From: Shung-Hsi Yu <shung-hsi.yu@suse.com>
Date: Mon, 09 Oct 2023 14:58:00 +0800
Subject: [PATCH] kABI: fix bpf Invalidate slices on destruction of dynptrs on stack
Patch-mainline: Never, kABI fix
References: bsc#1215863 CVE-2023-39191

Upstream commit f8064ab90d664 ("bpf: Invalidate slices on destruction of
dynptrs on stack") adds the `dynptr_id` field to both `struct
bpf_call_arg_meta` and `struct bpf_reg_state`, thus breaking kABI. Luckily
both are quite easy to fix.

`struct bpf_call_arg_meta` still has a 4 byte hole that fits `int dynptr_id`,
and in `struct bpf_reg_state`, the `u32 dynptr_id` is inside a union that's
large enough to accomodate this new addition, so for both case it's a matter
of wrapping the new field in within `#ifndef __GENSYMS__`.

Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>

---
 include/linux/bpf_verifier.h |    4 ++++
 kernel/bpf/verifier.c        |    4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -70,10 +70,14 @@ struct bpf_reg_state {
 			u32 btf_id;
 		};
 
+#ifndef __GENKSYMS__
 		struct { /* for PTR_TO_MEM | PTR_TO_MEM_OR_NULL */
 			u32 mem_size;
 			u32 dynptr_id; /* for dynptr slices */
 		};
+#else
+		u32 mem_size;
+#endif
 
 		/* For dynptr stack slots */
 		struct {
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -254,9 +254,11 @@ struct bpf_call_arg_meta {
 	int mem_size;
 	u64 msize_max_value;
 	int ref_obj_id;
-	int dynptr_id;
 	int map_uid;
 	int func_id;
+#ifndef __GENKSYMS__
+	int dynptr_id;
+#endif
 	struct btf *btf;
 	u32 btf_id;
 	struct btf *ret_btf;