From patchwork Thu Aug 6 18:29:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nick Desaulniers X-Patchwork-Id: 247530 Delivered-To: patch@linaro.org Received: by 2002:a92:cc90:0:0:0:0:0 with SMTP id x16csp1746120ilo; Thu, 6 Aug 2020 11:40:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyeqW6dPGKk0QNgU+/4KxxeBjLYUXZS2OwaAq9e6bPXLoGYWHcafjtYCW0TUIQ9uCOEiGMA X-Received: by 2002:a17:906:698:: with SMTP id u24mr5582851ejb.57.1596739219856; Thu, 06 Aug 2020 11:40:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596739219; cv=none; d=google.com; s=arc-20160816; b=FtKfrPt6qczfxaFAEAycbg3uETmR1vobUBkCTZ574QRHuXFvLH+MYn/TK//rHUMWg3 7qas27XEzpdHloPjDvVuxe/H+/RCNOxjV8tXaIOazQm4OILOLCofRAnBH/4MRJVUXRlM TfueIz4LTiykbympqjCV5ElbI4k6h4A+n2CaWCuQ6RyIzGQXMxRrCoRVlFh/NALulWtf 6sWyFWIypnr+dnwDtjWtnssmKVxK9V0Zc4DHFCbFTuiT6KFgVwH6MXEhQV3NUnhKMnT8 3G+PbxqPlpIhy4kJAQYoLFhLS4JaXSa92w4RVvbbFYT3akrQmDtL9hPgz05VLQl6IHtb p42A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=+IG/dxdpIhFOg5NsrzFXy6SAE8mZFW/9Sk3pQFlLR/4=; b=qm1YYclbV3LsQnDu+1O/C+UOQvtBjlza0QUdOwkB/8VC7Hb9Ib0tCvUPWy/+hagaB5 oHrMNmPZvv2qZD1TGFlSXhZBIHAT5sTMkaER2qDckUuoo9QzP53En5tb+omzx1Y5a9eP WYkjxzPLABRLf+h54nKvq+DRowqMtm4CnT78G1LO35dtzUXhi9vMczAzuILuMKIF5Ph0 pWlsR9GpI7QdIohZfiyoEOrFYnWS6nYZHsChQybKvWzEjjopQOGddrTzpAPS0KU7A+z+ LlW0FkQZ85sIwLHs/SiEENqo2hD1wJkc/Ib78Mz+842QiNzEVBrW9idfouEM/Brc4CUD RwVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=aqhdeEeY; spf=pass (google.com: domain of netdev-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x22si3749127ejw.73.2020.08.06.11.40.19; Thu, 06 Aug 2020 11:40:19 -0700 (PDT) Received-SPF: pass (google.com: domain of netdev-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=aqhdeEeY; spf=pass (google.com: domain of netdev-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729564AbgHFSkD (ORCPT + 9 others); Thu, 6 Aug 2020 14:40:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58832 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727868AbgHFS3z (ORCPT ); Thu, 6 Aug 2020 14:29:55 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2E4F9C0617A9 for ; Thu, 6 Aug 2020 11:29:52 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id v65so14751661ybv.9 for ; Thu, 06 Aug 2020 11:29:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=+IG/dxdpIhFOg5NsrzFXy6SAE8mZFW/9Sk3pQFlLR/4=; b=aqhdeEeYxs4pIJ7U2ovDFyNnuGPXWzRfKQ10Xub61whpV9tbm2cil6TFTO/f1I0asV Jkm5iEj3REOVhxGYnDQDW9Vyad2O2p91LMVYkD1fdaXSuu2OvPO9WG1VrOWStwcbxXzZ AaMCgi88DzldY8DzC5b/E6Xr0eTQvkemByeALsUT2qQW/ovsBZbfkzt0qb0t6wGDSK8q zeV8thFiYRKXT51DfC+CnEFhs9Z1fgeEX3Ea+a0ZEJIREVYuNOhIIE4s+d4oHfAL0TLI 7ppVzqf6bPuxq8Et9E+O1VG9H8UtDwzlOIysJD97bqAaoJhaTLuPtKTLJaTeFyY4k/2J 2+qA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=+IG/dxdpIhFOg5NsrzFXy6SAE8mZFW/9Sk3pQFlLR/4=; b=t7gKHqZ4TP8CIP7ZlFtoBWWIKBqS47BUNoNCmGxDyptZBEstH3mTaLnpsvziHx8toR rsUSwQT2BG7s1mkCaKUmeXGlp3ooOaevNPEg6V+2z7z+wun87zgGjcIDsDqblUP5xWar CHz0uoU3DCgc8ABTXhcK4yXUz5+2IkAtsonpBOIlc/nJFBaFSlMJLQ6FhbDFG6cbu1sS rrQ0r7s3q2Hl1oVunSZhMaYwY/CXPtUJNJPPcB4aUtHMXGpyB3WZzcDnxa3aptD9IgCW QhZ3WefDWW1XLZFdYy1oI1li9ASHC9HtNok9doJUHBtONpgD1hxGv+LofV+I+Q/Z84Ut FOgw== X-Gm-Message-State: AOAM531Uv7vEsKQaiw94lVwKtXppRbRhhr6/W8rC1T7daTusDZaAPG5Q QBijvxoB+u7689WCfXgoM5VravVDmPFr1aSRqZQ= X-Received: by 2002:a25:f30c:: with SMTP id c12mr15528680ybs.471.1596738591183; Thu, 06 Aug 2020 11:29:51 -0700 (PDT) Date: Thu, 6 Aug 2020 11:29:39 -0700 Message-Id: <20200806182940.720057-1-ndesaulniers@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.28.0.163.g6104cc2f0b6-goog Subject: [PATCH net resend] bitfield.h: don't compile-time validate _val in FIELD_FIT From: Nick Desaulniers To: David Miller Cc: Sami Tolvanen , Jakub Kicinski , stable@vger.kernel.org, Masahiro Yamada , Nick Desaulniers , Alex Elder , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , John Fastabend , KP Singh , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Jakub Kicinski When ur_load_imm_any() is inlined into jeq_imm(), it's possible for the compiler to deduce a case where _val can only have the value of -1 at compile time. Specifically, /* struct bpf_insn: _s32 imm */ u64 imm = insn->imm; /* sign extend */ if (imm >> 32) { /* non-zero only if insn->imm is negative */ /* inlined from ur_load_imm_any */ u32 __imm = imm >> 32; /* therefore, always 0xffffffff */ if (__builtin_constant_p(__imm) && __imm > 255) compiletime_assert_XXX() This can result in tripping a BUILD_BUG_ON() in __BF_FIELD_CHECK() that checks that a given value is representable in one byte (interpreted as unsigned). FIELD_FIT() should return true or false at runtime for whether a value can fit for not. Don't break the build over a value that's too large for the mask. We'd prefer to keep the inlining and compiler optimizations though we know this case will always return false. Cc: stable@vger.kernel.org Link: https://lore.kernel.org/kernel-hardening/CAK7LNASvb0UDJ0U5wkYYRzTAdnEs64HjXpEUL7d=V0CXiAXcNw@mail.gmail.com/ Reported-by: Masahiro Yamada Debugged-by: Sami Tolvanen Signed-off-by: Jakub Kicinski Signed-off-by: Nick Desaulniers Acked-by: Alex Elder --- Note: resent patch 1/2 as per Jakub on https://lore.kernel.org/netdev/20200708230402.1644819-1-ndesaulniers@google.com/ include/linux/bitfield.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.27.0.383.g050319c2ae-goog diff --git a/include/linux/bitfield.h b/include/linux/bitfield.h index 48ea093ff04c..4e035aca6f7e 100644 --- a/include/linux/bitfield.h +++ b/include/linux/bitfield.h @@ -77,7 +77,7 @@ */ #define FIELD_FIT(_mask, _val) \ ({ \ - __BF_FIELD_CHECK(_mask, 0ULL, _val, "FIELD_FIT: "); \ + __BF_FIELD_CHECK(_mask, 0ULL, 0ULL, "FIELD_FIT: "); \ !((((typeof(_mask))_val) << __bf_shf(_mask)) & ~(_mask)); \ })