From patchwork Fri May 28 10:37:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ovidiu Panait X-Patchwork-Id: 450031 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83F64C47095 for ; Fri, 28 May 2021 10:39:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5918D613B5 for ; Fri, 28 May 2021 10:39:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236654AbhE1Kkh (ORCPT ); Fri, 28 May 2021 06:40:37 -0400 Received: from mx0b-0064b401.pphosted.com ([205.220.178.238]:37580 "EHLO mx0b-0064b401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236590AbhE1KkZ (ORCPT ); Fri, 28 May 2021 06:40:25 -0400 Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14SAcXlT011402; Fri, 28 May 2021 10:38:33 GMT Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2105.outbound.protection.outlook.com [104.47.58.105]) by mx0a-0064b401.pphosted.com with ESMTP id 38tfbh8nsn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 28 May 2021 10:38:33 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JtIUCNdvEHEyaJgR9gltVCwyvdBt5fLXkgxKjteL+iGbzu+OOdsckzDTOUy9dVV5OsyFZZvwFuzcH10AasRNOwvgIAPiUWzjE02o4Hs4NLLCGDZSR6pHcgfX6LnF3qGq+ODtQ875/ZsHBtC/PZoxAc5QM5/EihQw5TsEldyeCk6evan/j5Yd3ye2IW04PSrZS/J7Bd1SivEG4TSKsNIlhEMo1gjNzE49AlUvhtqa1szFrQG3gefIfXXRJ21C1eAaQ3+YxmdPOv+gFt8YMiIbSi7MSVb81KCuM9RcVuBDMurJWsI24Exwlkv0VCiq5rFnGrXDicI9XjlT+qCFYbfDqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UZFtFZQ19dtiGu0q4A91o88mfw7+X77N4k1AxGl1Uog=; b=mWa8oXkWbLcQuadmbdAr7t1EvOrOEDyQogAcPynml78iEFg2qIiLdr9x3adRZ2rRgpSsmxsvyjLN58EkR3OVgdGau9JCvo6rT7PuaHEuG6xG4wGYStD02Sj7FAQ485wPeuU6HWhEuqQKKxCoPqhGlcXjQMA2y7wdlXsd91l3FsYyBsMo79Y4CpuXtOAT7sPXEh427VaAl1flPOQCH9awAbCbyBdCDBwlCOwbn53LMBJVqzCVag7veK7IgtCMBhxGZUdRBxJcj1wJ9MUb5MhqJXvj2Su+7p8x01ge1JTvl3uuCjQ5oRks8pjrJzD+fzYgOQ2Fr8W+gtFbji4eBhUb5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriversystems.onmicrosoft.com; s=selector2-windriversystems-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UZFtFZQ19dtiGu0q4A91o88mfw7+X77N4k1AxGl1Uog=; b=GmjUMDFm5kK7uyJXcZQs9122CE5r2QvI9hBfYMp1+cc26JUxr6E2aOnxSXLze2FHJFKzDNZz8R9QW/I7us/ZaZyRwIuTiz0GejKjsdWzwVN1i5PbWE7zglFBMzEUMgKdyL7cnzKBe6e7+b1Rq1t5uOymjab57LHYU18fzgIzKoc= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=windriver.com; Received: from BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) by BN6PR1101MB2097.namprd11.prod.outlook.com (2603:10b6:405:50::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Fri, 28 May 2021 10:38:31 +0000 Received: from BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33]) by BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33%3]) with mapi id 15.20.4173.024; Fri, 28 May 2021 10:38:31 +0000 From: Ovidiu Panait To: stable@vger.kernel.org Cc: fllinden@amazon.com, bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net, yhs@fb.com, john.fastabend@gmail.com, samjonas@amazon.com Subject: [PATCH v2 4.19 02/19] bpf, selftests: Fix up some test_verifier cases for unprivileged Date: Fri, 28 May 2021 13:37:53 +0300 Message-Id: <20210528103810.22025-3-ovidiu.panait@windriver.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210528103810.22025-1-ovidiu.panait@windriver.com> References: <20210528103810.22025-1-ovidiu.panait@windriver.com> X-Originating-IP: [46.97.150.20] X-ClientProxiedBy: VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) To BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from otp-linux01.wrs.com (46.97.150.20) by VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Fri, 28 May 2021 10:38:30 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 546c8293-68b2-4128-af4a-08d921c4bcd6 X-MS-TrafficTypeDiagnostic: BN6PR1101MB2097: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1060; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VzcCnIYGAzzEOvSHMhJyY+YDUj2hsZT1rh/hUGK78iVT3qek7vuapsZOCuFYSGDIoQBVqAQaIuqINrgqKzaD8+gfjlpnncgiTV6EQ5PbwB4Iv6zNt2+xz2KCxawuvP2r6G3OnQuBX4gRB7farYPgZ7dY6XjYFcVqlWU72Tb9KfbsZdTzuB/UYOl4ABF20MiuJPtZnCqQP647wkXZNH9KnQd4fYuphE+ELv9cyimt81MYq1LJmK08dCi+nm1gPGlsGHOhCibVe3jZ3ExbBlJWYVFYFJ4BtxxTRe2fMZDPZSXAXYdmdWIUeS50mrMyTNz91Wnbg0jT/5VXtVBSWP+jpmefptM8BtBO7URta/XAuNPwF5VQm/njC79wM8er0cVx0HLhXOVY1SbKCCKAr25vNcBAqPZS0qsLOjJi2dNguCN6TPioVdwRtuPYxIVztGor0BedvYNc3qdmMh1dRtxGswiMuWA+WPZ0VHdXsGxVOAqmH+Tw8ePfuKxGi2K9tvP8trCbHMlvPm/nNNS+VB7bLYE04h74i9ggFvv9MMe/ggsdUE7qQJReUdG6zZUvag1lY3fR7ht93eLwXsN0BXMKvFzf0haa3xqE0XrHVJQZJwsYlfXyMV/+R5VNDNVox1bQlmH9yGJ7BPd4lMjBR/4X6w== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1956.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(376002)(39840400004)(366004)(346002)(86362001)(478600001)(2906002)(6666004)(38350700002)(38100700002)(4326008)(6512007)(66946007)(66476007)(66556008)(316002)(8936002)(6486002)(52116002)(1076003)(5660300002)(956004)(26005)(2616005)(8676002)(16526019)(186003)(6506007)(44832011)(6916009)(36756003)(83380400001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: RFyr/usDKseozWR94zD/dJLUq6aZ4sNICi1UFDvilSze4wz3Asg3efXSYnmqr0VbcRC6w+k2WVQqyCWv6u5F1ORJap9vQw47LboMRT9Bo0eAFvYY6MGi4yHr4nfwtM5V+fy/iG93C/hPx8yZWmDBmYm6TWOjsbiaH1ppfV/TaJ5IERtqjrInUJW/ITWqLFA7tjHx0D2ZcSAhibHaqD935rW/WN3Wl2uxHpQXcOW2O6mAMAXdwv7p3PAPVA2UxVo6PCIQfQHMv+tuCHUdduPp4EL5hXZP/209MOv4265bPnahFbEkRxWdcFuQuzSyRxRIIAKxP7QqF7TsjTmKczlswchVvviOwrgFFonV/cdb0X9Rrz25IUghhFvCSKNDfaqAMlbxaahkWg3z12QMGFLoIATlZSYt/aLmM8O+fdfvEj2CGNqo5sHNzXliQ1KW1pl4FG8g354I3aj+VjBS4g10mrZ7Zu/hJBWtclwFEhdwfS98c0TWhCe3KznJSPBTShUJyhBp0ZgZ24QiYBHEFbbZK9mkOXDrwvn4sxENQqHpSii4JW4eg7DLxKfg5RH6/7eTwXPSBW1QCDvIT+m9uG1IAJC8Bp5rgiHZa3EFeVgcvJb4h1AvRTYhcUrsT6ReMeU3hWNq4GHzaWIUs53vpjpul+/GNvddXzk5Y4ZdhVQiQ+6PSGvkT0p+7Q97HMJAFeVpgJ2lF5Mi+lY7g/n2RqMsnRqSdxpiYbhzjDA7u3bDHlERIOmHvbQjLOWAevr8r22/Xu8VqlM9QUSumkxYNgw3dVJKrA+Y53w0mcykfjnm2g3URij+JhlR/dV7Rxph52lUwQ/NKYQML1rjAPmHjMi79TQOtliT8PwRVUc22tJMDWnpjZC/Kqvf+/TWwRd3niTO4wEXmvDt6uUq385jwDHAmdpHcR6E1IccbEV05KNwOWL06PEYcTq39wBwj51D9tyNPA7N8CsnjkRRAuCRK8Av9T92Cp1UyIc8CIRerckq8zq4UWnqaJMm/2w1TroDx8/HMkEhfjSz6xyY7CiK42XwDV0XYOA7JReYW55zQzntpwY3rqIpfRulmmZ1ccRAV+q3anXAwBP8SazlK9glpq7AiKjQypB03YRVMqpU6iVT8ICo5ZYMS+/XwNzKwdntYW4FNaMerKuNZ4xgLEgxVDs7Ro1fChwWQjP/6e5iZnvYizkZyXUa3pS9ZIv35hoXH7ZPqzqnSSwM8ePZ9r/uFsAbZFvyIxO/UBO8pccJXfqfzGiKoUS/QWyY4S/f6iBp0u8guyFw0KCzYAOBVK4sJHyu4vzmKAP7aKBR70kMPOd/xi6oEnFTEwAT5uHQ0S7PFpBY X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 546c8293-68b2-4128-af4a-08d921c4bcd6 X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1956.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2021 10:38:31.6707 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 1wWCnGkkBcCjFjmWQIq3M2ZomXxpPqREKAbFawaqADSLiWiFWdTrD6+ofFjD4lf07T9WL9O/kTQ58+0S3ihVQPaK42iq4TBM1ay4Br1mMpg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR1101MB2097 X-Proofpoint-ORIG-GUID: rcu0JJm-mhB2CxpfCTdztvKB-X-Bsz7Z X-Proofpoint-GUID: rcu0JJm-mhB2CxpfCTdztvKB-X-Bsz7Z X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-28_04:2021-05-27,2021-05-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 phishscore=0 lowpriorityscore=0 mlxlogscore=999 malwarescore=0 adultscore=0 spamscore=0 clxscore=1015 mlxscore=0 suspectscore=0 impostorscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105280070 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Piotr Krysiuk commit 0a13e3537ea67452d549a6a80da3776d6b7dedb3 upstream Fix up test_verifier error messages for the case where the original error message changed, or for the case where pointer alu errors differ between privileged and unprivileged tests. Also, add alternative tests for keeping coverage of the original verifier rejection error message (fp alu), and newly reject map_ptr += rX where rX == 0 given we now forbid alu on these types for unprivileged. All test_verifier cases pass after the change. The test case fixups were kept separate to ease backporting of core changes. Signed-off-by: Piotr Krysiuk Co-developed-by: Daniel Borkmann Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov [OP: backport to 4.19, skipping non-existent tests] Signed-off-by: Ovidiu Panait --- tools/testing/selftests/bpf/test_verifier.c | 42 ++++++++++++++++----- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c index fef1c9e3c4b8..29d42f7796d9 100644 --- a/tools/testing/selftests/bpf/test_verifier.c +++ b/tools/testing/selftests/bpf/test_verifier.c @@ -2837,7 +2837,7 @@ static struct bpf_test tests[] = { .result = ACCEPT, }, { - "unpriv: adding of fp", + "unpriv: adding of fp, reg", .insns = { BPF_MOV64_IMM(BPF_REG_0, 0), BPF_MOV64_IMM(BPF_REG_1, 0), @@ -2845,6 +2845,19 @@ static struct bpf_test tests[] = { BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, -8), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R1 tried to add from different maps, paths, or prohibited types", + .result_unpriv = REJECT, + .result = ACCEPT, + }, + { + "unpriv: adding of fp, imm", + .insns = { + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), + BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 0), + BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, -8), + BPF_EXIT_INSN(), + }, .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", .result_unpriv = REJECT, .result = ACCEPT, @@ -9758,8 +9771,9 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), BPF_EXIT_INSN(), }, - .result = REJECT, + .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", .errstr = "R0 tried to subtract pointer from scalar", + .result = REJECT, }, { "check deducing bounds from const, 2", @@ -9772,6 +9786,8 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 1, }, @@ -9783,8 +9799,9 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), BPF_EXIT_INSN(), }, - .result = REJECT, + .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", .errstr = "R0 tried to subtract pointer from scalar", + .result = REJECT, }, { "check deducing bounds from const, 4", @@ -9797,6 +9814,8 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types", + .result_unpriv = REJECT, .result = ACCEPT, }, { @@ -9807,8 +9826,9 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), BPF_EXIT_INSN(), }, - .result = REJECT, + .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", .errstr = "R0 tried to subtract pointer from scalar", + .result = REJECT, }, { "check deducing bounds from const, 6", @@ -9819,8 +9839,9 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), BPF_EXIT_INSN(), }, - .result = REJECT, + .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", .errstr = "R0 tried to subtract pointer from scalar", + .result = REJECT, }, { "check deducing bounds from const, 7", @@ -9832,8 +9853,9 @@ static struct bpf_test tests[] = { offsetof(struct __sk_buff, mark)), BPF_EXIT_INSN(), }, - .result = REJECT, + .errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types", .errstr = "dereference of modified ctx ptr", + .result = REJECT, }, { "check deducing bounds from const, 8", @@ -9845,8 +9867,9 @@ static struct bpf_test tests[] = { offsetof(struct __sk_buff, mark)), BPF_EXIT_INSN(), }, - .result = REJECT, + .errstr_unpriv = "R1 tried to add from different maps, paths, or prohibited types", .errstr = "dereference of modified ctx ptr", + .result = REJECT, }, { "check deducing bounds from const, 9", @@ -9856,8 +9879,9 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), BPF_EXIT_INSN(), }, - .result = REJECT, + .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", .errstr = "R0 tried to subtract pointer from scalar", + .result = REJECT, }, { "check deducing bounds from const, 10", @@ -9869,8 +9893,8 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), BPF_EXIT_INSN(), }, - .result = REJECT, .errstr = "math between ctx pointer and register with unbounded min value is not allowed", + .result = REJECT, }, { "bpf_exit with invalid return code. test1", From patchwork Fri May 28 10:37:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ovidiu Panait X-Patchwork-Id: 450033 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23AA2C47090 for ; Fri, 28 May 2021 10:39:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0BF8A613B5 for ; Fri, 28 May 2021 10:39:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236603AbhE1Kkf (ORCPT ); Fri, 28 May 2021 06:40:35 -0400 Received: from mx0a-0064b401.pphosted.com ([205.220.166.238]:46590 "EHLO mx0a-0064b401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236608AbhE1KkZ (ORCPT ); Fri, 28 May 2021 06:40:25 -0400 Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14SAaPMd004646; Fri, 28 May 2021 03:38:35 -0700 Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2104.outbound.protection.outlook.com [104.47.58.104]) by mx0a-0064b401.pphosted.com with ESMTP id 38tqu5ra1t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 28 May 2021 03:38:34 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eRI6keoGm/dXKfsAd1nJHgwUfHp50Pm2rWTW92rTMgf/2zn8Sp5C7wJGJuTzrIVidTJfUv1C/wz0PQhtjTqfVK1EbsPVC+VI49JCWTfF3gHwpq3xBwNUa8drJ2bAuDhJ2Qr+GTxr+NpuoOY596Oyrx0n9EOrZDEtepXarfru86qkms/Ay48khbgnKdoE+psAzw92EiJLJVh/2+16GQlniMyygXB/cuDnbdmtUW90wSirygu52SLu0xt0/JMJPx+i8+hfm/jfAOcga0crP0hEx8ZTORIbc4pAMnC2j+n5kgxQizS+4W/nMEWuSh/3WUU7wA2L/HoS9O9PMZw8Ok3/iQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xRmoQRVmrgXAjw29R5fGwGAKf7Spg0d+6ui2tLZYW10=; b=jI/kjfYd0EaIWDTjHJcLr+FNNslXxzUgbN3WFvzTgGi7jL/ahfibJzXN501icJEfT8R1A6r94mWNmOTACrZ5zSNEvd8p06BUgdOVVo+0j9lpDtNpMliQMg19Iajg7eK4+kG26NqtfQQWhUlYp5SF+uKn7tc2PhnNRFI3eCsqiYV/CTRAepXKHXhuKP4Z9ivf43cTzoNvAf3fDPubafIF3WH82F0icG4K2pYCjvA6ic+x6e4YvUYOs4zyzcnEpIaGJ0hNmJp392PBT2TXtAAF4nVVWoxombAn/TYTtGYcJgirf18LB3xyWC7URHZ1CgLsov9yOIlPnij2oZe86vWq5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriversystems.onmicrosoft.com; s=selector2-windriversystems-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xRmoQRVmrgXAjw29R5fGwGAKf7Spg0d+6ui2tLZYW10=; b=IgHyIH3iHXNafuuAOiK5oNV63PSTYZpB4MWHTgf1JZX60Lz8TqiRNFBhh3nrjx0HARG6w+u/VdAB4z9rOldjlBhrh9z2XUN9o9T83NKxv1Ob2C6zdG4onbap5DYvWPtRNnLNxLn6xz+gCOB/gfFdzr1bh79cQXZUuoJ9NmhvMEA= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=windriver.com; Received: from BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) by BN6PR1101MB2097.namprd11.prod.outlook.com (2603:10b6:405:50::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Fri, 28 May 2021 10:38:33 +0000 Received: from BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33]) by BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33%3]) with mapi id 15.20.4173.024; Fri, 28 May 2021 10:38:33 +0000 From: Ovidiu Panait To: stable@vger.kernel.org Cc: fllinden@amazon.com, bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net, yhs@fb.com, john.fastabend@gmail.com, samjonas@amazon.com Subject: [PATCH v2 4.19 03/19] selftests/bpf: Test narrow loads with off > 0 in test_verifier Date: Fri, 28 May 2021 13:37:54 +0300 Message-Id: <20210528103810.22025-4-ovidiu.panait@windriver.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210528103810.22025-1-ovidiu.panait@windriver.com> References: <20210528103810.22025-1-ovidiu.panait@windriver.com> X-Originating-IP: [46.97.150.20] X-ClientProxiedBy: VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) To BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from otp-linux01.wrs.com (46.97.150.20) by VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Fri, 28 May 2021 10:38:32 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 85c01f51-ff58-418a-2fc3-08d921c4bded X-MS-TrafficTypeDiagnostic: BN6PR1101MB2097: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:121; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0DHIGv9IsICCeGz85ZIYHJ8HXI6JK6Ih4TeVjVu5XFcofwL6tSwrdGHQ2bdcogJSRKWiR5Fh9ae0gCwsZU24sdo5X0VixRNRxPMyxIJ/R1R2pYeMcT10EO2pfht9hx56d4gVExFkn9nfsjPpy+ZvVqjHDZSbhjpLA8XpNBR3D8Pxt2Wsv3dgv0e5v4Y3VYiJQaz1pB6BujByb4mRLRfsKm53Jd7BlVuJvKU/1WBqW4fgpm5Hdnwb4712jPBfi92kKBD0ooGnBPCNP2AKEOMeW8air9NgDzNEb0Cgjn0ZcGvT23TnE/sCg0N0gdn1Dx9PkA7GW8zaGpVZDUd2TZnQSHeguh8fvX8DpzRJJG5u8zDuZkDZgOXdGVQiGebRg9mwX5kf9udEbDhO0kDksVDuEU3NRIsX77/iMCqYL/sr6hrWynOI4XWUwnX7V3CZgL4kwmYfpTNRzRF2jx/pgqLuM8NF9w032PmntwnhDcg7PCvjxRqvn7tTyc8PSyUSgXYXjQEGAjG21y9T7HS2+8GCQZPZLEZ65S9nUbsD7O7+n3V85VkYPYV5VzfXVygQxAGl9ZhYaMKhUZDLHmPzoDE6U/1e7k3kd1cLM3Kbp7m5GNGj988Livrs0wZZL9QbZSHybtlZCgdDOjce2HezcQHTfw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1956.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(376002)(39840400004)(366004)(346002)(86362001)(478600001)(2906002)(6666004)(38350700002)(38100700002)(4326008)(6512007)(66946007)(66476007)(66556008)(316002)(8936002)(6486002)(52116002)(1076003)(5660300002)(956004)(26005)(2616005)(8676002)(16526019)(186003)(6506007)(44832011)(6916009)(36756003)(83380400001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: SktyY1+r6SZHhKwKoqKu8p5Czry05t0G//L5tX9G9Dz9sToSdJSnmc+SlLJeTI7o+KU/PbPasq1DwOUGtZ42XD0UKJ40VFouyFSNOtXAUWflZXBYgIM+2H/RFKTOLF+m/GdYRaSG+ZpxtS+Yxura4J5+YD5c90rYBeOTrYhrG2T/VFGn9RokrqtX7uZsrfZy4+yYxYDQr9Pmz0fdGwg4iKGnVxAplcG9uTNXazzKeWDNsa/BEEJvCe7FZdwsM1VFSZMqzl7EWzfHBFMHg1CC01hngYq9zCHSlT3qcxcPFH3PqYXXtx6O38P3OuJ2I4o+k6LCbqYpROefQj7FMs5FuNwyWxR1+OdqG2gzlbl/YHH8oFdUUf9YzTdbemnFjto71dA09JGQp8WASPDDMyMUkEA5Gv47cx619mU+QnfzyzwAjTM3R3PB3CDhIIMhJFjZtnVac6I+BX1HKmLziNqtAqEXzhkf6SwVdYodka39V2POd6DBAD7z2hkDcW4ARmyhR0FZyUr1y7GQJScnx5OFMC3Op2qiLWCBIXzYvrranSkaSmbRkoETjQEJEoM8H6kXuZaH+Vds9z2abrFfJVuLNmU4QsIdynlrsecdG/U8a4/YO5DGUdQEb7nKpoq319foROLtgXldD8Pq4AFPDn9ZeTPUqLpYPy4FTLr3A26m+NqNfxtn7EoNYvVWtXd/xF4dM769wr4tgnCgM6H/yhDkrAGJG88YkTmL9VjgGovWN1hc1w1zGk7z4RnS7kr2rNSPf64ojWpA4SP+Gvct/s3hgZxfSeMGX34Z1ofBjCxXpN5Updb8CWFZpvV6veV1jnTU30Suv9O/GD67YMG5pUPEC8bUPGJ/xYKSDIv87AauOM9VW+8EYrmz+kQoDghZwvdvtxXYCa6BM5GjIuMUeW/bxqN1Csjx8u30JqA05GyF5AQupLePHaqW0iNh5Uxg/w6lXk1N0W0RDD6pRL4jrzJq6F1stChOz9t8KCJOnwpWwukbTLUqTGEpdXe8de9/j4HT+whnGDyAUiGJnTX5xeHcONv+Zk/PQsNnVbUWomAuY4fo9IbsG2T3cPWTUDzPOzTKetrC15nHEet++CFB023MAuDPXCh06OMZMRP2N7/MWaB+EhqHP7wIPNarGr0kk1NgEQ6piWzN08sD2S+CXLq2/P3M38XOyH6GeZ1wQhp72kWuTraCPBo4zGgqhvzmbRt0cZWBxBbKb0U9Lzs2TJq7I5lyge3fkGgYInEatEJDYj04noSoU31VaM6w3zi5qw43lmoUDnUOfKgdblWwVlchn/pdYeRO3UuOjG/TaqoxeG7qklkBra0B5dB9aFSxrinv X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 85c01f51-ff58-418a-2fc3-08d921c4bded X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1956.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2021 10:38:33.4909 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fH9r1UBwwpz/ysv2TRIz4qvJUm+OYUtZjc8B2XrUnrBKyal7KK0qdW3XIpMDg7GgXkO5ee7Nl/+YmAgjUPR30DATP2lxWALonDXg4hR+R7Q= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR1101MB2097 X-Proofpoint-ORIG-GUID: 1pnuoV-cOfeMHnQf-ZDQYK52KN_Iu2dI X-Proofpoint-GUID: 1pnuoV-cOfeMHnQf-ZDQYK52KN_Iu2dI X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-28_04:2021-05-27,2021-05-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 adultscore=0 mlxlogscore=880 clxscore=1015 phishscore=0 impostorscore=0 mlxscore=0 priorityscore=1501 bulkscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105280069 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Andrey Ignatov commit 6c2afb674dbda9b736b8f09c976516e1e788860a upstream Test the following narrow loads in test_verifier for context __sk_buff: * off=1, size=1 - ok; * off=2, size=1 - ok; * off=3, size=1 - ok; * off=0, size=2 - ok; * off=1, size=2 - fail; * off=0, size=2 - ok; * off=3, size=2 - fail. Signed-off-by: Andrey Ignatov Signed-off-by: Alexei Starovoitov Signed-off-by: Ovidiu Panait --- tools/testing/selftests/bpf/test_verifier.c | 48 ++++++++++++++++----- 1 file changed, 38 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c index 29d42f7796d9..fdc093f29818 100644 --- a/tools/testing/selftests/bpf/test_verifier.c +++ b/tools/testing/selftests/bpf/test_verifier.c @@ -2002,29 +2002,27 @@ static struct bpf_test tests[] = { .result = ACCEPT, }, { - "check skb->hash byte load not permitted 1", + "check skb->hash byte load permitted 1", .insns = { BPF_MOV64_IMM(BPF_REG_0, 0), BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, offsetof(struct __sk_buff, hash) + 1), BPF_EXIT_INSN(), }, - .errstr = "invalid bpf_context access", - .result = REJECT, + .result = ACCEPT, }, { - "check skb->hash byte load not permitted 2", + "check skb->hash byte load permitted 2", .insns = { BPF_MOV64_IMM(BPF_REG_0, 0), BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, offsetof(struct __sk_buff, hash) + 2), BPF_EXIT_INSN(), }, - .errstr = "invalid bpf_context access", - .result = REJECT, + .result = ACCEPT, }, { - "check skb->hash byte load not permitted 3", + "check skb->hash byte load permitted 3", .insns = { BPF_MOV64_IMM(BPF_REG_0, 0), #if __BYTE_ORDER == __LITTLE_ENDIAN @@ -2036,8 +2034,7 @@ static struct bpf_test tests[] = { #endif BPF_EXIT_INSN(), }, - .errstr = "invalid bpf_context access", - .result = REJECT, + .result = ACCEPT, }, { "check cb access: byte, wrong type", @@ -2149,7 +2146,7 @@ static struct bpf_test tests[] = { .result = ACCEPT, }, { - "check skb->hash half load not permitted", + "check skb->hash half load permitted 2", .insns = { BPF_MOV64_IMM(BPF_REG_0, 0), #if __BYTE_ORDER == __LITTLE_ENDIAN @@ -2158,6 +2155,37 @@ static struct bpf_test tests[] = { #else BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, offsetof(struct __sk_buff, hash)), +#endif + BPF_EXIT_INSN(), + }, + .result = ACCEPT, + }, + { + "check skb->hash half load not permitted, unaligned 1", + .insns = { + BPF_MOV64_IMM(BPF_REG_0, 0), +#if __BYTE_ORDER == __LITTLE_ENDIAN + BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, + offsetof(struct __sk_buff, hash) + 1), +#else + BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, + offsetof(struct __sk_buff, hash) + 3), +#endif + BPF_EXIT_INSN(), + }, + .errstr = "invalid bpf_context access", + .result = REJECT, + }, + { + "check skb->hash half load not permitted, unaligned 3", + .insns = { + BPF_MOV64_IMM(BPF_REG_0, 0), +#if __BYTE_ORDER == __LITTLE_ENDIAN + BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, + offsetof(struct __sk_buff, hash) + 3), +#else + BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, + offsetof(struct __sk_buff, hash) + 1), #endif BPF_EXIT_INSN(), }, From patchwork Fri May 28 10:37:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ovidiu Panait X-Patchwork-Id: 450030 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10A9AC4708F for ; Fri, 28 May 2021 10:39:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E6732613B5 for ; Fri, 28 May 2021 10:39:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236564AbhE1Kkl (ORCPT ); Fri, 28 May 2021 06:40:41 -0400 Received: from mx0b-0064b401.pphosted.com ([205.220.178.238]:45170 "EHLO mx0b-0064b401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236450AbhE1Kkb (ORCPT ); Fri, 28 May 2021 06:40:31 -0400 Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14SAbdBc005736; Fri, 28 May 2021 10:38:42 GMT Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2105.outbound.protection.outlook.com [104.47.58.105]) by mx0a-0064b401.pphosted.com with ESMTP id 38thqe8hkd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 28 May 2021 10:38:42 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JvWQV/rG5kq4Y2ZQVZqXN7+4sakh/JEPi16eUskN0NFC3335uTaeALuGCF5yr3VUAEAcn9Mdl1e3MGDlqyn53T+zSImF7tZMvf8shgk5aRAyk692WBPu7vXJGuuTvMzX4gQ9QGtCyrFu47PxI00pCWsO65qbeXSW+CX9CYSm1I6mp+i3AR/cmSROm1eTd7dVWqo1/e7ynK9SSP+lp3zHl2aQxoWIfXkEgoZRkjKB/suLo7AXp6wx39e3jPD7S32lOTUeqlQx26S4HbVyIJq0bZHbRkT5qEVLp4wlunBsEKzahJh8j3KNdoTS95tXDp8K+zxNJckq3oVpm16+xYVDVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k4qT7noI1OEzVYrPoKVIu5aFwxO+xcd9frlrQtHDc0k=; b=U/yITiSAUrV7mGOJb8s0wrrLmUomn+zbYUKiuFi53mnOd6RayfRXD4UP4HqQ7qY3YIC01pEgQ9a6iiQa63vR3dJ9yS3N3ZSM4R2AJzlVQR4E1jMJWqHUo0yCsOEYeQ069LZ86PB4+oHO1jwgYlULxazH8QDYkkhMfLeefDr8NDOQglpoZGEJ+Igu99no6ZOTQ1xmXx2ZOmPwXMZi9GUD1arvFPvqmUUv1fK42epcX6/oKUQss36waIMBff9be5Ec7gn1szme81n/1IGSqxI2Uu4Swpx2mDAo5KT9s5tlUEb9IrLsXA1fXbWSuWNSJ+pbfgzT+GN2k77GFL58zYohpw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriversystems.onmicrosoft.com; s=selector2-windriversystems-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=k4qT7noI1OEzVYrPoKVIu5aFwxO+xcd9frlrQtHDc0k=; b=IMJLu3AN/NEO6tkW/mpN9pAi9Kc1+JVGWmhHzhb3GR+gl5iMNa4OcyOrNAfFD6kkkc1afRJ0Uvlqdg+/sAlG0B6EdCHXB5hb8SYyQgzZC5XQyEQSmVwitPc6Fa0vrk4ZIomhpn/PoQVAFCvgho6VbJN3gLCi5EiDnvbhPzvXRU0= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=windriver.com; Received: from BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) by BN6PR1101MB2097.namprd11.prod.outlook.com (2603:10b6:405:50::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Fri, 28 May 2021 10:38:40 +0000 Received: from BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33]) by BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33%3]) with mapi id 15.20.4173.024; Fri, 28 May 2021 10:38:40 +0000 From: Ovidiu Panait To: stable@vger.kernel.org Cc: fllinden@amazon.com, bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net, yhs@fb.com, john.fastabend@gmail.com, samjonas@amazon.com Subject: [PATCH v2 4.19 07/19] bpf, test_verifier: switch bpf_get_stack's 0 s> r8 test Date: Fri, 28 May 2021 13:37:58 +0300 Message-Id: <20210528103810.22025-8-ovidiu.panait@windriver.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210528103810.22025-1-ovidiu.panait@windriver.com> References: <20210528103810.22025-1-ovidiu.panait@windriver.com> X-Originating-IP: [46.97.150.20] X-ClientProxiedBy: VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) To BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from otp-linux01.wrs.com (46.97.150.20) by VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Fri, 28 May 2021 10:38:39 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ee65c974-4dc7-4953-99d9-08d921c4c244 X-MS-TrafficTypeDiagnostic: BN6PR1101MB2097: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DL3QqXRIOBOjKgRfFQr/j3DXQsPaylcpCsX9dWQ3+okTaaf5diH93VRFW53Z4nrS+MEQzrEsdWecs/BG+zRv/aaWqlCyFXzOek19UjOQgXa1B4JrRLjUsdb0IdErSctmOpz55LZFYiPvoRHO1ZaRHFHzWLZ6aO+1De+eVNP/eBV+b8wehgeVcjYGZDBHW7qDaeF4mArjf6Ie2/BTw69VKLhhU7wIo7Rnou/s0v1rfSOluE4NlPA6flyJbSVdmcDY5Ij9AMWQCEln4N/s6tM/iL2hOYDo8kOqgteK0z4oNNmi3P6e1ybxNk6xjRHSNfVs6QuY7TWgsN/t6tYF5YxAHv6Fon5r9H2qeAi2Dow4fbb5ivisuXA7epPeQIiKCAS3aqV9oi9+cfjB4DQCsuFA0ZGq0RLVRAl+96oW2dWIrD/8BPjWoOc25NabxhjF9F9+8c+9Z205iipv9XZDU3a7aMp+IrpK9qyog1lwNoUZvfI1do6XlDpPUpgbqAyyxypXzD+J8JuKnSnXaFT8ARmmvnXb38Dw/HoYL9BWJrA/SU/LfOE9FlJGnHzaPm/NvWoRdhI+C1LR+Hj1AnqG/wB+KlGIzNIHuH8Q+SWl5mmp18NgVuFhrhG+sPmnY+BEIxlKchglOssdWkTWCNjd7AV1Bg== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1956.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(376002)(39840400004)(366004)(346002)(86362001)(478600001)(2906002)(6666004)(38350700002)(38100700002)(4326008)(6512007)(66946007)(66476007)(66556008)(316002)(8936002)(6486002)(52116002)(1076003)(5660300002)(956004)(26005)(2616005)(8676002)(16526019)(186003)(6506007)(44832011)(6916009)(36756003)(83380400001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: dCcetdvs0UMkRq6ZL3Yal128xuWdSNij4uphe4v+m5ZYdUXV8lwVn61n0mZyN+URBEnuvxIoK4xBA65oTN0l2N0qZkloLaxPloGYpvf+tn72fxatdz+bcQu4J7EypcDyOmo5OyPgv9g0SccC4AZb6L8Vtku0JiwbobwHLtFtIbsfm23jW7xdY8Vmu0J6hT+P4BXdo+QI5fGeYpi+YofrSogCCBaXXnTYIz2BnlTDWwJvlOWva6tkrkSDladX+032GAy1QKi1CRORCY8uWPoq6idFof3JejNWo+/nQTCjpweJEu0uysUqk1NDo8JE0Nc14rrNRRhXEHDOBAKHoWbc9+7QmBy/fdC55asH8abAZBcOBsptHPMwI6jVtUZdLwpLcK0bVZvJIjyfFK2isB3PsBU7pSAetTnzEbJjH3mUQBZOkOjsK3ou1fwbJlhTqk3INdFLcGlJzFnC7y4+MGU0guoo/RWYNuF44bwEzg92imcIpU1y3QRXWkyO/GQ7c/D+6pmRykmulViA5o4+mHpdhlusozaRh5H6cpX3Pr/VWmW8jV4YSaQNxFyKwChgufy6ZpuEHhEdI73324YeogsucI73TQ+lxnw2y7toEmOsaUlDaf/nnn35SpkheFZLq+OvK72X7gSSDZVuTEcThrFag1LJ7J13qi+asE4cJ/Q1pUXPa57QbqgCz7sri1tXUqp9mBnU9WgLmtjiySAqVmEDzPxFt1Jflqal3ouuOFkFUMkVf7DX3MgZPd0zlfKJVEZeqS+AnbST2JFOnzYEuxRQGr0kyehJHon2tmg3VkyWgMz0Xu7DRosu3rjQtVvoWzl6BO4YBEutnHlRR9cf7fxoBUKXdcZ2++MU9I9WO1HFZ5c2kYk8R4CNTNcYMSbQ2udKvsS7U0krIUiOMmTw9Tzp0F0pY+fgtIBmqbZ3YgTkHKphNC8U1iiRINJD+k+XsLSjZGX2/Xsa4/dRqIG3f6YHYj/Fqk1XhAj4OfgQxMdyEHvR2Jh8Sutq2cZW6ARHAL78Ss7fe/PNAJubXIkWzw/eGY0c8ucJhSKJp1uWupv5T7NmHtq0wTOwzM1ZVsO/Gr4M2BX1OC3VIq8saLLe+9bZUfc/Oh/O02vsUMeOjPwTJTaqzFencibSvdkuPQwKkuDtSlhVR2/l2YMiI9RGCE4OCJ3VW5bUAeEhT4VJfFRpwLCKilmlo9MHRVBnuesH000/6tB3iYoGwcQoluFhey+p7Im7K3PssQNcoz+V5ycFD07+YyT5GJNRcni3Cwca0v+kzdwr2kbmLrZM/grrxQmzobaYKban+ZnJ387VNZIlWAgqXWHHNnAURlDZif/bHGdA X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: ee65c974-4dc7-4953-99d9-08d921c4c244 X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1956.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2021 10:38:40.8137 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: vpQ5g6jfWTZSi38Yx3mZQpMxurt0hHTG+m6VjGaw+rZwA6vGF1aXuoW1Ci9m3c2eNU/dqAlylu696iiEN0Lj7QVd2S+FB20DI/rkxUWauQg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR1101MB2097 X-Proofpoint-GUID: Lv_AH_yUjLJCKly_YXy67wNi9YBbd1T0 X-Proofpoint-ORIG-GUID: Lv_AH_yUjLJCKly_YXy67wNi9YBbd1T0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-28_04:2021-05-27,2021-05-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 adultscore=0 mlxlogscore=999 phishscore=0 mlxscore=0 impostorscore=0 malwarescore=0 bulkscore=0 clxscore=1015 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105280070 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Daniel Borkmann [ no upstream commit ] Switch the comparison, so that is_branch_taken() will recognize that below branch is never taken: [...] 17: [...] R1_w=inv0 [...] R8_w=inv(id=0,smin_value=-2147483648,smax_value=-1,umin_value=18446744071562067968,var_off=(0xffffffff80000000; 0x7fffffff)) [...] 17: (67) r8 <<= 32 18: [...] R8_w=inv(id=0,smax_value=-4294967296,umin_value=9223372036854775808,umax_value=18446744069414584320,var_off=(0x8000000000000000; 0x7fffffff00000000)) [...] 18: (c7) r8 s>>= 32 19: [...] R8_w=inv(id=0,smin_value=-2147483648,smax_value=-1,umin_value=18446744071562067968,var_off=(0xffffffff80000000; 0x7fffffff)) [...] 19: (6d) if r1 s> r8 goto pc+16 [...] R1_w=inv0 [...] R8_w=inv(id=0,smin_value=-2147483648,smax_value=-1,umin_value=18446744071562067968,var_off=(0xffffffff80000000; 0x7fffffff)) [...] [...] Currently we check for is_branch_taken() only if either K is source, or source is a scalar value that is const. For upstream it would be good to extend this properly to check whether dst is const and src not. For the sake of the test_verifier, it is probably not needed here: # ./test_verifier 101 #101/p bpf_get_stack return R0 within range OK Summary: 1 PASSED, 0 SKIPPED, 0 FAILED I haven't seen this issue in test_progs* though, they are passing fine: # ./test_progs-no_alu32 -t get_stack Switching to flavor 'no_alu32' subdirectory... #20 get_stack_raw_tp:OK Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED # ./test_progs -t get_stack #20 get_stack_raw_tp:OK Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Acked-by: John Fastabend Signed-off-by: Greg Kroah-Hartman [OP: backport to 4.19] Signed-off-by: Ovidiu Panait --- tools/testing/selftests/bpf/test_verifier.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c index da985a5e7cc5..662d6acaaab0 100644 --- a/tools/testing/selftests/bpf/test_verifier.c +++ b/tools/testing/selftests/bpf/test_verifier.c @@ -12263,7 +12263,7 @@ static struct bpf_test tests[] = { BPF_MOV64_REG(BPF_REG_8, BPF_REG_0), BPF_ALU64_IMM(BPF_LSH, BPF_REG_8, 32), BPF_ALU64_IMM(BPF_ARSH, BPF_REG_8, 32), - BPF_JMP_REG(BPF_JSGT, BPF_REG_1, BPF_REG_8, 16), + BPF_JMP_REG(BPF_JSLT, BPF_REG_8, BPF_REG_1, 16), BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_8), BPF_MOV64_REG(BPF_REG_2, BPF_REG_7), BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_8), From patchwork Fri May 28 10:38:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ovidiu Panait X-Patchwork-Id: 450029 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 793E7C4708C for ; Fri, 28 May 2021 10:39:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6570A613B5 for ; Fri, 28 May 2021 10:39:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236521AbhE1Kko (ORCPT ); Fri, 28 May 2021 06:40:44 -0400 Received: from mx0b-0064b401.pphosted.com ([205.220.178.238]:51646 "EHLO mx0b-0064b401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236608AbhE1Kkh (ORCPT ); Fri, 28 May 2021 06:40:37 -0400 Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14SAclHu006603; Fri, 28 May 2021 10:38:47 GMT Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2100.outbound.protection.outlook.com [104.47.58.100]) by mx0a-0064b401.pphosted.com with ESMTP id 38thqe8hkg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 28 May 2021 10:38:47 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c1i9i9rqOriZdD2NpItcm0HMP3VUZO21LhDdcV0cNPIrNAVhnb+05AKEohLQXjZNgYcfyEUhO75OXaMmox+YpdGVPAVt6SzwS/K8Rwbych3UhZLSlnXHjJLrV3yvLavJBZZz3HaX1LTgQwiTkXVojMFByIyh87C6yVKrT1lkIESIOHl8zNS1gGfZY90SqT58okjVtVdstXAnggMAV7vldjbvGGyYTmx4hxswZyWEp70Ys0vnuqRrweA6gcy9LBLPZx3fr8tYijsUIPhoWLpiHhPIAwg6DD0hIyYoi1x32PZpjv0yFKD3IlT93tJscP7tJ+UtLW+B3u/EETCpDwhnbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oeHy7BDpf8VqCZ03gmsoKZm4AMG/N9rdMwBNZ6rocm4=; b=gYuyvUyF5QoIlRJbfcOO2m0s5iFfIoHzZYm7hP4VQzTiIu/VH2Fqgco/pJ1JW8JQa5inQzSwrvfQe2Wwm8xC2nnMYaLAzTFJYUKdnYd0Fm6lpjdwfqqtr9WsdHqP9pQCHAq26G/p/8crWFpv8eL/mjjzmDVFEJbs7uSKuDrQ+ISJpFfnAurBl1rnYyOxk71oR0WTHcNEWdy/5LUyr8IcAIHarmKc3eegJDyHQ87xHKhc+qzhC/n7ABiFw7Toa+QhDREj0/dxR/dLMdI/p8W8heC8reu/kFoETBZhnir4dinpwzQs79FaJpZO9dQJZMVXpF+5gws5xyGGkJ2bxcb0DQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriversystems.onmicrosoft.com; s=selector2-windriversystems-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oeHy7BDpf8VqCZ03gmsoKZm4AMG/N9rdMwBNZ6rocm4=; b=fIq7d2g8cM91qjGJfNQKCQ80gbLkf7ofnSEl1hjK3cW8qewRTARZmrsaXUuXaYoaOjGm0/FMKxWPUARmFtu0BqfkmetJWxEh9tgY/g0bftRUz9bTQbUE9vEVcSIB3JfDqk0yM73bIpQg3Dm7Rgcgq67ro46LDC2xpb6yvBMWZkQ= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=windriver.com; Received: from BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) by BN6PR1101MB2097.namprd11.prod.outlook.com (2603:10b6:405:50::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Fri, 28 May 2021 10:38:46 +0000 Received: from BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33]) by BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33%3]) with mapi id 15.20.4173.024; Fri, 28 May 2021 10:38:46 +0000 From: Ovidiu Panait To: stable@vger.kernel.org Cc: fllinden@amazon.com, bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net, yhs@fb.com, john.fastabend@gmail.com, samjonas@amazon.com Subject: [PATCH v2 4.19 10/19] bpf: Rework ptr_limit into alu_limit and add common error path Date: Fri, 28 May 2021 13:38:01 +0300 Message-Id: <20210528103810.22025-11-ovidiu.panait@windriver.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210528103810.22025-1-ovidiu.panait@windriver.com> References: <20210528103810.22025-1-ovidiu.panait@windriver.com> X-Originating-IP: [46.97.150.20] X-ClientProxiedBy: VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) To BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from otp-linux01.wrs.com (46.97.150.20) by VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Fri, 28 May 2021 10:38:44 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2a29b8ad-0525-4c47-f891-08d921c4c585 X-MS-TrafficTypeDiagnostic: BN6PR1101MB2097: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:400; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: gCt2mDGCYk/GtDydWZRjDzpevlq0IVxeycudx5G6RtwqIp3Z8LFEQs1sZKO5HHgkr41Xhho6FWg/7hkttctINQhGjwyIi7s4nJHt311CF1WiVbh2CWqsn4DbbVDbXsmc6zW5PaosI2H7YKHsk/HOxdm8nJx2xFrJ+DopFJF2fXnnnMXJM8suERhQgw8/ABvlWNYH8zLis071oa1BdrS/1WmgOWm+aNbm7gDCU+e//pGtVTURawUS2cIWfpcw8en7VO1X6HwM4WkK54efzNdGErMprEsk/IdQdG80CwidIyhq0pS2/UZG+FRKOly5R/7UEuS7sb6YvxurCDmUjm1jI+X1Y2N5e3FywxXbXWmM97iV/Y3dCGK2kiOr0INYa6sOx7jYtD8R1fWoNZltSsTICnNETHSLyXsvxd4A1jqrX71VsrMHqm/lFRgMKyn+cvZazcKmHzYxDVO+Owqe9VpMk88b3DSwqcp0HMwIEiRoivO2hdfEI4gpgo9uDSLC57EGxAVxOYPTB/NcGE9FeHKKQQy5AwE0GwAeyHQqcZs6CxMYnMJ/Haf3eGBPwSqsMiRSCuCh2y7C59NPazrZ9rs0Ip/M85jGffz23gy+yNDWa3Jlf93Ci8GkbE6fFRO4a3oAE/krknbvzPOn3C4E59w8Kw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1956.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(376002)(39840400004)(366004)(346002)(86362001)(478600001)(2906002)(6666004)(38350700002)(38100700002)(4326008)(6512007)(66946007)(66476007)(66556008)(316002)(8936002)(6486002)(52116002)(1076003)(5660300002)(956004)(26005)(2616005)(8676002)(16526019)(186003)(6506007)(44832011)(6916009)(36756003)(83380400001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: IJXH/VQIJx5dwmoLl+BUrS39pXhWOKoFTZooWP/pM5BujXaypmPEVs8sZfd0k8IqGwixA1kA8biZx3boYtLdarUMqojp2Ds+7ua9LtM83utq5pcqoD+5ps6FLfJmk6RibPkE9IHkhpV7c/wgMmI3kd+Lxk3euDI9dP66KLkl76uq0XAJas5s7pF6QCsxodFp1o3N0gMKd+35M3GC5pQZoj1gP4K4UepgF+N0cZkCxWFOY9EfPWMU7FlYO5fLGYDV0w3QfRXoK5ChpFs7AxX5JAlCnKwxsu6KOrW/6lrNYvlzOwxzAAIhold+6eZ/S9GiVfbZdmMIHR9j6A0nWRjQYCsit0qCy/grfgUDrLR54UzrMsgWnFFYzuZbaiDmMyRwVHwj9it6aggAMhg9FiVlXYiYJr5pDVp46NdpnI7bTSOFVMTro4lCj0CDuuB4nq2mfc2W1sBLErMwvGomN1Z9BLz2B3C9hmQLL1dA2LiBU8W2fQA281W9ybOR9KWaf4ckypaEiBlGBh60o8ntdKoe6ghJAKefFbJl01Oi69mAd2Y8huSJ91DNOqRzwM5ffIbl9Q4lPC4pN8nDP0e9YpZUBSFmtqbbwfEy7MJXtQwmmzxS5CvzcmdZQA0oKI/XsthLlOJeAgoq2CRFY23ZCInmUoSRTL2S72zadCk8bI/bjBDp+h6yedhOVBIspnGt2d2jv1t6QNSDmr8l1JXsHLp3znCy4vkJxTN+hcGkBekb0gK8Y3DCf1NZgSajW8q3o2M0/OurGetpfkCOOH4KEjIbM5JxVgBM9Pvp/OFvV3xheSDqQDI4k89LocMswdkqVJ12AWPP1gkuvnAqgRayqhweXNYMPHgGZJAnKtBsDIKO1WZDnyAuJ8TccfVtbRKeKDNXlS0DFEqQz4tuseiGrEuWWwYO34dZuKCv1ypG4B7nzFoz9Yw7UiKSBuI3s1EfXhW6EfXsB2iqGrfAREVMicTDv0x9vHV8WFHU8p9ezDNY1LhS5Qx3oc7/TNWq1w9EQyBraHRQiXzjmi07ZW5T6/I000oYceOv+uAdpCjTQ2Oc3JfoeBjuCCSlnjKpot3BnH1WIjN0gzZ8q0ZNl3U8nQKgzjjJCoLa8QBwcfCPdbMsiDxKYgah2NZTH6nr+aaj0l51I82TO3lA/gI14uXn2VNcucowXxyfrbBhPJyupU9NWmLrq71ZZA7wwoATlfl642lps3CIM6/C4Jqtr6EM+otBRv24hpYi3f4FUQxpp1xBOepx8Fw8npFVX1VfccQqgTyc4QvnyjeSTb+dUm4Mefnktc/6XcpF1ar/OGMg+rGPcV8kPjPLjcnQf/fZnqYjdUhl X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 2a29b8ad-0525-4c47-f891-08d921c4c585 X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1956.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2021 10:38:46.2363 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: N7Q3lrv0q8b9ay/xMIEERwcdJ6kNxSz4ll1wIuRsc8cjA/TS2pCL5NaYVZntx99BVjO1/CbtmKirFtCPAQ9O1X1ozM1u714hd5SIhNlDVas= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR1101MB2097 X-Proofpoint-GUID: wEKu88zW8MN5P3hm2_CsRrtjcDEfAx4M X-Proofpoint-ORIG-GUID: wEKu88zW8MN5P3hm2_CsRrtjcDEfAx4M X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-28_04:2021-05-27,2021-05-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 adultscore=0 mlxlogscore=999 phishscore=0 mlxscore=0 impostorscore=0 malwarescore=0 bulkscore=0 clxscore=1015 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105280070 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Daniel Borkmann commit b658bbb844e28f1862867f37e8ca11a8e2aa94a3 upstream. Small refactor with no semantic changes in order to consolidate the max ptr_limit boundary check. Signed-off-by: Daniel Borkmann Reviewed-by: John Fastabend Acked-by: Alexei Starovoitov Signed-off-by: Greg Kroah-Hartman [OP: backport to 4.19] Signed-off-by: Ovidiu Panait --- kernel/bpf/verifier.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index cdef8c7769ef..adc833c6088f 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2731,12 +2731,12 @@ static struct bpf_insn_aux_data *cur_aux(struct bpf_verifier_env *env) static int retrieve_ptr_limit(const struct bpf_reg_state *ptr_reg, const struct bpf_reg_state *off_reg, - u32 *ptr_limit, u8 opcode) + u32 *alu_limit, u8 opcode) { bool off_is_neg = off_reg->smin_value < 0; bool mask_to_left = (opcode == BPF_ADD && off_is_neg) || (opcode == BPF_SUB && !off_is_neg); - u32 off, max; + u32 off, max = 0, ptr_limit = 0; if (!tnum_is_const(off_reg->var_off) && (off_reg->smin_value < 0) != (off_reg->smax_value < 0)) @@ -2750,22 +2750,27 @@ static int retrieve_ptr_limit(const struct bpf_reg_state *ptr_reg, max = MAX_BPF_STACK + mask_to_left; off = ptr_reg->off + ptr_reg->var_off.value; if (mask_to_left) - *ptr_limit = MAX_BPF_STACK + off; + ptr_limit = MAX_BPF_STACK + off; else - *ptr_limit = -off - 1; - return *ptr_limit >= max ? -ERANGE : 0; + ptr_limit = -off - 1; + break; case PTR_TO_MAP_VALUE: max = ptr_reg->map_ptr->value_size; if (mask_to_left) { - *ptr_limit = ptr_reg->umax_value + ptr_reg->off; + ptr_limit = ptr_reg->umax_value + ptr_reg->off; } else { off = ptr_reg->smin_value + ptr_reg->off; - *ptr_limit = ptr_reg->map_ptr->value_size - off - 1; + ptr_limit = ptr_reg->map_ptr->value_size - off - 1; } - return *ptr_limit >= max ? -ERANGE : 0; + break; default: return -EINVAL; } + + if (ptr_limit >= max) + return -ERANGE; + *alu_limit = ptr_limit; + return 0; } static bool can_skip_alu_sanitation(const struct bpf_verifier_env *env, From patchwork Fri May 28 10:38:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ovidiu Panait X-Patchwork-Id: 450028 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35103C4708C for ; Fri, 28 May 2021 10:39:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 07717613B5 for ; Fri, 28 May 2021 10:39:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236566AbhE1Kk5 (ORCPT ); Fri, 28 May 2021 06:40:57 -0400 Received: from mx0a-0064b401.pphosted.com ([205.220.166.238]:2948 "EHLO mx0a-0064b401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236486AbhE1Kko (ORCPT ); Fri, 28 May 2021 06:40:44 -0400 Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14SActBG010271; Fri, 28 May 2021 03:38:55 -0700 Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2103.outbound.protection.outlook.com [104.47.70.103]) by mx0a-0064b401.pphosted.com with ESMTP id 38tqu5ra29-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 28 May 2021 03:38:55 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KY3ynFpavXy4MCycyazpARc/v3A8GiOSzgTs2YoI4A3lkOH7A2iT19alLbmHTAK5YJnQVNodYuKJDb9ctBtqhdljZWXerd4k1IU9hoEeDs0YJWstjmzhJia1dJmN3oVfNFCpLDrSHEaSF667rcndDKN1kJeV2UMSR0gEuky1OFYUyuSSBWSLOm7Af755nqkifKVt70Ht4hUEw0i9A7Z9thKSWgPZGcjHDxCWRsM0xLuXXxnBYgeYbiRiryyncFS2k1XQWoy549hFmOPEq6S2RFGqjMS8uQY67gi0ivEwJ5cEAms7Uy+bSkLEtrIHnR3LchpW3BsyhaKgklf6y0NFMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n6bcr47je2zNKmK0Gr9jLC9NZjzh7ZJ23C5ts7hRMic=; b=L99GT81TGZNKGcBx6zooDVWe/8X5H0PMeyRoU1HrJ7xQ+D8sIrBMH0Y2OtC/+3J5KJwJrk+EHd6B4Q/RbkfSk6z7Qn+cl0VdJWK3Y5P8cOeUvE82HOaI8fU/X6kuPj+KvBeNteKDLHRfKQA+MHitkUbUh9Ttobog8yZ637+N2mkPB9WB4N9hJuiJswOqwLni6SBvzmik3bGRg6byHLlaqgymW3CbZoN1EsUAPAgZDZ3HSV4fAkgcuQJqwx+AeWyF5fplKl/m1h1FMkD9ewbIWTLAf3NN5ewpj/G3Oxv2ajyglReuqpo5DVfJVWCDU4Ic2e6O4mGsN4HqyBXSn9UxRA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriversystems.onmicrosoft.com; s=selector2-windriversystems-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n6bcr47je2zNKmK0Gr9jLC9NZjzh7ZJ23C5ts7hRMic=; b=TFHkAsXzuDhwAs9lLRonI6LYRLT69mef6xK+rIaQptAVQxypjYDVPBPOS3KahCXVWXHe2fTMx29SqnWDxx+MivgUe5LhcF8y/lFEfcWQbgFHj6/kSsVUIfjgFhZDkMs8U7bm0/u4mKwByo9sa/1y7yDfo2nWuMkmJjW6ZEkkJ/E= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=windriver.com; Received: from BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) by BN8PR11MB3780.namprd11.prod.outlook.com (2603:10b6:408:90::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Fri, 28 May 2021 10:38:50 +0000 Received: from BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33]) by BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33%3]) with mapi id 15.20.4173.024; Fri, 28 May 2021 10:38:50 +0000 From: Ovidiu Panait To: stable@vger.kernel.org Cc: fllinden@amazon.com, bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net, yhs@fb.com, john.fastabend@gmail.com, samjonas@amazon.com Subject: [PATCH v2 4.19 12/19] bpf: Refactor and streamline bounds check into helper Date: Fri, 28 May 2021 13:38:03 +0300 Message-Id: <20210528103810.22025-13-ovidiu.panait@windriver.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210528103810.22025-1-ovidiu.panait@windriver.com> References: <20210528103810.22025-1-ovidiu.panait@windriver.com> X-Originating-IP: [46.97.150.20] X-ClientProxiedBy: VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) To BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from otp-linux01.wrs.com (46.97.150.20) by VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Fri, 28 May 2021 10:38:48 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 6e7590e5-ddd5-4301-afd7-08d921c4c7b0 X-MS-TrafficTypeDiagnostic: BN8PR11MB3780: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2958; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VcZKHNhnCsMNMPEnp7sMLvV1SZRX73MRcvMWYMoI9kZsdi13WFr+Ow2N06cwxZYxBEmhVvudZUblUccz1deDW0uJ/b8tUO42mPNzKQZzxsRS8iBGNHzGbWkV7occwWxSouesanAkythCwwYZoYyEv6hew+O+EiIdywW3t0D++117+oqWKWhPaXFyXEu9RjeQu/Cgv7SUK+QWA5m3z+KaCRzeSM8RJfUCBIQm8m5Gy6iomQ9Gc8JcGVRwKWwcqlCFSGS0ZuCFEzHHotzFHr4sH0wkqg3E6T6oqRthq4xzJ68mVQejNXcrgs4n/MWI5nn23fC84twTM4+dNKzIywHqn7Fu15VbeBwLxj9EtvG2nw1/q70DGq7aiVA5mSjobbvhqhXb4DQz7U67QtJW4pxbmh8dCh+nUh/NwMuazF2IgqsK2z+awEhGFWBx9gsPYUoE1b3DmhNLg1PElbJ2HtRFrUV4UZDx50qPqMXjp8UEtEsAE/mbkPzOgOrmU4liuNV4TF7EOygEgwKmdAGiaFdBSFSAbj2kfPGO500jzIisrraajm/CyZYWE9JVnUXtpZb5DRP8A5UefWNCh5Y36JENoH8ksMD1JjIs/EOa1xigQttlfVA5rTmX4K4Bc9hILUg+Zrq6ezd4E/EvhdWRKImugVVAXy0608P1ehRAbYFMQhU= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1956.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(39840400004)(346002)(396003)(376002)(8676002)(6506007)(26005)(6666004)(316002)(52116002)(8936002)(5660300002)(66946007)(66556008)(66476007)(2906002)(83380400001)(38350700002)(6916009)(38100700002)(4326008)(86362001)(6512007)(186003)(16526019)(956004)(478600001)(44832011)(6486002)(36756003)(2616005)(1076003); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: TLo2CxyrIWsvQ1xhhyJFtdFJW7apIGtqTkI95f8LJZhEVtcF85ljmer/Qrrn1j7r7ZaescNqk7iiz1vvoR0IRH4L7N/FWTEexuatT1gtQA2iuksN0f4POU1t9EAnKhjILNirN94pm2r9AdxsHUKre5sXQvjCBr9lOj6UDIyKxlUatXsD2tKkmZo3PCDPRhXEY8/ZoNglMclPQ/wbGQ6zr3CCnQ/Pi261nS35SSmT/4Kp3x/i771wQgTLcAo+TymA82Ojkf3gPCfG5xWFDQs0kDwE6hEha2NeKxQQEiIORvGV0REOK/xQKgCapC91jqWk6n4BOLCAF6gRtbJyTay3oSGMFdiur+tG3AfDh/5MF/8J5+6nipnKWfZyy/ibBDdU0wJH3lAhmdcmplGko6wzdH+QRWrDzmmUOz9E0rejn85+pKthjTIMAJf+Qf5OCyQkAstu2eJdmw70pk3dyr9pqItTsIQ3z2mTaju+AAGsvHP2Lpc9ZICUrVSRxywUJoQu8qPqFGzE721vqJIjnnenkwbzG1sq3xGdJkDO02W2SDdaBFFBx2xsenMUtATYLhFNSf4UUatUozUF4czCU77JsCxUCdRt3vUVVVuwij1uqYuZHbBvUX4R4FdIQ/dafTfEiZMqbKiob2ke2265HEY5P+xirvi2YNvyOJa/qtht8cN0MBlVI46WgyX37XILIpxCmYqHQcZyJI/jF+yMDRXFkN2hkx6sBe621raJIEyaEGZmt4gcGisAw4s7cgoprvEYDOwdv3elQX5cm0BzFL3kzJNQeGTm6nnPh++2L7Pcd5FcHiDZRaQmExU1pmeEIc1AEw4gciqucrj100svhoCQE8JUzpGtEVMwFoW4v5fD96pxGubvQiqUPq6OhQcTS55I/dTEi8KMlr6+vrWH8V7goXLuObJDeqV/ot1KMLVhJE7llvFUI9t7K9nsOZ+FqqzakD7SQqx/kkYBVb3/1pWQexxpzaAUkoMk3zSvZsyJAr/6oCEFSUMiY9+istFKg7CIdjAR0CX3q9hUR127YCKe2bcz6anduvnY6HMITydVwOYa4/d2OhOrFOStDpePQB84cpFg271pLiECpq05jWy+L3TKgC95+s5MVLgo++02u7W6ftIJ2d1CaXzm0SKOFZp5zfjpGYy7GWdBy4VP6fIKTdMj/gHiIB34fsk6dq8iHY9NZq6vxdCk3i0ch+n7VqOYHBgxeG6lGIRTaKglgoPgU44HanZOa8bsGAus+CNsL5VBvi/PDiYkLdzc0jk4ZC70lXeRzgd5OZSPf3mx/hoipmW5cmpJjoO5VkesJbecqETC/x5dgmcFALFnpnlTXIFw X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6e7590e5-ddd5-4301-afd7-08d921c4c7b0 X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1956.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2021 10:38:49.8827 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: AhqamnHG02gJsQkTb3jn8UBWLxwtABfLXSzXgjhAzFOeDAAhMrZWlqBLJIbjKFwUURDVlakO3FXBOEJxu9z3i+r6ELDLS3oDHbNZ7gD91kI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3780 X-Proofpoint-ORIG-GUID: 9ybN2gC79kj_2ZF3Y2HWAo6WcBdmbgoZ X-Proofpoint-GUID: 9ybN2gC79kj_2ZF3Y2HWAo6WcBdmbgoZ X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-28_04:2021-05-27,2021-05-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 adultscore=0 mlxlogscore=999 clxscore=1015 phishscore=0 impostorscore=0 mlxscore=0 priorityscore=1501 bulkscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105280070 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Daniel Borkmann commit 073815b756c51ba9d8384d924c5d1c03ca3d1ae4 upstream. Move the bounds check in adjust_ptr_min_max_vals() into a small helper named sanitize_check_bounds() in order to simplify the former a bit. Signed-off-by: Daniel Borkmann Reviewed-by: John Fastabend Acked-by: Alexei Starovoitov [fllinden@amazon.com: backport to 5.4] Signed-off-by: Frank van der Linden Signed-off-by: Greg Kroah-Hartman Signed-off-by: Ovidiu Panait --- kernel/bpf/verifier.c | 54 +++++++++++++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 17 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 473b59126f61..faa2a4c3467d 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2911,6 +2911,41 @@ static int sanitize_err(struct bpf_verifier_env *env, return -EACCES; } +static int sanitize_check_bounds(struct bpf_verifier_env *env, + const struct bpf_insn *insn, + const struct bpf_reg_state *dst_reg) +{ + u32 dst = insn->dst_reg; + + /* For unprivileged we require that resulting offset must be in bounds + * in order to be able to sanitize access later on. + */ + if (env->allow_ptr_leaks) + return 0; + + switch (dst_reg->type) { + case PTR_TO_STACK: + if (check_stack_access(env, dst_reg, dst_reg->off + + dst_reg->var_off.value, 1)) { + verbose(env, "R%d stack pointer arithmetic goes out of range, " + "prohibited for !root\n", dst); + return -EACCES; + } + break; + case PTR_TO_MAP_VALUE: + if (check_map_access(env, dst, dst_reg->off, 1, false)) { + verbose(env, "R%d pointer arithmetic of map value goes out of range, " + "prohibited for !root\n", dst); + return -EACCES; + } + break; + default: + break; + } + + return 0; +} + /* Handles arithmetic on a pointer and a scalar: computes new min/max and var_off. * Caller should also handle BPF_MOV case separately. * If we return -EACCES, caller may want to try again treating pointer as a @@ -3118,23 +3153,8 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, __reg_deduce_bounds(dst_reg); __reg_bound_offset(dst_reg); - /* For unprivileged we require that resulting offset must be in bounds - * in order to be able to sanitize access later on. - */ - if (!env->allow_ptr_leaks) { - if (dst_reg->type == PTR_TO_MAP_VALUE && - check_map_access(env, dst, dst_reg->off, 1, false)) { - verbose(env, "R%d pointer arithmetic of map value goes out of range, " - "prohibited for !root\n", dst); - return -EACCES; - } else if (dst_reg->type == PTR_TO_STACK && - check_stack_access(env, dst_reg, dst_reg->off + - dst_reg->var_off.value, 1)) { - verbose(env, "R%d stack pointer arithmetic goes out of range, " - "prohibited for !root\n", dst); - return -EACCES; - } - } + if (sanitize_check_bounds(env, insn, dst_reg) < 0) + return -EACCES; return 0; } From patchwork Fri May 28 10:38:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ovidiu Panait X-Patchwork-Id: 450027 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0C11C4708E for ; Fri, 28 May 2021 10:39:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BCB74613D4 for ; Fri, 28 May 2021 10:39:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236633AbhE1Kk7 (ORCPT ); Fri, 28 May 2021 06:40:59 -0400 Received: from mx0a-0064b401.pphosted.com ([205.220.166.238]:3462 "EHLO mx0a-0064b401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236551AbhE1Kko (ORCPT ); Fri, 28 May 2021 06:40:44 -0400 Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14SActBI010271; Fri, 28 May 2021 03:38:56 -0700 Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2103.outbound.protection.outlook.com [104.47.70.103]) by mx0a-0064b401.pphosted.com with ESMTP id 38tqu5ra29-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 28 May 2021 03:38:56 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZwzJlY4Gy/EjqqLgcyMJ1yBFiO6ovOmeZVYy7G+rniEglv/IA0KutzP3ooLLBKFA3a8d0OAgIYa3Arv4ezTHqfZs5j2Q0gUoxk84uA3GYQrK8v/wMgoPS8LNAnAlbs/E1e0wIa/ElmxkDgK8iNIF2CNLZ+oGy/xheUknIsgjx6+HxxYcGJBKUPnDiH4jbfnOOpVjU38m9zPI+PbgB6LeKFwBtjVAkpVK3RCZzQwSSruXe2qoCSXqnNFyzOfMlDmskGd0oHQ5/dGBD/rtg1nqJ4eoR0MWsgr7VxaZjQA5QXceeYDY4JWcSLcUdPNtaO6lbL/doCMZgRNb0G7ZBFQFkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VGOXbo9ypi/CUkoapeVLOvl3pYb+a8M4KiPKlcsrmqM=; b=hcagkNkSvqSCjxTsn7jHFnel2iVD4ShaWdGlGb82QoQt9vgZYCfoF4wCdP69JUdb60LmYgcC5f1fEVqJiM+rg+tfMuZ4rlrQMDv5KVVDP32U+IR9TQ/NBa+hepa8YAYgSLSoZ/RH5oFeZkdIwPtKprQTsY5gzZO7fC58tB6bSfrPO+scNHEktxnThmJxkUxbjXL27h9SUWQtX/9vD5eS6wtGOoPzQIgBkN7FqPVJBLA1MYPRzGYYcCfSqGGRxWS7GGwo7wlrVZkCwBqTXbxnKnueXn6oaquf5d4mYUkQhPapPOVEBaa2kOQiv4yYF7dFfEdy4ymTIuR+dZQLQrJ3oQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriversystems.onmicrosoft.com; s=selector2-windriversystems-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VGOXbo9ypi/CUkoapeVLOvl3pYb+a8M4KiPKlcsrmqM=; b=JOpBwLh2FTJaZe83es164rOZZOTcPj3BQ0p9WSR3YuG1CSwjvey0Ez0jLDzHLQ+o72/phuTpM8GNd8g7FIEpQIMsEC7x4Wp+d+iFqV95ZGb1w6IXbCebKW2EsNAi77UG5yfG4i0/E47ItQ6blh8d5VGQ6gNGUAcu6D92Xg3zceY= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=windriver.com; Received: from BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) by BN8PR11MB3780.namprd11.prod.outlook.com (2603:10b6:408:90::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Fri, 28 May 2021 10:38:53 +0000 Received: from BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33]) by BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33%3]) with mapi id 15.20.4173.024; Fri, 28 May 2021 10:38:53 +0000 From: Ovidiu Panait To: stable@vger.kernel.org Cc: fllinden@amazon.com, bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net, yhs@fb.com, john.fastabend@gmail.com, samjonas@amazon.com Subject: [PATCH v2 4.19 14/19] bpf: Tighten speculative pointer arithmetic mask Date: Fri, 28 May 2021 13:38:05 +0300 Message-Id: <20210528103810.22025-15-ovidiu.panait@windriver.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210528103810.22025-1-ovidiu.panait@windriver.com> References: <20210528103810.22025-1-ovidiu.panait@windriver.com> X-Originating-IP: [46.97.150.20] X-ClientProxiedBy: VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) To BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from otp-linux01.wrs.com (46.97.150.20) by VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Fri, 28 May 2021 10:38:52 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: f55e1dab-0dae-43dc-e0a4-08d921c4c9d9 X-MS-TrafficTypeDiagnostic: BN8PR11MB3780: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VNlW87t+mTAEeaMQ9geiWBWeBVHXDfa9GlSt6FZ3NcHJbMfyHjQDNNOMzmM2AHCxFt+QwnyZggOEG9BCJxpVRvhT5FM8ii3B0k4i4K//STl6G9h2pgp83bhwpVWSi4Avy2ysx9hA87ZA43/3/j/O2My1NaBUzxUAULyhObhKPit1MSkjPTpb81kfqMiP/7nadt7pmYyedoiVX9saO6hVRY//c6814jdaK0UXTjW6wOgScsZUdtMP05C1pBB3bwldoy3qRLFT6yfkNpyTH9tEy/P2186j9xidNTgCZ+vw5dxJmUYQ8AcePN6CYnLfMFiGjctLyCUTfdqTXt/ikwq2NlEhXQPma2MgKoJYdkZlB7rTZQXZWwEfI9lOg1INqSvgIPi7F43xr3ETbgvyFkbQhB5X3XmswttLNPf5StHaIPa84RAObfECjc5Op59x3LkdgkY8nzXkQEvW8v2VXA0p2y6gM+sbyPm19rJJ4LHc5OXSxiSltFJJKytfe32enQCuH5PedM2vMpWdNl9hxT6s92RYRHU3dnsizmTiJW4a6qgSh0/2lJu1KeZfs19c61P1cyMsGK/T23UhRwDat0bXRzwnM1sGaUN6E1KPOlWakOZm509xngZm/9Ej9eJWQ3qzCBeP09JWO+cmrHTfAaafafb3ba+bQd7jX4sbLSccj3M= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1956.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(39840400004)(346002)(396003)(376002)(8676002)(6506007)(26005)(6666004)(316002)(52116002)(8936002)(5660300002)(66946007)(66556008)(66476007)(2906002)(83380400001)(38350700002)(6916009)(38100700002)(4326008)(86362001)(6512007)(186003)(16526019)(956004)(478600001)(44832011)(6486002)(36756003)(2616005)(1076003); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: +C6MfKDmgZ09NN05kddfWVmzUi2dRgaug3r9UVzEjgozatNuicr7qIIH6HV8I4kiIUyH8UZ+tSSAatDi3KVNnt6WZLl4gJfFRrUGNurJ/iJoOLrvS9tkjAyMNaO8QBdKNU4ixBq6W9qNvfbgrEUlDEtZXP4oK9fPi6mDfdZxWMxq6GekLkJd3MbJoDWGGZayrqigDs0gMvi8LIegNZskU64SVM8MPx7hjq2C40BnsSLcE78UkGRt6RpfjkxF+tKF+k/zz3qcGG4FiHQWju295oYvpuI4ree006rki0rrdzOUE6mKyIJCbBhxpnYp3LyOvg0Mt2EvNlQdD20+hTvnxXufvALBcthjQyxaWCSrgivXwScs/iJweyj5vIxoFNUo4I1wedSPLVVrKT1RqcpbtcB4c0pxh0lsqpgWdbFBApkp0/oF6oPwaF/Wb+JwzsQskCZoRjTLiwU/XwycdnbXk8gRj08wPxcUEMjuDe4FVfztCvT4RMpX28J2s2UbBf30tgSvBXmzSCEBh1Hwjfxd3jwWtzyJnPo+4o1toCqo2/i4F+7Ah122lO9DtaWhalFxLBx9jrNi69KEkyp0vOtTtf4Z04y/qdKx7cZWdjkSw7fFcqmnTNEgTccnwaIncAsnX0nmpHnkPGp/aoXLRD/IaidLAGzr7L267JVeIGEisKlZc69Iw2fiv+UOmSfK8oggd7PIjMN4Job6N0PUBk3yybOXs8AXcNcAG/Orv9/Aoaafkgal2Z0pjakqaY2zHULccSsUU8PaG9lkGEfElMnqmzm2kJ44teti21cxa/dc2IbFVWMNtoQC5xq/6J93sZAYHFNCOwdiuc2OZWX2SMklsyF5Jhqda96vHTKAlZhlXBUuZab2M1BhuDt4mAYKnAqXQoNqqeu4GFUBRkONZdvyc4dSBwzE3TSFgK49aDJl7kiG4HmLVtdbb5Znf5bdcup7v7oFm4pmx+pyZuo6FbkxiFz6nMSm1Rk4h6aGjEXWHyN3bx/LRaSc6195XtiIfwDMuusZh26ghFoQC0SIiI0DMEXxBOFydCQ0HxbHjhGrXt8H40hdqTK1NnADHmOz7MBD7JAXtAz430sAMlukxhlBTDrt7ZPjLRhoeDb/KYVGQOit1DLfsnYAQTuKkKneSqpccAt17nLNVmlOXuwUqidFpAccucTdQ3Y/30fC8KekUfc0QM5IRSB+MLd9O0A0W5Hp8YWQPI3JUcSwHfdt/H1HoFyUCcniD7EQOfYVK2nZb94EhvOfS5IWw/FBl3S0599qjLcfrXOc4OrhkaK5OLDcphMrS7r4YgmE+5lTg/C85g1cirPyfGfhbZT4IwlbvV7e X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: f55e1dab-0dae-43dc-e0a4-08d921c4c9d9 X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1956.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2021 10:38:53.5001 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Nq2xSy3ABnvVjXgYj9T7ULSzcXX8ra3PCTrfo2HUoG+7KJq70U+P6UF+lGAHL9om0ck+CnAz9A/Ocm5diDZJuKn0bCZczCz5Hwbh9yCufPw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3780 X-Proofpoint-ORIG-GUID: UumA6ynEO8s0Seg2-Z-_wsgFhoeEBkT7 X-Proofpoint-GUID: UumA6ynEO8s0Seg2-Z-_wsgFhoeEBkT7 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-28_04:2021-05-27,2021-05-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 adultscore=0 mlxlogscore=999 clxscore=1015 phishscore=0 impostorscore=0 mlxscore=0 priorityscore=1501 bulkscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105280070 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Daniel Borkmann commit 7fedb63a8307dda0ec3b8969a3b233a1dd7ea8e0 upstream. This work tightens the offset mask we use for unprivileged pointer arithmetic in order to mitigate a corner case reported by Piotr and Benedict where in the speculative domain it is possible to advance, for example, the map value pointer by up to value_size-1 out-of-bounds in order to leak kernel memory via side-channel to user space. Before this change, the computed ptr_limit for retrieve_ptr_limit() helper represents largest valid distance when moving pointer to the right or left which is then fed as aux->alu_limit to generate masking instructions against the offset register. After the change, the derived aux->alu_limit represents the largest potential value of the offset register which we mask against which is just a narrower subset of the former limit. For minimal complexity, we call sanitize_ptr_alu() from 2 observation points in adjust_ptr_min_max_vals(), that is, before and after the simulated alu operation. In the first step, we retieve the alu_state and alu_limit before the operation as well as we branch-off a verifier path and push it to the verification stack as we did before which checks the dst_reg under truncation, in other words, when the speculative domain would attempt to move the pointer out-of-bounds. In the second step, we retrieve the new alu_limit and calculate the absolute distance between both. Moreover, we commit the alu_state and final alu_limit via update_alu_sanitation_state() to the env's instruction aux data, and bail out from there if there is a mismatch due to coming from different verification paths with different states. Reported-by: Piotr Krysiuk Reported-by: Benedict Schlueter Signed-off-by: Daniel Borkmann Reviewed-by: John Fastabend Acked-by: Alexei Starovoitov Tested-by: Benedict Schlueter [fllinden@amazon.com: backported to 5.4] Signed-off-by: Frank van der Linden Signed-off-by: Greg Kroah-Hartman [OP: backport to 4.19] Signed-off-by: Ovidiu Panait --- kernel/bpf/verifier.c | 70 +++++++++++++++++++++++++++---------------- 1 file changed, 44 insertions(+), 26 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 094f70876923..908251977bef 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2744,7 +2744,7 @@ static int retrieve_ptr_limit(const struct bpf_reg_state *ptr_reg, bool off_is_neg = off_reg->smin_value < 0; bool mask_to_left = (opcode == BPF_ADD && off_is_neg) || (opcode == BPF_SUB && !off_is_neg); - u32 off, max = 0, ptr_limit = 0; + u32 max = 0, ptr_limit = 0; if (!tnum_is_const(off_reg->var_off) && (off_reg->smin_value < 0) != (off_reg->smax_value < 0)) @@ -2753,23 +2753,18 @@ static int retrieve_ptr_limit(const struct bpf_reg_state *ptr_reg, switch (ptr_reg->type) { case PTR_TO_STACK: /* Offset 0 is out-of-bounds, but acceptable start for the - * left direction, see BPF_REG_FP. + * left direction, see BPF_REG_FP. Also, unknown scalar + * offset where we would need to deal with min/max bounds is + * currently prohibited for unprivileged. */ max = MAX_BPF_STACK + mask_to_left; - off = ptr_reg->off + ptr_reg->var_off.value; - if (mask_to_left) - ptr_limit = MAX_BPF_STACK + off; - else - ptr_limit = -off - 1; + ptr_limit = -(ptr_reg->var_off.value + ptr_reg->off); break; case PTR_TO_MAP_VALUE: max = ptr_reg->map_ptr->value_size; - if (mask_to_left) { - ptr_limit = ptr_reg->umax_value + ptr_reg->off; - } else { - off = ptr_reg->smin_value + ptr_reg->off; - ptr_limit = ptr_reg->map_ptr->value_size - off - 1; - } + ptr_limit = (mask_to_left ? + ptr_reg->smin_value : + ptr_reg->umax_value) + ptr_reg->off; break; default: return REASON_TYPE; @@ -2824,10 +2819,12 @@ static int sanitize_ptr_alu(struct bpf_verifier_env *env, struct bpf_insn *insn, const struct bpf_reg_state *ptr_reg, const struct bpf_reg_state *off_reg, - struct bpf_reg_state *dst_reg) + struct bpf_reg_state *dst_reg, + struct bpf_insn_aux_data *tmp_aux, + const bool commit_window) { + struct bpf_insn_aux_data *aux = commit_window ? cur_aux(env) : tmp_aux; struct bpf_verifier_state *vstate = env->cur_state; - struct bpf_insn_aux_data *aux = cur_aux(env); bool off_is_neg = off_reg->smin_value < 0; bool ptr_is_dst_reg = ptr_reg == dst_reg; u8 opcode = BPF_OP(insn->code); @@ -2846,18 +2843,33 @@ static int sanitize_ptr_alu(struct bpf_verifier_env *env, if (vstate->speculative) goto do_sim; - alu_state = off_is_neg ? BPF_ALU_NEG_VALUE : 0; - alu_state |= ptr_is_dst_reg ? - BPF_ALU_SANITIZE_SRC : BPF_ALU_SANITIZE_DST; - err = retrieve_ptr_limit(ptr_reg, off_reg, &alu_limit, opcode); if (err < 0) return err; + if (commit_window) { + /* In commit phase we narrow the masking window based on + * the observed pointer move after the simulated operation. + */ + alu_state = tmp_aux->alu_state; + alu_limit = abs(tmp_aux->alu_limit - alu_limit); + } else { + alu_state = off_is_neg ? BPF_ALU_NEG_VALUE : 0; + alu_state |= ptr_is_dst_reg ? + BPF_ALU_SANITIZE_SRC : BPF_ALU_SANITIZE_DST; + } + err = update_alu_sanitation_state(aux, alu_state, alu_limit); if (err < 0) return err; do_sim: + /* If we're in commit phase, we're done here given we already + * pushed the truncated dst_reg into the speculative verification + * stack. + */ + if (commit_window) + return 0; + /* Simulate and find potential out-of-bounds access under * speculative execution from truncation as a result of * masking when off was not within expected range. If off @@ -2969,6 +2981,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, smin_ptr = ptr_reg->smin_value, smax_ptr = ptr_reg->smax_value; u64 umin_val = off_reg->umin_value, umax_val = off_reg->umax_value, umin_ptr = ptr_reg->umin_value, umax_ptr = ptr_reg->umax_value; + struct bpf_insn_aux_data tmp_aux = {}; u8 opcode = BPF_OP(insn->code); u32 dst = insn->dst_reg; int ret; @@ -3018,12 +3031,15 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, !check_reg_sane_offset(env, ptr_reg, ptr_reg->type)) return -EINVAL; - switch (opcode) { - case BPF_ADD: - ret = sanitize_ptr_alu(env, insn, ptr_reg, off_reg, dst_reg); + if (sanitize_needed(opcode)) { + ret = sanitize_ptr_alu(env, insn, ptr_reg, off_reg, dst_reg, + &tmp_aux, false); if (ret < 0) return sanitize_err(env, insn, ret, off_reg, dst_reg); + } + switch (opcode) { + case BPF_ADD: /* We can take a fixed offset as long as it doesn't overflow * the s32 'off' field */ @@ -3074,10 +3090,6 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, } break; case BPF_SUB: - ret = sanitize_ptr_alu(env, insn, ptr_reg, off_reg, dst_reg); - if (ret < 0) - return sanitize_err(env, insn, ret, off_reg, dst_reg); - if (dst_reg == off_reg) { /* scalar -= pointer. Creates an unknown scalar */ verbose(env, "R%d tried to subtract pointer from scalar\n", @@ -3160,6 +3172,12 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, if (sanitize_check_bounds(env, insn, dst_reg) < 0) return -EACCES; + if (sanitize_needed(opcode)) { + ret = sanitize_ptr_alu(env, insn, dst_reg, off_reg, dst_reg, + &tmp_aux, true); + if (ret < 0) + return sanitize_err(env, insn, ret, off_reg, dst_reg); + } return 0; } From patchwork Fri May 28 10:38:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ovidiu Panait X-Patchwork-Id: 450026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A253AC47092 for ; Fri, 28 May 2021 10:39:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7C24F613C9 for ; Fri, 28 May 2021 10:39:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236625AbhE1KlA (ORCPT ); Fri, 28 May 2021 06:41:00 -0400 Received: from mx0a-0064b401.pphosted.com ([205.220.166.238]:4550 "EHLO mx0a-0064b401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236629AbhE1Kkp (ORCPT ); Fri, 28 May 2021 06:40:45 -0400 Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14SActBJ010271; Fri, 28 May 2021 03:38:57 -0700 Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2103.outbound.protection.outlook.com [104.47.70.103]) by mx0a-0064b401.pphosted.com with ESMTP id 38tqu5ra29-4 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 28 May 2021 03:38:57 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OeUXT5ekS3EKKZVYbk1I1S68X/0F9kNiP2HVXh+LwUbiCHRLBelzUcrq7n8iAoo5SnuIDybE7D4oO4V3T4VZhceXSZ43oLxA9WFqm1yLU9XLwSIwqWM+vvNif7CKcDStK0QnATusEhdskcHqq4+iD7Gpees9sHp+fk3RdJe3uSGGZ8VajxNDWylWVyuMSLr8LNHVNZI4+1Bcjst+0JTFT5Lf9x/wumOE+UJUV4ZtLvxgtynKNXC6p5DoCP+VK3wdqvrXPMv6o/QDk9fQCjczo7jVBgWx2ulRU+VeDMeYEVi4fBwzPbjxJe5uS85HIKb0nQ6jvRlDMJ+/kErJjsCI1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UuJheAUwd+FS9wsLTF2TSxmH+z2RB5twAnc+wG0ilTI=; b=kjR2DwqQPAxmWJr47EvOMGEYs0yFzGITdTuwVGbrhBP8qLWiGr4AUlw1slCrFsq7B9IVlliyhIoawP142911LUdF1OUt7EUUInqawszRLVfbbXb5lHMfsAuiRoo3H9jnR1pBJP/1AYaPGOx4CjdEMAcL9FPGyPihON2ZQJk2GtdzKeK0zee87UD3pY9eG7gYEShynGgwf2imN9OXOgesdrP3FWNxPxB6HSlEJOZxHiMg6S/5BfDMChbOGa0ndjpVmEOjYmHyR9bdMHhqaU5tt6JrZMtFZr4fJ6aVXQnUXXHr+WqZLpr1oo4ZG9/cOzMYom4XRfYO/+saGQcfxqO4Xw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriversystems.onmicrosoft.com; s=selector2-windriversystems-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UuJheAUwd+FS9wsLTF2TSxmH+z2RB5twAnc+wG0ilTI=; b=Rp1fUYesL2I10ndYfSWA3RAIpH+48exIOVv6XjbWmoJv268OBhkEjM+x8pZO+AwrecB2WWVg5iFI/FqdR7wM8OOVRQE4jdz4vKhtABTx18h25GLoyhFue2Vq8uPVXDx+cokLfX9QwcTRmdfAs9CuC3M1V2Bhih0hLEiTS1U2XC4= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=windriver.com; Received: from BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) by BN8PR11MB3780.namprd11.prod.outlook.com (2603:10b6:408:90::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Fri, 28 May 2021 10:38:55 +0000 Received: from BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33]) by BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33%3]) with mapi id 15.20.4173.024; Fri, 28 May 2021 10:38:55 +0000 From: Ovidiu Panait To: stable@vger.kernel.org Cc: fllinden@amazon.com, bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net, yhs@fb.com, john.fastabend@gmail.com, samjonas@amazon.com Subject: [PATCH v2 4.19 15/19] bpf: Update selftests to reflect new error states Date: Fri, 28 May 2021 13:38:06 +0300 Message-Id: <20210528103810.22025-16-ovidiu.panait@windriver.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210528103810.22025-1-ovidiu.panait@windriver.com> References: <20210528103810.22025-1-ovidiu.panait@windriver.com> X-Originating-IP: [46.97.150.20] X-ClientProxiedBy: VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) To BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from otp-linux01.wrs.com (46.97.150.20) by VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Fri, 28 May 2021 10:38:53 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a2cfd8da-c865-4bff-01b8-08d921c4caef X-MS-TrafficTypeDiagnostic: BN8PR11MB3780: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:785; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: yT1xfVF1S+Ok3dPcFyDUVbrk89JoEgZc0ugc9hIT0g4irMWY/wKlqE65W1CU1PL2qn6CxSe523OAyfwKF6U6jC0u8+9Hn7r6uivkjoUUpmtp3dYll1cqjBI3Pakijf68glmC4LZ0kmW6vsfjez0djzxv9wfSaKqI9D6xlRkjz4b2NCLLHA6kFDEw/aYfhGJxs7kTrLZKtePabLr8nyXpUEO/0TJ+swYZFoSu+8hIwqbZiL01mRz5HxZkroRalXme1gx9O3v5tne6FtVtCuv3P7Ywtcpw1PmeVSBBWj/C6/fG2jEnqc/pktLw0LphGwVzSVkY/Jiw13uYfrrNMzyEVt5GN6HPUXwjRCow0FCV4eUqYhJqWvenvfmYg2lieJn0NUDjEIVcIO05vOc4L9idQhhf6Y4Q0LJRoAH7/xKwBtgsuKoQr80Oe9gfbxuSNj+XdUXmdyycWdl1Lo7lelmFu12EX6ix0q4bIAt0FPAiewadh0xcNmmd7qskvVny9nQURg+9/D7kHyFxBsTS3uqdwV4tsz9i5X8U6IfIpat7p/KISEOl0jYaiDiXfkDp8LkdnXKGNVTeal8OVjdK/dOyMxQCGFtMUZncorfaMpXpMxID8KwlNbt4Uv2jlFRbO32ubdQwU7cveCgqIefWBe3cqUAo9CyDhfcL8oEqRCo1dHc= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1956.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(39840400004)(346002)(396003)(376002)(8676002)(6506007)(26005)(6666004)(316002)(52116002)(8936002)(5660300002)(66946007)(66556008)(66476007)(2906002)(83380400001)(38350700002)(6916009)(38100700002)(4326008)(86362001)(6512007)(186003)(16526019)(956004)(478600001)(44832011)(15650500001)(6486002)(36756003)(2616005)(1076003); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: er1WSK0/+SQZ4abVA3mrHH76OXeD0nwbQNj2m92Gd7l71yH7hbuzLyGOW5LnRrQe8P9HBzTzkEtT6aoxgf3Z8ciiD4skGF3DQb+DoX+WBo/GlFZrGOocHqnCu4JiJJ+su1P+uIcHZqS7qMzKmJidsDkdCdgaeTR/G6GMyxONdD67skYFhtbMpQmLL0OoX/8UMRyJENph/FpGOQUM1wOAACjs4WBPjU3zG38Gq4Z8X2NErkaLyv0Aal3UHdii6rO8rZInyJzyEsz+lTldXmtgJhUFICW8PmDJ/vzRiTXDsrSv8c1Fx1IAekmURFKuyGedvpo2nvK1HnvJB/rjaxerPso+WkrzlEOGT6x93ftB46mTEpAr2lSrQm9IewmMpIP0HRa2HYDnF4wQy3MN7CDtldbROSbim7u1yN/cukHFHlUfjqhAK1bdYcZlOA0g7GFldbsqQJJ8WTtAQf/98xayYos1RGEp1Hm71ar5RRF36TMR2hNUUWxV3q3Mh7mZsVRQXtQjaOLlz7257FSJKskKxepG6qW3vxeMTZYd4ycCUxVeCMyYqfFG33LqlvuV5Y2Y4bLPOJpa+k0nq0nEruxwqtaAWwnSE4Jzu1tYOQ2nsH6rQP3fpQp3yT/WcBHWrireVw602mMhEKJxCoT+ropb4BCRbUKch2dOi6+BVAZAKHd3CfExl2knI9MvhGiDvbpdsmrbUBtCH82Jje55D8Ns7yN3MMZ/rKe40EXSISxHsFLJTb9vtnoXfMGKvWog3vVkqmIfXawMDWT/GnQDXIwvatn/tNx3PrH23fyGQeccXsti+DtvwUju599xF17aEGHR3+VXOAmlvFwXqgWNC+PfIb5aSAKHizXyul7PmBb1SOVosyx6pSzPbSMiUpe/6V+8fapJfcVs0d/KVDvGcG6wzNfNQR44a0DJ7h1c1ot1Nu2xGxBKbG5CAPSct3m9FomClQlLlKA+GFcWJBYzGzXPAesXncC7At5zX13WxOBIuHAQQkmTEewfKEMnErYBObTSmg4EWYj08jcEXjupZr2a1UKmqs01bFBO2cJ0HWF/ai7Mv513iQIR/mnsuKaiCkggJN/1gck0CQvDmgjodbvLrikvNQWb/fkVnrKANfHTjRhGlWa3vzk7r1iTYz/tZ5+WxdyuJ53uKbDvnoHzJZsZcTl/C1oW9n5jgisP+/peakSDMop+beM35mqk8FZCAnuebrrcYvdCMCoiPaxvmbAhZmoswbl6QTaMDsvXM0Ra044YjQ7mgZKqtFtNj0e65awM9040zsoSnAzyQnhr939EQIxElrppetPKrnEXH6hbW9bWvOo+E0KrBztcreCeZh12 X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: a2cfd8da-c865-4bff-01b8-08d921c4caef X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1956.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2021 10:38:55.3142 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uymsFRwGtO/1kLFsDoEq77y8+48tu/r+47tMuQjLeCpWYD0KBI/o4cWKt+1Rt9AemPGFYcDknH29xzDWV2WgV/m1Tp69XmbUrl0e+42li2E= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3780 X-Proofpoint-ORIG-GUID: Q9IvUh9chfdnZvh0E3hFOwlANOXiQwOh X-Proofpoint-GUID: Q9IvUh9chfdnZvh0E3hFOwlANOXiQwOh X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-28_04:2021-05-27,2021-05-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 adultscore=0 mlxlogscore=999 clxscore=1015 phishscore=0 impostorscore=0 mlxscore=0 priorityscore=1501 bulkscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105280070 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Daniel Borkmann commit d7a5091351756d0ae8e63134313c455624e36a13 upstream Update various selftest error messages: * The 'Rx tried to sub from different maps, paths, or prohibited types' is reworked into more specific/differentiated error messages for better guidance. * The change into 'value -4294967168 makes map_value pointer be out of bounds' is due to moving the mixed bounds check into the speculation handling and thus occuring slightly later than above mentioned sanity check. * The change into 'math between map_value pointer and register with unbounded min value' is similarly due to register sanity check coming before the mixed bounds check. * The case of 'map access: known scalar += value_ptr from different maps' now loads fine given masks are the same from the different paths (despite max map value size being different). Signed-off-by: Daniel Borkmann Reviewed-by: John Fastabend Acked-by: Alexei Starovoitov [OP: 4.19 backport, account for split test_verifier and different / missing tests] Signed-off-by: Ovidiu Panait --- tools/testing/selftests/bpf/test_verifier.c | 35 +++++++-------------- 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c index 662d6acaaab0..e1e4b6ab83f7 100644 --- a/tools/testing/selftests/bpf/test_verifier.c +++ b/tools/testing/selftests/bpf/test_verifier.c @@ -2873,7 +2873,7 @@ static struct bpf_test tests[] = { BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, -8), BPF_EXIT_INSN(), }, - .errstr_unpriv = "R1 tried to add from different maps, paths, or prohibited types", + .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", .result_unpriv = REJECT, .result = ACCEPT, }, @@ -7501,7 +7501,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 3 }, .errstr = "unbounded min value", - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", .result = REJECT, }, { @@ -7526,7 +7525,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 3 }, .errstr = "unbounded min value", - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", .result = REJECT, }, { @@ -7553,7 +7551,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 3 }, .errstr = "unbounded min value", - .errstr_unpriv = "R8 has unknown scalar with mixed signed bounds", .result = REJECT, }, { @@ -7579,7 +7576,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 3 }, .errstr = "unbounded min value", - .errstr_unpriv = "R8 has unknown scalar with mixed signed bounds", .result = REJECT, }, { @@ -7628,7 +7624,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 3 }, .errstr = "unbounded min value", - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", .result = REJECT, }, { @@ -7700,7 +7695,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 3 }, .errstr = "unbounded min value", - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", .result = REJECT, }, { @@ -7752,7 +7746,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 3 }, .errstr = "unbounded min value", - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", .result = REJECT, }, { @@ -7780,7 +7773,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 3 }, .errstr = "unbounded min value", - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", .result = REJECT, }, { @@ -7807,7 +7799,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 3 }, .errstr = "unbounded min value", - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", .result = REJECT, }, { @@ -7837,7 +7828,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 3 }, .errstr = "unbounded min value", - .errstr_unpriv = "R7 has unknown scalar with mixed signed bounds", .result = REJECT, }, { @@ -7868,7 +7858,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 4 }, .errstr = "unbounded min value", - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", .result = REJECT, }, { @@ -7897,7 +7886,6 @@ static struct bpf_test tests[] = { }, .fixup_map1 = { 3 }, .errstr = "unbounded min value", - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", .result = REJECT, .result_unpriv = REJECT, }, @@ -9799,7 +9787,7 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), BPF_EXIT_INSN(), }, - .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", + .errstr_unpriv = "R1 has pointer with unsupported alu operation", .errstr = "R0 tried to subtract pointer from scalar", .result = REJECT, }, @@ -9814,7 +9802,7 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0), BPF_EXIT_INSN(), }, - .errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types", + .errstr_unpriv = "R1 has pointer with unsupported alu operation", .result_unpriv = REJECT, .result = ACCEPT, .retval = 1, @@ -9827,22 +9815,23 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), BPF_EXIT_INSN(), }, - .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", + .errstr_unpriv = "R1 has pointer with unsupported alu operation", .errstr = "R0 tried to subtract pointer from scalar", .result = REJECT, }, { "check deducing bounds from const, 4", .insns = { + BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 1), BPF_EXIT_INSN(), BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1), BPF_EXIT_INSN(), - BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0), + BPF_ALU64_REG(BPF_SUB, BPF_REG_6, BPF_REG_0), BPF_EXIT_INSN(), }, - .errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types", + .errstr_unpriv = "R6 has pointer with unsupported alu operation", .result_unpriv = REJECT, .result = ACCEPT, }, @@ -9854,7 +9843,7 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), BPF_EXIT_INSN(), }, - .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", + .errstr_unpriv = "R1 has pointer with unsupported alu operation", .errstr = "R0 tried to subtract pointer from scalar", .result = REJECT, }, @@ -9867,7 +9856,7 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), BPF_EXIT_INSN(), }, - .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", + .errstr_unpriv = "R1 has pointer with unsupported alu operation", .errstr = "R0 tried to subtract pointer from scalar", .result = REJECT, }, @@ -9881,7 +9870,7 @@ static struct bpf_test tests[] = { offsetof(struct __sk_buff, mark)), BPF_EXIT_INSN(), }, - .errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types", + .errstr_unpriv = "R1 has pointer with unsupported alu operation", .errstr = "dereference of modified ctx ptr", .result = REJECT, }, @@ -9895,7 +9884,7 @@ static struct bpf_test tests[] = { offsetof(struct __sk_buff, mark)), BPF_EXIT_INSN(), }, - .errstr_unpriv = "R1 tried to add from different maps, paths, or prohibited types", + .errstr_unpriv = "R1 has pointer with unsupported alu operation", .errstr = "dereference of modified ctx ptr", .result = REJECT, }, @@ -9907,7 +9896,7 @@ static struct bpf_test tests[] = { BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), BPF_EXIT_INSN(), }, - .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", + .errstr_unpriv = "R1 has pointer with unsupported alu operation", .errstr = "R0 tried to subtract pointer from scalar", .result = REJECT, }, From patchwork Fri May 28 10:38:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ovidiu Panait X-Patchwork-Id: 450024 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.9 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, UNWANTED_LANGUAGE_BODY, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8799BC4708D for ; Fri, 28 May 2021 10:39:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6DC0D613DA for ; Fri, 28 May 2021 10:39:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236682AbhE1KlR (ORCPT ); Fri, 28 May 2021 06:41:17 -0400 Received: from mx0a-0064b401.pphosted.com ([205.220.166.238]:32612 "EHLO mx0a-0064b401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236651AbhE1KlM (ORCPT ); Fri, 28 May 2021 06:41:12 -0400 Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14SATXsJ032286; Fri, 28 May 2021 03:39:02 -0700 Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2102.outbound.protection.outlook.com [104.47.70.102]) by mx0a-0064b401.pphosted.com with ESMTP id 38thst8j2t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 28 May 2021 03:39:02 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OX2/rExbN/QumdJ3G15lcy6HQ0wisxA7cZdTMKYh0GmYLtiT5cCOYn5qdj0c4Fcwbc9JXQy5ASV2mWgsX8ObT8MKJtCeCNhotCE7eF62b/vv0OSrjD5KI4Ao73BUQYs/o5SPsOSaIqRajqIBHs2vBSokL/t69IhDWeJ5aTQid3GTTDHZ5yULfLkqkZA4j09+lHxKSjZoToqPuE2fSbaKemYIQo5vZAUz6jZLxY5SXdqJlmBUJgbzfSLAPHQ7ga08Xd8totfIfACKkM7XeHdHUAWp1OR0tYaYk93NkOuNQxziPX73d9uQDDEe2V24xT5vXttBN/bzmK0Sx7OUoTMDhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DiuFRIUj6RJW70Y2WGcacIcv6oPV9a1e/QtGGwcPjbQ=; b=Vm/vBKVNy3ATIMq2/61rXm2uhmCtwX8+9k+UG5t+5Y4tWpD6cEdt25Rg22GgbWwpKoL8C2wD8JkNQ2sfOFLMNGJSvO2YP7f8FtUUZfU5QDruTDj9oXWDYCnFsI+RdVXwnP7HEI7DSFl7dEu5c0j7UG5QAMTu3EQY+RTFuTday7dy/aoz9j5daidwJ7xhDVnflZBjS6/5w5wFuzJXpeMDzBZBQvbZIcPOti6CPnjnUfwEi5Hdc+nb1DlT93V5ZvhZp7XjmnZV2qSn8mIoFs43wCJ1WmQhXxyHdAy4zHkR7b16tmxcMuge1D319VASRpe0434CiBtuBa8c4xzVK9WUXQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriversystems.onmicrosoft.com; s=selector2-windriversystems-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DiuFRIUj6RJW70Y2WGcacIcv6oPV9a1e/QtGGwcPjbQ=; b=G7kJid7ed+lx57BWgM77Lerw/P9RSllZZto6bSXeXe1j3rRP0r/zdOVcdc7ij0I6/DeiKjkXtykHGlCJLi0wrPmiB83KcHzxJcabhrJ7xoqwONHw+v54TC6GODFCsWOGQh+cb+dKk6Pg5mMkwW78OtI0+RcYXAZaD0Kw7m22JSk= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=windriver.com; Received: from BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) by BN8PR11MB3780.namprd11.prod.outlook.com (2603:10b6:408:90::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Fri, 28 May 2021 10:38:59 +0000 Received: from BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33]) by BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33%3]) with mapi id 15.20.4173.024; Fri, 28 May 2021 10:38:59 +0000 From: Ovidiu Panait To: stable@vger.kernel.org Cc: fllinden@amazon.com, bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net, yhs@fb.com, john.fastabend@gmail.com, samjonas@amazon.com Subject: [PATCH v2 4.19 17/19] bpf: Wrap aux data inside bpf_sanitize_info container Date: Fri, 28 May 2021 13:38:08 +0300 Message-Id: <20210528103810.22025-18-ovidiu.panait@windriver.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210528103810.22025-1-ovidiu.panait@windriver.com> References: <20210528103810.22025-1-ovidiu.panait@windriver.com> X-Originating-IP: [46.97.150.20] X-ClientProxiedBy: VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) To BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from otp-linux01.wrs.com (46.97.150.20) by VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Fri, 28 May 2021 10:38:57 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 52b4494f-590e-4dac-6ae7-08d921c4cd19 X-MS-TrafficTypeDiagnostic: BN8PR11MB3780: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:785; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 3e2NHoOGrn+Tt4pCjjrkWQhn7SCRl+HAucdHhhtLFEZX0+XCYKBe7Pt9dTjzY5CMGzw05sbe2N4BD6sFlOnMBS94ID/IijTSoP6NfqlTyCaGTazCMsXdVbcg3AwQp+KeUYMnBHkLw9SFwLTCmU4MOYnxp06p08iJtL4TylMbPlEeh4K9+N0KFfGDnO7kccsugxafvQEZL9M8HZ+NnH7sgKCHCYttEEND3od9r8Cqi2EKxZF1lFmJkWytGI1o8dr3ybX6ZwYfGrkALX8J1aTqB4d9Xni6hQpaxTnQ3F1U8aQucO/TJ0WyYU14vqxqjdKsHvf0HqvEeU2nKY1EKpG9aLi2L53brHtumFEue9+kme7bvTVujkEEPnW9kWiThKk9YQ4hlYEYY4Al5B0E2Jn7n4KJFFBimxZ4SKD8zhDzLU5LmnKQpJpXfYJN9svshqdkv4/GdUjuSY7BblFxDvXFYMa3GAR+oSpCGmjdrgLKlH5QCijQkNsnp5ZUmxetwG8HqbqfnLykJB1zzr+Y8RytafTdIAQO0dA2nr3AKYkK0hDBr7vbwz+E9D7FjBTaLvoAxtc8NsdRC26KUmFtcAwhaZdsjwVMEV6UYwN8oiBXwNL1t9SvTAdoPmaPKIFe1uTIaRe5x/r/8+tHfeUwSE9uhFRd8kNFZBaPVzzuVH2im/k= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1956.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(39840400004)(346002)(396003)(376002)(8676002)(6506007)(26005)(6666004)(316002)(52116002)(8936002)(5660300002)(66946007)(66556008)(66476007)(2906002)(83380400001)(38350700002)(6916009)(38100700002)(4326008)(86362001)(6512007)(186003)(16526019)(956004)(478600001)(44832011)(6486002)(36756003)(2616005)(1076003); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: HhB3RE2TRAg6JGFiu9qn53xj1kvWQCKJ7OVzaGeWn+b+ULKfaCQMweRkxPh4vcTVrewDbdn4MvqVgpFI7YJYG9fEb/F/R2lYAyiZwM+hooUrR4i4weTTosRXXJd3Aosw5GphrYVILX40NggkbZAq1L+zUjBB6JgfCB4muvr25Ny+RLXygdm7cIqOTdK6/K87DgtBC6cAMztNKkMuAIhjlim+rjPp/tm5CU9R2QxV8OT8P7AnMRxAy2omWR0cr760HhaIwy0RA0rAmrasktQhr3OGw/bxXHOR1/IWkY70wJD6m4eSGe+NGquPE9tKc0/B9NNRCUBYKB1CBSxNtbLfi6XdvVS6Ls6FAJ07OrJcpqieCHXALd5yXQG2TOAdokrWRTRBByy0HZojzOz1lvwFFbJ3tJVAaZT5snYmSmxPG0VdhPL3a7uaDa96BxpRmgWTK2zddXVKWFngt73z/nLIr2halUKa2i03/fUcSsaQILAE738v4NHfu+rP4SQ5Q2kyojnXJ0v/wCeF8Z58KeUITkOa/P8Ld2NL3d4A6qeYycxh+QVLGZPAjTg3ip3BKcJeOyc+sAtsFIsYBdShyj9w6aHg1duShVAeZYS9UEum1Wig4qKjIo46SAD91Qso2yjUPVIJ7Ncc+udth5lpNOwsYQDQwTz4tHIO/dk2suDELOsB1J9DRLfGcrqFbOaa3ZkUF9JStjgxPbeFYIiMlyUbZ5p6WY944QHA+iipwVIpyPJy4m+urijOK4PubRQTskb9mvwnzPY2YCAzW+0c8xIRE5HfxsscFYXSjxLRc9JA/gVcU5iZMl1jzjmIvf4ICUP2Ja0DiCKKsWmJLfjBJNGY3t06DmvVGrhM66fXfvDyhazo8h2fM+1PTzBi1xiVl4AntZ+bOVdm6M7XWDt0okmWUlMcOgmtJ7EOhOd2qT5eAA5E9R+z2u1T/Ha/yr7JUAx3fYMBtAOgIBuWpn37jwQX17fr5+L2+suaupKAbYADpvGYRP/40sbxcIZUE/0/6m75wpg1DBPDS6fCdGuj+HTU5AyaWZfAPTM6WoDHVZ9kMhKyrp5t0bZwZ6kEtlf/Zaot/X7VftTjGaWBG9f7zYqym+Y0GT+qlAlj61Jw7vouJERmCtYAJnDpmeN60pE/XnPdRTyZ8pqVAaBhrVjFlpNWCsBOSPyhvZ5plXg6B4V+KdgIZbjfoXAT/wH5IqOFo5wDRVzwzsg06cRlzzRwKgFwJZWNQg3YYuOJ6Vj0iR9E80h0nELUlI2v/BvX4tCL0642A0+MyKO8tIDUzG47UB4dWKTmEhXfOfvpO5IH2LwQmyYsghotuevr4qFvNaw22QWB X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 52b4494f-590e-4dac-6ae7-08d921c4cd19 X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1956.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2021 10:38:58.9546 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: rPIsHEdRtVYoHY4LGNiX7kBw/8Iq5df/FZCjtyXo53KInrj8LCLYKsflLzSU/SxK2k7M3mbdouuJJnZLQL7i2bkq1EmkR7WF/AnraLZS50M= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3780 X-Proofpoint-ORIG-GUID: SygMTX4Y6oIvlwvKAp8HyMsSUGVxSotJ X-Proofpoint-GUID: SygMTX4Y6oIvlwvKAp8HyMsSUGVxSotJ X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-28_04:2021-05-27,2021-05-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=999 priorityscore=1501 adultscore=0 suspectscore=0 phishscore=0 bulkscore=0 lowpriorityscore=0 clxscore=1015 malwarescore=0 impostorscore=0 spamscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105280069 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Daniel Borkmann commit 3d0220f6861d713213b015b582e9f21e5b28d2e0 upstream Add a container structure struct bpf_sanitize_info which holds the current aux info, and update call-sites to sanitize_ptr_alu() to pass it in. This is needed for passing in additional state later on. Signed-off-by: Daniel Borkmann Reviewed-by: Piotr Krysiuk Acked-by: Alexei Starovoitov Signed-off-by: Ovidiu Panait --- kernel/bpf/verifier.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index faae834aac49..0066ea8ecdaa 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2815,15 +2815,19 @@ static bool sanitize_needed(u8 opcode) return opcode == BPF_ADD || opcode == BPF_SUB; } +struct bpf_sanitize_info { + struct bpf_insn_aux_data aux; +}; + static int sanitize_ptr_alu(struct bpf_verifier_env *env, struct bpf_insn *insn, const struct bpf_reg_state *ptr_reg, const struct bpf_reg_state *off_reg, struct bpf_reg_state *dst_reg, - struct bpf_insn_aux_data *tmp_aux, + struct bpf_sanitize_info *info, const bool commit_window) { - struct bpf_insn_aux_data *aux = commit_window ? cur_aux(env) : tmp_aux; + struct bpf_insn_aux_data *aux = commit_window ? cur_aux(env) : &info->aux; struct bpf_verifier_state *vstate = env->cur_state; bool off_is_imm = tnum_is_const(off_reg->var_off); bool off_is_neg = off_reg->smin_value < 0; @@ -2852,8 +2856,8 @@ static int sanitize_ptr_alu(struct bpf_verifier_env *env, /* In commit phase we narrow the masking window based on * the observed pointer move after the simulated operation. */ - alu_state = tmp_aux->alu_state; - alu_limit = abs(tmp_aux->alu_limit - alu_limit); + alu_state = info->aux.alu_state; + alu_limit = abs(info->aux.alu_limit - alu_limit); } else { alu_state = off_is_neg ? BPF_ALU_NEG_VALUE : 0; alu_state |= off_is_imm ? BPF_ALU_IMMEDIATE : 0; @@ -2983,7 +2987,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, smin_ptr = ptr_reg->smin_value, smax_ptr = ptr_reg->smax_value; u64 umin_val = off_reg->umin_value, umax_val = off_reg->umax_value, umin_ptr = ptr_reg->umin_value, umax_ptr = ptr_reg->umax_value; - struct bpf_insn_aux_data tmp_aux = {}; + struct bpf_sanitize_info info = {}; u8 opcode = BPF_OP(insn->code); u32 dst = insn->dst_reg; int ret; @@ -3035,7 +3039,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, if (sanitize_needed(opcode)) { ret = sanitize_ptr_alu(env, insn, ptr_reg, off_reg, dst_reg, - &tmp_aux, false); + &info, false); if (ret < 0) return sanitize_err(env, insn, ret, off_reg, dst_reg); } @@ -3176,7 +3180,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, return -EACCES; if (sanitize_needed(opcode)) { ret = sanitize_ptr_alu(env, insn, dst_reg, off_reg, dst_reg, - &tmp_aux, true); + &info, true); if (ret < 0) return sanitize_err(env, insn, ret, off_reg, dst_reg); } From patchwork Fri May 28 10:38:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ovidiu Panait X-Patchwork-Id: 450025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2A3A3C47087 for ; Fri, 28 May 2021 10:39:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EBD0E613B5 for ; Fri, 28 May 2021 10:39:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236645AbhE1KlE (ORCPT ); Fri, 28 May 2021 06:41:04 -0400 Received: from mx0a-0064b401.pphosted.com ([205.220.166.238]:12114 "EHLO mx0a-0064b401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236450AbhE1Kkx (ORCPT ); Fri, 28 May 2021 06:40:53 -0400 Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 14SAd1uW010300; Fri, 28 May 2021 03:39:04 -0700 Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2103.outbound.protection.outlook.com [104.47.70.103]) by mx0a-0064b401.pphosted.com with ESMTP id 38tqu5ra2g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 28 May 2021 03:39:04 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZZpxWxW8S72PPNzoz9Vr3tC83TcVCQOqb/PiNAX3f+qcfmh9xHHkezaC0w1LUz41ZNgC56o1KSfzybYbh71A2hv18/DyoPHmAt2CN2uOl7iHx/M3hsuJcskyN2YFb2El2O4IlcT16jQ7PdIcYD7BplGrORbUAC2jBTXfTxAVmEYds3uJdvaiWLyFA6LaEGyrvxKKHqYD8YT/4qp+HQ7M9RWTMcg/9nUNjJzLQqbQNirXGbW7t57Ctk72+eoHJB312YdBQ8H/DzJaDIsGrjlZSif5eG1ACbcu4VkXNsSgzWGDYAo6JHYIaPFA4/490wjHlNQ1WWjlbh1C6m5BGMLbPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uOl+lHLy98Br7UV7Ug+ZZ99sQZJwF4suLij5peopURo=; b=lrORWlgmt0P/XfcnLkb+ufVdMj8wm3D8icEw4qK6JrgL+WOEhiRdZZJFFQ55ahNaDUNo2PCXthS/l6gJAQrTtd9yKpmLXkUL0fmLPNBtK0lemyTvCmhVamEaSMydc5vbwz+TeBs676oKWVnExHgfEYPfE34ZP6bwh9ZgQ43MhhU+MClj0CxoWHfWXplomdfjyIbLboQOb9GzTQoYRA0j8IkYpKxcUWj+yN499JpgYDuCErLpfAvTZIldnr0w+9Il3AafKpqo2vlkq6Of4zdv03jCP6YNonZj0I1bsmN0ItnKlhLrDU5JSFLCQMlsipph2lDMvyEACRP74lLUSX64IQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriversystems.onmicrosoft.com; s=selector2-windriversystems-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uOl+lHLy98Br7UV7Ug+ZZ99sQZJwF4suLij5peopURo=; b=hru7Yf06xB+r0WXVdAVZT4kljO+0h5ELUj4MYb1Rl1DSuy0Ix7aY02GwNeah3SCcx5Gk+s1aeRmGPfj0yeonDQ8iX1TBZtTZpJvUlamTqJnzSzHuiW3jhf4yeVc6ugQddVbqKdWZjjtaZq/VBvJedhwiiXtpfCGZkHQWtJGrxw8= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=windriver.com; Received: from BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) by BN8PR11MB3780.namprd11.prod.outlook.com (2603:10b6:408:90::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.24; Fri, 28 May 2021 10:39:02 +0000 Received: from BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33]) by BN6PR11MB1956.namprd11.prod.outlook.com ([fe80::f100:256b:e0af:7d33%3]) with mapi id 15.20.4173.024; Fri, 28 May 2021 10:39:02 +0000 From: Ovidiu Panait To: stable@vger.kernel.org Cc: fllinden@amazon.com, bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net, yhs@fb.com, john.fastabend@gmail.com, samjonas@amazon.com Subject: [PATCH v2 4.19 19/19] bpf: No need to simulate speculative domain for immediates Date: Fri, 28 May 2021 13:38:10 +0300 Message-Id: <20210528103810.22025-20-ovidiu.panait@windriver.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210528103810.22025-1-ovidiu.panait@windriver.com> References: <20210528103810.22025-1-ovidiu.panait@windriver.com> X-Originating-IP: [46.97.150.20] X-ClientProxiedBy: VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) To BN6PR11MB1956.namprd11.prod.outlook.com (2603:10b6:404:104::19) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from otp-linux01.wrs.com (46.97.150.20) by VI1PR0102CA0083.eurprd01.prod.exchangelabs.com (2603:10a6:803:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.20 via Frontend Transport; Fri, 28 May 2021 10:39:01 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 20ded05a-cd7b-4f3f-6352-08d921c4cf41 X-MS-TrafficTypeDiagnostic: BN8PR11MB3780: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4303; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /rCC0/JQKDjPwapJwAzPpprt0W62rkhFJiy0sbQbwbW7KwZheduMGkjE9RmqbosLhYl+zIMEcYHaPebXGCGtLtY2PqzNL4SETjYjvTAq51+yXJezmy32aRBtS5sJzBSb4F9k0iYN0kaslFs/7VDlgjIJPaWdiSvtP6KBgRLSIa96/os2rknWFo8NtrK9xZkYgozfFNyiK5yw06UKbOiUthW/Bo9jF+lWO93fdkii6dxGQ/thf3pIh0hZMzf4Pa6IVW5ZC1aqB1TrOtXm+jO/ngFN/lX+mycYHakH1D3t2ifGXXMGfXvIsAq9Uc1xnmSV5yTVJ0BzoiT+us2iXvuAw7hAzi3nNoT1JMaYobRB/ciXGHLBMGtbJD3Szadt/B3LwpMjjKqCwAY8bx4F2dsA7BxI4MtDIYtDjDZCIEQSZfSHRyefeZ3D0MuLGAZ4OzWlni9CqE1JuRGeKGxY62CBnhV5PKjBWVCLybuoMz27mTiFvARPUcaa43leyM2CU1igK34HvkuRVrn7I2SqSGE5hW1cEY9yHQGLic1d6WfiJFZgGQJelwk9aQz+XvZUq9MbVnViLTTOQ7RrO4iKUTCJokTZ+ki3xTeIKu8B1B2YhNrVl+hYo2bgSGst3Wf+8qgpU4/0/gCCDMaMIrVtq2FDgbSJl8GrFXpzMxnME5hhM6WWj+iZUCrepH08iUnHd0N5 X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1956.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(39840400004)(346002)(396003)(376002)(8676002)(6506007)(26005)(6666004)(316002)(52116002)(8936002)(5660300002)(66946007)(66556008)(66476007)(2906002)(83380400001)(38350700002)(6916009)(38100700002)(4326008)(86362001)(6512007)(186003)(16526019)(956004)(478600001)(44832011)(6486002)(36756003)(2616005)(1076003)(14773001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: nlw2s0jGLQ7tq+Z4MLyRj5UeAHKQ0yn962eUkSOwuXAWWqaV3eQYgxgap++QFu5djZJnhIMNYwX/ZUMBu5AlVnTa3BRCLhqbPNwQIULLQkvM1xh5sL2khEsSfrGO2OhFozDkCQp2r+l/Y2st/GgOfcx4vj7r+RvAZNDlCNnaGCbgj1p5maQpmBlXkYU5nVqRQ2CKh3axr8H2k7omhZOEKkaWrx1ynnj3cd0UX0vwT/hzE+p9ne2bAGb3AQUAKelNDOM8EGlV3YEjk9XH+0tLBeyrAnKjuODj82LIXgaX6zhd2OhTzAu/TWBL1/Qu9aSmBfowquaDX+VLcB87uQcemxGv2TYsT6uNEw8EBywfsEhDJ7+A9LLsmBtt4GffR3AJ6wmXxctkebyNoK83ZtO4xWdNdW6ACE6a89rqHZIHhd2hEgfgfqwpBI8cXBy7lYj6KvraOyz/qXgzssOl9pVh5kC57exhiscnBH8u/L+emOzs0MAEAIzq0CWWGmgFGoF/NrUvrB6uZwrK1mHjdr6J1JsyiudxR81XOkGLqTnicSw0AxC1n4j1MYnGVzSRQHjs0SoxlhQ3g4gh92jtkOi1tss8JR4DIo2KgXvnl4OEGGbO6sF7EWCgS4DeFO8Uno3KYer8crXXAa0ZTtKIhGoAgH/YsNgQ+KBs6tiqm2cn9fJjFHAMooHT/SW1kFZnEKEW+elhREBBzmGF1V6wTRge5ZbmqPTSZOEWMoE55BFTMMc9AlbmZVvbu6HkRXstxjwYh+POVng42vgLoX0nWa2tY2NRl6rEwSJoqCIBRLIUjZ7WaObAQJS8Z7mE5X/PGI9W6Td74ulx/93ehBUg/Nym6AVpsT8Kw+oIGgsiYXMpRKIEmUJciR+Ic1Z+FU9O3g1m8oua1idF8JkmpcFCMV7aB1CfeCI7TPcF8oMoqKK4hfQdL4rZojR6dNtqBTbVFL810cpB8l6cFfOD85r2wdnqrkJkTvaHHzP4GiycgTQKgXundwL5yMpkDBgjs+ZBrmAN8HW3hCBUAo7hdzk5uvU++ZvZQwQrVJXYCdAnZn89bZOLdnUGxT+37k41lwN8DMbCr7DlsewDCUx+aYZTS8uKHiVwA9ZnaiaQvv/YMj56mV3C+Swt1aI587MPEJXMGP6zfWFUjA7Kz+qXvp3LsJaED5rOEh0Xv7q/LYda6vqC+YrIVx87KkTtcQzpiSxU/Xl1c6FeIGDSFQjkM3F/LmYmemflGvxg848p+V3/9rCXhtt74LUKVmi6w2638R1QStRpZPAUfAgDRvGMnADToIZ63A35aKWB95Q/HiMrP1yBxEKg/mAxGUVh6lCV3Zjd6gaA X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 20ded05a-cd7b-4f3f-6352-08d921c4cf41 X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1956.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2021 10:39:02.5790 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: AIILU6r8LO9fZ1+xCW3Oa9hjtCkyko4QynKlA99QCSy7j+kop6Spl6+FntUNLzbzgmBZOxUmYX3fGRLjdGmD/BTeDLgOt4c/LJDwzy1tP38= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3780 X-Proofpoint-ORIG-GUID: fvr5HchqpR_HIgr3TXWiJ1inHUiUlSc4 X-Proofpoint-GUID: fvr5HchqpR_HIgr3TXWiJ1inHUiUlSc4 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-05-28_04:2021-05-27,2021-05-28 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 spamscore=0 adultscore=0 mlxlogscore=999 clxscore=1015 phishscore=0 impostorscore=0 mlxscore=0 priorityscore=1501 bulkscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2105280070 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Daniel Borkmann commit a7036191277f9fa68d92f2071ddc38c09b1e5ee5 upstream In 801c6058d14a ("bpf: Fix leakage of uninitialized bpf stack under speculation") we replaced masking logic with direct loads of immediates if the register is a known constant. Given in this case we do not apply any masking, there is also no reason for the operation to be truncated under the speculative domain. Therefore, there is also zero reason for the verifier to branch-off and simulate this case, it only needs to do it for unknown but bounded scalars. As a side-effect, this also enables few test cases that were previously rejected due to simulation under zero truncation. Signed-off-by: Daniel Borkmann Reviewed-by: Piotr Krysiuk Acked-by: Alexei Starovoitov Signed-off-by: Ovidiu Panait --- kernel/bpf/verifier.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index a235342507a8..1f4c88ce58de 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2874,8 +2874,12 @@ static int sanitize_ptr_alu(struct bpf_verifier_env *env, /* If we're in commit phase, we're done here given we already * pushed the truncated dst_reg into the speculative verification * stack. + * + * Also, when register is a known constant, we rewrite register-based + * operation to immediate-based, and thus do not need masking (and as + * a consequence, do not need to simulate the zero-truncation either). */ - if (commit_window) + if (commit_window || off_is_imm) return 0; /* Simulate and find potential out-of-bounds access under