From patchwork Tue Jul 7 21:16:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nick Desaulniers X-Patchwork-Id: 235025 Delivered-To: patch@linaro.org Received: by 2002:a92:d244:0:0:0:0:0 with SMTP id v4csp1272117ilg; Tue, 7 Jul 2020 14:16:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxB/DNul15haTRam/4nqiBd6zBalBMszcHjvTs2xBnU1FxaVs41DzENjOtSBGlDllXOMHLT X-Received: by 2002:a05:6402:b6c:: with SMTP id cb12mr63940217edb.116.1594156615360; Tue, 07 Jul 2020 14:16:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594156615; cv=none; d=google.com; s=arc-20160816; b=wkHwWT0IkHUsauW9yrTXaHKX+rXMcE+vFhG1zkyqnyiEhSYLm64aZ54aIsJbtjmyF3 YN4HamYhwoKW6i04aR+34CG7Z1beIQE9S82qbrHHyZEBi4yJYGVHDRFWI5LOarz6cp4e O7Lhq6GfK1ufjOnx7wCsfhWNFwxNauo1+Ie8ctlHfLz3ze0O6A8MoZUf9nGEicWGoffx QZ6wkTYJX1Q3JBYoN7JPVcyU4TRz0pschLQrLTuJzPxXkF2UV4zTUl9RPgfaRPqDBijA kCUIZ/x3nEQA4XOwMpQh61qXNP6OtJow1GN+8J3CRXfviCi7PhzkleSqkWhlMPeOMTCy /luw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=LK+EBRynEXsucfX04gFvi+gNnB4EOZ/bB2WzuaaMYIc=; b=OZOHR3gq42EO+Kk7kZxM2MiYW0MfrNnw+TNgRlurRhiFGY84KrZNKwdzhdU0VAljzi xecnHAGNz8oTfz/q5MX3b3Pj05Aduq9F3JM0RQz97TkC2h/F6wjDbqvQIpAB8bt8HDWO AFlHczitX4SZsUU+DYhB7fhBprm8fXVzNZQEjvEcSyJRvUMW1MrmWBSanGC/Adflfkhr T5sZqWT3oN25fJu+AstSYHftMTgBGat+iqBtmM/kuaAiNooQsHADCl/53jeZZSLeZxwx DIHL0ZsbLnjjnmeffXlN1ZkYULRxbZThQ1OcSPPU2/TVNHl8dQ722XFFy6ahMcXWsLh/ oGTg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Rug8tm+x; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b12si13694128edj.296.2020.07.07.14.16.54; Tue, 07 Jul 2020 14:16:55 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Rug8tm+x; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728874AbgGGVQy (ORCPT + 15 others); Tue, 7 Jul 2020 17:16:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59526 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728184AbgGGVQx (ORCPT ); Tue, 7 Jul 2020 17:16:53 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2A738C08C5DC for ; Tue, 7 Jul 2020 14:16:53 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id t7so34142652ybk.2 for ; Tue, 07 Jul 2020 14:16:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=LK+EBRynEXsucfX04gFvi+gNnB4EOZ/bB2WzuaaMYIc=; b=Rug8tm+xa2icYOqvro5VOiB7Xb1MvWVSdcHzdKmC5ojZ1nEeGXG4Z7+A9IpOHkU3id vZ14aeY8oW8KS5Ms4Y6CcnEvMMZQEwc+KXXJzM7uvknJPWiNLF4FHQh+MLvz5eK9+1WK 2UAS1N5Te+mjL/j3pUa9f+zrdmJxEb2wWf12T6FvlND+IIRhzsmnIW4/SZQ2hGc6GYjy RDRASgQOSHIrzI+59CFyx7vDoXfZ9OoDQObliOx+xsar02qBSpqWD4G4IvCWoOm0jg+U GR+s9JWZ9b2WkUIUCDq6tdDhQ7aR9zUNdO5VOjyfHmebj6JwnfZIBbmQFBZ7md/5ZlTg FdsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=LK+EBRynEXsucfX04gFvi+gNnB4EOZ/bB2WzuaaMYIc=; b=V4+t/1xHX13aG8jKtUTdo0+S+J/qkxbb7S9P6qM9/kTKq5vgkOcL4lQeDXn1lOquBr kM9KjuNVeXLafICdcvSoE4zhl69cqtacIT++qh6oKi3VBTUsQKzi9aAAAAxJeTDSWQ9A jekj5Q0xArWsqxqbMrrKsv0Kj9vMfrOqfHUWHXWJfUKlHfs2MH4fBU2aGhDGam36qc6g J8UjWLamPiwEPMNICMWitzDr08jZ8H+yarv8+HKkm/j5QBUkG5R6emfrBQGgwOZsS5av 6wcWAauW/5auY8neD+2OqCdA0MntwEBEXQD+CCd/LPVw2sOc/nOAEDTBVx1fzxQGq+an GnEg== X-Gm-Message-State: AOAM530QbJB3m/ryHEVCOqzz5YLx2meGHOfKT1WHqoD/ZCilKx/PfdLc rhrfXxKiXZcNFURooWd7cpZumZ3LBtR7MHoD7f0= X-Received: by 2002:a25:21c5:: with SMTP id h188mr36451509ybh.468.1594156612336; Tue, 07 Jul 2020 14:16:52 -0700 (PDT) Date: Tue, 7 Jul 2020 14:16:41 -0700 Message-Id: <20200707211642.1106946-1-ndesaulniers@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.27.0.383.g050319c2ae-goog Subject: [PATCH] bitfield.h: don't compile-time validate _val in FIELD_FIT From: Nick Desaulniers To: "David S . Miller" Cc: Jakub Kicinski , stable@vger.kernel.org, Masahiro Yamada , Sami Tolvanen , Nick Desaulniers , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , John Fastabend , KP Singh , Alex Elder , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jakub Kicinski When ur_load_imm_any() is inlined into jeq_imm(), it's possible for the compiler to deduce a case where _val can only have the value of -1 at compile time. Specifically, /* struct bpf_insn: _s32 imm */ u64 imm = insn->imm; /* sign extend */ if (imm >> 32) { /* non-zero only if insn->imm is negative */ /* inlined from ur_load_imm_any */ u32 __imm = imm >> 32; /* therefore, always 0xffffffff */ if (__builtin_constant_p(__imm) && __imm > 255) compiletime_assert_XXX() This can result in tripping a BUILD_BUG_ON() in __BF_FIELD_CHECK() that checks that a given value is representable in one byte (interpreted as unsigned). FIELD_FIT() should return true or false at runtime for whether a value can fit for not. Don't break the build over a value that's too large for the mask. We'd prefer to keep the inlining and compiler optimizations though we know this case will always return false. Cc: stable@vger.kernel.org Link: https://lore.kernel.org/kernel-hardening/CAK7LNASvb0UDJ0U5wkYYRzTAdnEs64HjXpEUL7d=V0CXiAXcNw@mail.gmail.com/ Reported-by: Masahiro Yamada Debugged-by: Sami Tolvanen Signed-off-by: Jakub Kicinski Signed-off-by: Nick Desaulniers --- include/linux/bitfield.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.27.0.383.g050319c2ae-goog diff --git a/include/linux/bitfield.h b/include/linux/bitfield.h index 48ea093ff04c..4e035aca6f7e 100644 --- a/include/linux/bitfield.h +++ b/include/linux/bitfield.h @@ -77,7 +77,7 @@ */ #define FIELD_FIT(_mask, _val) \ ({ \ - __BF_FIELD_CHECK(_mask, 0ULL, _val, "FIELD_FIT: "); \ + __BF_FIELD_CHECK(_mask, 0ULL, 0ULL, "FIELD_FIT: "); \ !((((typeof(_mask))_val) << __bf_shf(_mask)) & ~(_mask)); \ })