From 9348ded117d05ba1d54a748173db009d473c707c Mon Sep 17 00:00:00 2001

From: Andrea Claudi <aclaudi@redhat.com>

Date: Thu, 13 Jun 2019 14:37:57 +0200

Subject: [PATCH] bpf: initialise map symbol before retrieving and comparing

 its type

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1716361

Upstream Status: iproute2.git commit 1a7d3ad8a5862

commit 1a7d3ad8a5862ca9ce9dd19326faeea77e5e6142

Author: Quentin Monnet <quentin.monnet@netronome.com>

Date:   Tue Nov 20 01:26:27 2018 +0000

    bpf: initialise map symbol before retrieving and comparing its type

    In order to compare BPF map symbol type correctly in regard to the

    latest LLVM, commit 7a04dd84a7f9 ("bpf: check map symbol type properly

    with newer llvm compiler") compares map symbol type to both NOTYPE and

    OBJECT. To do so, it first retrieves the type from "sym.st_info" and

    stores it into a temporary variable.

    However, the type is collected from the symbol "sym" before this latter

    symbol is actually updated. gelf_getsym() is called after that and

    updates "sym", and when comparison with OBJECT or NOTYPE happens it is

    done on the type of the symbol collected in the previous passage of the

    loop (or on an uninitialised symbol on the first passage). This may

    eventually break map collection from the ELF file.

    Fix this by assigning the type to the temporary variable only after the

    call to gelf_getsym().

    Fixes: 7a04dd84a7f9 ("bpf: check map symbol type properly with newer llvm compiler")

    Reported-by: Ron Philip <ron.philip@netronome.com>

    Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>

    Reviewed-by: Jiong Wang <jiong.wang@netronome.com>

    Acked-by: Yonghong Song <yhs@fb.com>

    Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

---

 lib/bpf.c | 10 +++++++---

 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/bpf.c b/lib/bpf.c

index 45f279fa4a416..6aff8f7bad7fb 100644

--- a/lib/bpf.c

+++ b/lib/bpf.c

@@ -1758,11 +1758,12 @@ static const char *bpf_map_fetch_name(struct bpf_elf_ctx *ctx, int which)

 	int i;

 	for (i = 0; i < ctx->sym_num; i++) {

-		int type = GELF_ST_TYPE(sym.st_info);

+		int type;

 		if (gelf_getsym(ctx->sym_tab, i, &sym) != &sym)

 			continue;

+		type = GELF_ST_TYPE(sym.st_info);

 		if (GELF_ST_BIND(sym.st_info) != STB_GLOBAL ||

 		    (type != STT_NOTYPE && type != STT_OBJECT) ||

 		    sym.st_shndx != ctx->sec_maps ||

@@ -1851,11 +1852,12 @@ static int bpf_map_num_sym(struct bpf_elf_ctx *ctx)

 	GElf_Sym sym;

 	for (i = 0; i < ctx->sym_num; i++) {

-		int type = GELF_ST_TYPE(sym.st_info);

+		int type;

 		if (gelf_getsym(ctx->sym_tab, i, &sym) != &sym)

 			continue;

+		type = GELF_ST_TYPE(sym.st_info);

 		if (GELF_ST_BIND(sym.st_info) != STB_GLOBAL ||

 		    (type != STT_NOTYPE && type != STT_OBJECT) ||

 		    sym.st_shndx != ctx->sec_maps)

@@ -1931,10 +1933,12 @@ static int bpf_map_verify_all_offs(struct bpf_elf_ctx *ctx, int end)

 		 * the table again.

 		 */

 		for (i = 0; i < ctx->sym_num; i++) {

-			int type = GELF_ST_TYPE(sym.st_info);

+			int type;

 			if (gelf_getsym(ctx->sym_tab, i, &sym) != &sym)

 				continue;

+

+			type = GELF_ST_TYPE(sym.st_info);

 			if (GELF_ST_BIND(sym.st_info) != STB_GLOBAL ||

 			    (type != STT_NOTYPE && type != STT_OBJECT) ||

 			    sym.st_shndx != ctx->sec_maps)

-- 

2.20.1