Merge 4.14-rc4 into staging-next

We want the staging/iio fixes in here as well to handle merge issues. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-10-09 09:02:35 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-10-09 09:02:35 +0200
commit: 1236d6bb6e19fc72ffc6bbcdeb1bfefe450e54ee (patch)
tree: 47da3feee8e263e8c9352c85cf518e624be3c211 /kernel/bpf/verifier.c
parent: 750b1a6894ecc9b178c6e3d0a1170122971b2036 (diff)
parent: 8a5776a5f49812d29fe4b2d0a2d71675c3facf3f (diff)
download: linux-1236d6bb6e19fc72ffc6bbcdeb1bfefe450e54ee.tar.gz
linux-1236d6bb6e19fc72ffc6bbcdeb1bfefe450e54ee.tar.bz2
linux-1236d6bb6e19fc72ffc6bbcdeb1bfefe450e54ee.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 799b2451ef2d..b914fbe1383e 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -4205,7 +4205,12 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env)
 		}
 
 		if (insn->imm == BPF_FUNC_redirect_map) {
-			u64 addr = (unsigned long)prog;
+			/* Note, we cannot use prog directly as imm as subsequent
+			 * rewrites would still change the prog pointer. The only
+			 * stable address we can use is aux, which also works with
+			 * prog clones during blinding.
+			 */
+			u64 addr = (unsigned long)prog->aux;
 			struct bpf_insn r4_ld[] = {
 				BPF_LD_IMM64(BPF_REG_4, addr),
 				*insn,
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-10-09 09:02:35 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-10-09 09:02:35 +0200
commit	1236d6bb6e19fc72ffc6bbcdeb1bfefe450e54ee (patch)
tree	47da3feee8e263e8c9352c85cf518e624be3c211 /kernel/bpf/verifier.c
parent	750b1a6894ecc9b178c6e3d0a1170122971b2036 (diff)
parent	8a5776a5f49812d29fe4b2d0a2d71675c3facf3f (diff)
download	linux-1236d6bb6e19fc72ffc6bbcdeb1bfefe450e54ee.tar.gz linux-1236d6bb6e19fc72ffc6bbcdeb1bfefe450e54ee.tar.bz2 linux-1236d6bb6e19fc72ffc6bbcdeb1bfefe450e54ee.zip