_thresh &&
against 5.4.48 - kpatch-build fails with:
Extracting new and modified ELF sections af_packet.o: changed function: tpacket_rcv /usr/lib/kpatch/create-diff-object: ERROR: af_packet.o: find_local_syms: 175: find_local_syms for af_packet.c: couldn't find in vmlinux symbol table
OK this is solved by upcoming 0.9.2
This still doesnt work, with 0.9.2 and 0.9.3, on ubuntu 18, same error, almost same patch, any idea why ?
While using kpatch-build 0.9.1 and building the following patch:
against 5.4.48 - kpatch-build fails with: