DEBIAN-CVE-2024-58070

In the Linux kernel, the following vulnerability has been resolved: bpf: bpflocalstorage: Always use bpfmemalloc in PREEMPTRT In PREEMPTRT, kmalloc(GFPATOMIC) is still not safe in non preemptible context. bpfmemalloc must be used in PREEMPTRT. This patch is to enforce bpfmemalloc in the bpflocalstorage when CONFIGPREEMPTRT is enabled. [ 35.118559] BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:48 [ 35.118566] inatomic(): 1, irqsdisabled(): 0, nonblock: 0, pid: 1832, name: testprogs [ 35.118569] preemptcount: 1, expected: 0 [ 35.118571] RCU nest depth: 1, expected: 1 [ 35.118577] INFO: lockdep is turned off. ... [ 35.118647] mightresched+0x433/0x5b0 [ 35.118677] rtspinlock+0xc3/0x290 [ 35.118700] _slaballoc+0x72/0xc40 [ 35.118723] _kmallocnoprof+0x13f/0x4e0 [ 35.118732] bpfmapkzalloc+0xe5/0x220 [ 35.118740] bpfselemalloc+0x1d2/0x7b0 [ 35.118755] bpflocalstorageupdate+0x2fa/0x8b0 [ 35.118784] bpfskstoragegettracing+0x15a/0x1d0 [ 35.118791] bpfprog9a118d86fca78ebbtraceinetsocksetstate+0x44/0x66 [ 35.118795] bpftracerun3+0x222/0x400 [ 35.118820] _bpftraceinetsocksetstate+0x11/0x20 [ 35.118824] traceinetsocksetstate+0x112/0x130 [ 35.118830] inetskstatestore+0x41/0x90 [ 35.118836] tcpsetstate+0x3b3/0x640 There is no need to adjust the gfpflags passing to the bpfmemcacheallocflags() which only honors the GFPKERNEL. The verifier has ensured GFPKERNEL is passed only in sleepable context. It has been an old issue since the first introduction of the bpflocalstorage ~5 years ago, so this patch targets the bpf-next. bpfmemalloc is needed to solve it, so the Fixes tag is set to the commit when bpfmemalloc was first used in the bpflocalstorage.