From 249a240f56f88e69fe97cdcf8fb614ade2251958 Mon Sep 17 00:00:00 2001 From: Paul Chaignon Date: Sun, 19 Dec 2021 20:59:43 +0100 Subject: sys/linux: support callback BPF functions Commit [1] upstream introduced a new BPF helper, bpf_for_each_map_elem, which comes with callback functions (BPF programs). The callback function's address is provided via a 64-bit IMM load instruction where the first 32-bit of the immediate value are the offset from the current instruction to the start of the callback function. The 64-bit value is then rewritten into the address of the callback function. Callback BPF functions are similar to BPF_PSEUDO_CALL functions, except the offset to the function is converted into an address to be passed to a BPF helper. The same workaround is thus used to encode the offset in syzkaller, given we can't currently limit the offset to the program size. 1 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69c087ba6225b Signed-off-by: Paul Chaignon --- sys/linux/bpf.txt.const | 1 + 1 file changed, 1 insertion(+) (limited to 'sys/linux/bpf.txt.const') diff --git a/sys/linux/bpf.txt.const b/sys/linux/bpf.txt.const index 83ff643d5..5f8cf4c07 100644 --- a/sys/linux/bpf.txt.const +++ b/sys/linux/bpf.txt.const @@ -192,6 +192,7 @@ BPF_PROG_TYPE_TRACING = 26 BPF_PROG_TYPE_XDP = 6 BPF_PSEUDO_BTF_ID = 3 BPF_PSEUDO_CALL = 1 +BPF_PSEUDO_FUNC = 4 BPF_PSEUDO_MAP_FD = 1 BPF_PSEUDO_MAP_IDX = 5 BPF_PSEUDO_MAP_IDX_VALUE = 6 -- cgit mrf-deployment