Trampoline-based tracing programs that call bpf_get_func_ip() rely on
func_ip stored on stack. Mixing them with tracing programs that do not
share this requirement creates asymmetric expectations in tail calls.
Reject the combination of !call_get_func_ip progs with call_get_func_ip
progs in __bpf_prog_map_compatible() to address the issue.
Fixes: 1e37392cccde ("bpf: Enable BPF_TRAMP_F_IP_ARG for trampolines with
call_get_func_ip")
Signed-off-by: Leon Hwang <[email protected]>
---
include/linux/bpf.h | 3 ++-
kernel/bpf/core.c | 4 ++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 2a2f6448a5fb..65793fd146c5 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -288,7 +288,8 @@ struct bpf_map_owner {
u32 jited:1,
xdp_has_frags:1,
sleepable:1,
- kprobe_write_ctx:1;
+ kprobe_write_ctx:1,
+ call_get_func_ip:1;
u64 storage_cookie[MAX_BPF_CGROUP_STORAGE_TYPE];
const struct btf_type *attach_func_proto;
enum bpf_attach_type expected_attach_type;
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index f99a901b5e48..01fce3fba0be 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -2403,6 +2403,7 @@ static bool __bpf_prog_map_compatible(struct bpf_map *map,
map->owner->xdp_has_frags = aux->xdp_has_frags;
map->owner->sleepable = fp->sleepable;
map->owner->kprobe_write_ctx = aux->kprobe_write_ctx;
+ map->owner->call_get_func_ip = fp->call_get_func_ip;
map->owner->expected_attach_type = fp->expected_attach_type;
map->owner->attach_func_proto = aux->attach_func_proto;
for_each_cgroup_storage_type(i) {
@@ -2418,6 +2419,9 @@ static bool __bpf_prog_map_compatible(struct bpf_map *map,
map->owner->sleepable == fp->sleepable;
if (ret && (!map->owner->kprobe_write_ctx &&
aux->kprobe_write_ctx))
ret = false;
+ if (ret && (!map->owner->call_get_func_ip &&
fp->call_get_func_ip &&
+ prog_type == BPF_PROG_TYPE_TRACING))
+ ret = false;
if (ret &&
map->map_type == BPF_MAP_TYPE_PROG_ARRAY &&
map->owner->expected_attach_type !=
fp->expected_attach_type)
--
2.52.0
