soundwire: stream: fix NULL pointer dereference for multi_link

[platform/kernel/linux-starfive.git] / kernel / bpf / core.c

diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 0f8f036..5d1efe5 100644 (file)
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -371,14 +371,18 @@ static int bpf_adj_delta_to_imm(struct bpf_insn *insn, u32 pos, s32 end_old,
 static int bpf_adj_delta_to_off(struct bpf_insn *insn, u32 pos, s32 end_old,
                                s32 end_new, s32 curr, const bool probe_pass)
 {
-       const s32 off_min = S16_MIN, off_max = S16_MAX;
+       s64 off_min, off_max, off;
        s32 delta = end_new - end_old;
-       s32 off;
 
-       if (insn->code == (BPF_JMP32 | BPF_JA))
+       if (insn->code == (BPF_JMP32 | BPF_JA)) {
                off = insn->imm;
-       else
+               off_min = S32_MIN;
+               off_max = S32_MAX;
+       } else {
                off = insn->off;
+               off_min = S16_MIN;
+               off_max = S16_MAX;
+       }
 
        if (curr < pos && curr + off + 1 >= end_old)
                off += delta;
@@ -623,7 +627,11 @@ static __always_inline int bpf_tree_comp(void *key, struct latch_tree_node *n)
 
        if (val < ksym->start)
                return -1;
-       if (val >= ksym->end)
+       /* Ensure that we detect return addresses as part of the program, when
+        * the final instruction is a call for a program part of the stack
+        * trace. Therefore, do val > ksym->end instead of val >= ksym->end.
+        */
+       if (val > ksym->end)
                return  1;
 
        return 0;
@@ -870,7 +878,7 @@ static struct bpf_prog_pack *alloc_new_pack(bpf_jit_fill_hole_t bpf_fill_ill_ins
                       GFP_KERNEL);
        if (!pack)
                return NULL;
-       pack->ptr = module_alloc(BPF_PROG_PACK_SIZE);
+       pack->ptr = bpf_jit_alloc_exec(BPF_PROG_PACK_SIZE);
        if (!pack->ptr) {
                kfree(pack);
                return NULL;
@@ -894,7 +902,7 @@ void *bpf_prog_pack_alloc(u32 size, bpf_jit_fill_hole_t bpf_fill_ill_insns)
        mutex_lock(&pack_mutex);
        if (size > BPF_PROG_PACK_SIZE) {
                size = round_up(size, PAGE_SIZE);
-               ptr = module_alloc(size);
+               ptr = bpf_jit_alloc_exec(size);
                if (ptr) {
                        bpf_fill_ill_insns(ptr, size);
                        set_vm_flush_reset_perms(ptr);
@@ -932,7 +940,7 @@ void bpf_prog_pack_free(struct bpf_binary_header *hdr)
 
        mutex_lock(&pack_mutex);
        if (hdr->size > BPF_PROG_PACK_SIZE) {
-               module_memfree(hdr);
+               bpf_jit_free_exec(hdr);
                goto out;
        }
 
@@ -956,7 +964,7 @@ void bpf_prog_pack_free(struct bpf_binary_header *hdr)
        if (bitmap_find_next_zero_area(pack->bitmap, BPF_PROG_CHUNK_COUNT, 0,
                                       BPF_PROG_CHUNK_COUNT, 0) == 0) {
                list_del(&pack->list);
-               module_memfree(pack->ptr);
+               bpf_jit_free_exec(pack->ptr);
                kfree(pack);
        }
 out: