CVE-2024-58100

In the Linux kernel, the following vulnerability has been resolved:

bpf: check changespktdata property for extension programs

When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changespktdata property of the global sub-program.

Because of this, an extension program replacing a global sub-program must be compatible with changespktdata property of the sub-program being replaced.

This commit: - adds changespktdata flag to struct bpfprogaux: - this flag is set in checkcfg() for main sub-program; - in jitsubprogs() for other sub-programs; - modifies bpfcheckattachbtfid() to check changespktdata flag; - moves call to checkattachbtfid() after the call to checkcfg(), because it needs changespktdata flag to be set:

bpf_check:
  ...                             ...
- check_attach_btf_id             resolve_pseudo_ldimm64
  resolve_pseudo_ldimm64   -->    bpf_prog_is_offloaded
  bpf_prog_is_offloaded           check_cfg
  check_cfg                     + check_attach_btf_id
  ...                             ...

The following fields are set by checkattachbtfid(): - env->ops - prog->aux->attachbtftrace - prog->aux->attachfuncname - prog->aux->attachfuncproto - prog->aux->dsttrampoline - prog->aux->mod - prog->aux->saveddstattachtype - prog->aux->saveddstprogtype - prog->expectedattachtype

Neither of these fields are used by resolvepseudoldimm64() or bpfprogoffloadverifierprep() (for netronome and netdevsim drivers), so the reordering is safe.