Hi all,
This patch series includes backports for the changes that fix CVE-2023-52447.
Commit e6c86c513f44 ("rcu-tasks: Provide rcu_trace_implies_rcu_gp()") applied cleanly.
Commit 876673364161 ("bpf: Defer the free of inner map when necessary") had one significant conflict, which was due to missing commit 8d5a8011b35d ("bpf: Batch call_rcu callbacks instead of SLAB_TYPESAFE_BY_RCU."). The conflict was because of the switch to queue_work() from schedule_work() in __bpf_map_put(). From what I can tell, the switch to queue_work() from schedule_work() isn't relevant in the context of this bug, so I resolved the conflict by keeping schedule_work() and not including 8d5a8011b35d ("bpf: Batch call_rcu callbacks instead of SLAB_TYPESAFE_BY_RCU.").
I also noticed that commit a6fb03a9c9c8 ("bpf: add percpu stats for bpf_map elements insertions/deletions") is tagged as a stable dependency of commit 876673364161. However, I don't see the functions and fields added in that patch used at all in commit 876673364161. This patch was backported to linux-6.1.y, but a `git grep` seems to show that `bpf_map_init_elem_count` is never referenced in linux-6.1.y. It seems to me that this patch is not actually a dependency of commit 876673364161, so I didn't include it in this backport.
I ran the selftests added in commit 1624918be84a ("selftests/bpf: Add test cases for inner map"), and they passed with no KASAN warnings. However, I did not manage to find a kernel on which these tests did generate a KASAN warning, so the test result may not be very meaningful. Apart from that, my typical build+boot test passed.
Hou Tao (1): bpf: Defer the free of inner map when necessary
Paul E. McKenney (1): rcu-tasks: Provide rcu_trace_implies_rcu_gp()
include/linux/bpf.h | 7 ++++++- include/linux/rcupdate.h | 12 ++++++++++++ kernel/bpf/map_in_map.c | 11 ++++++++--- kernel/bpf/syscall.c | 26 ++++++++++++++++++++++++-- kernel/rcu/tasks.h | 2 ++ 5 files changed, 52 insertions(+), 6 deletions(-)