| Message ID | 20231026-fix-check-stack-write-v1-0-6b325ef3ce7e@gmail.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp750118vqb;
Thu, 26 Oct 2023 08:14:33 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IH5Djk4HVSXA/yaqoGaoPJB6qexc5csiIMVIHQdCMZruNfQjxK7zdtsPRNfUP4LYDDQBphZ
X-Received: by 2002:a81:9292:0:b0:5a7:bb6e:7958 with SMTP id
j140-20020a819292000000b005a7bb6e7958mr17881441ywg.7.1698333273219;
Thu, 26 Oct 2023 08:14:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1698333273; cv=none;
d=google.com; s=arc-20160816;
b=K6L8WpO81cNBGeiSGEa84r1nV6+pQkJ6oQOzqInROU4j9MPiH/Um100TmChrPRh3Vz
mfDALoOUHJLi36mwzdf0Q0jC+ZGWndLvybb+R0Pnns/b1JC5UDq/8EwE3HtktennSvat
d/7T1FEU1mE8mVmiByHFAf53hgYL/xAMmB0QhO9B8BZWhUhVWxVNPRAoprk/0ZqifuVH
nCFKHTyBXUC4iEjZtHBqZUo8gOt/kbET0hiLTur+hhmsiNxMyBsxPasDUerUkm8i/c28
f9scH/9vYQbkA+nmhk6EtWz6MDJZYg08JVFAbpx1RhoSHUE3M8kARnDepXCJlPN39vDd
VRKw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:cc:to:content-transfer-encoding:mime-version
:message-id:date:subject:from:dkim-signature;
bh=w2K3z0z5gFfUSAY8cI9K8dVfuvFeW0ry0Hfw9vGOpx8=;
fh=wEBXkCY2ukhhRXhVifDp43GCnzawNYGLrV4OEZUeLUc=;
b=O5oVkwLcoi7G/tzjU8A4RibBsxRP8GLfp2w6VGKjsYFhKS8tIjyy+o7pMuhYbTggqw
liPqybJPKUoIReEasXqcuZfHYFS5PgyssKZzCt3JYOq2sepUNiS/qGkKnmOpdrkMDSz3
dbpUCE/ulDAPVDSpGyVe4hDRx2Pdl05JvlrfhNgE6k01zWkgAGCXLM1TyqatgUoWUy8H
rQwBq3/K9Hb5nm5PdJ5q6wEb97DE6Et7ZiRHyEEz+/cxlg9VbTYANN3+diqaWRwftLHf
g1v+oZoTdMrqTRwn2XcQ4Twglw8wggoGu16x66v8w0K/F7t7Ey/PtoBK1jiIGzHSdXJt
cGtA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=UthK9RLX;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.38 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from fry.vger.email (fry.vger.email. [23.128.96.38])
by mx.google.com with ESMTPS id
r129-20020a818187000000b005a81d9f04c9si16700357ywf.191.2023.10.26.08.14.32
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 26 Oct 2023 08:14:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38;
Authentication-Results: mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=UthK9RLX;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.38 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by fry.vger.email (Postfix) with ESMTP id 029FA8382180;
Thu, 26 Oct 2023 08:14:27 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1345445AbjJZPOL (ORCPT <rfc822;aposhian.dev@gmail.com>
+ 26 others); Thu, 26 Oct 2023 11:14:11 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42492 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1345449AbjJZPN5 (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 26 Oct 2023 11:13:57 -0400
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com
[IPv6:2a00:1450:4864:20::32f])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A27A1AA;
Thu, 26 Oct 2023 08:13:55 -0700 (PDT)
Received: by mail-wm1-x32f.google.com with SMTP id
5b1f17b1804b1-40836ea8cbaso7683335e9.0;
Thu, 26 Oct 2023 08:13:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1698333234; x=1698938034;
darn=vger.kernel.org;
h=cc:to:content-transfer-encoding:mime-version:message-id:date
:subject:from:from:to:cc:subject:date:message-id:reply-to;
bh=w2K3z0z5gFfUSAY8cI9K8dVfuvFeW0ry0Hfw9vGOpx8=;
b=UthK9RLXAss9Uc34RsA3frDBn8hSUrlNkA8CBVuFwXRXQj0dRFsOF+U4ZlnmzAnv4D
wzNPY6ileECGNEPYHS1AD7yfIeaskiqI2HozUic6+s3GMmQx9IeX/RqDAvsbT8DG1OuN
p0eC+GdoLvdrs9hNI4ksvaIYYd+gBVdklEiYj2F9Vd3U0DvZX51GNXpK9gSMNZWJan75
rpqRgkINlM4rdIxJpeuygusB4u231eATX/zDrOTE23f9Y9AQND6tSHBVnsuGDpBF5tES
Inuv7AJ8WNDLl7+1ufU7cJYGyomcOTpnypccR7W/Qop0GIlf2Jo7Ed9i0p/qnbC1wv8f
cbGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1698333234; x=1698938034;
h=cc:to:content-transfer-encoding:mime-version:message-id:date
:subject:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=w2K3z0z5gFfUSAY8cI9K8dVfuvFeW0ry0Hfw9vGOpx8=;
b=Mcpw6xBs8USQl+zi5UDl13zsyRdxLwPH+TIia35iSiC9ldy4bJKg5AAcPJLRQ8Tghr
3XqzhXzZcD32dlaw8CoBJT64HT07ogduaqp57YQDXm5yr3T5koZ5KNGdtSDTkCpmuHWK
0J15JB0xhs+vr01DXc8x2O8U7Gq2iAtJZNyTaf4eIMZITB1FGROpF4gNO8IhvqGHCKb7
EFNuB7aPBDd0KIGUputQW2zQM+vJdSQAWo0eD443WO9KxwXGuyLw0lSqNvVEmxB6lNVy
iqx2PIYVuftQJV3TG19KUzSsA+VYcYmbyYEXvQNSqDxvwu2wpb1QRsaBwFWcxW05RVsR
uLag==
X-Gm-Message-State: AOJu0YyUr2c6zzqiXObAgpb7Y7j4YgoHNDPeu65VPmPNu0p5Eh9O90N0
APhz3PuYNp9jyw8oMdUDpT29n2/vjQ==
X-Received: by 2002:a05:600c:154e:b0:408:403a:34dc with SMTP id
f14-20020a05600c154e00b00408403a34dcmr39312wmg.37.1698333233516;
Thu, 26 Oct 2023 08:13:53 -0700 (PDT)
Received: from amdsuplus2.inf.ethz.ch (amdsuplus2.inf.ethz.ch.
[129.132.31.88])
by smtp.gmail.com with ESMTPSA id
p12-20020a05600c468c00b0040472ad9a3dsm2843778wmo.14.2023.10.26.08.13.52
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 26 Oct 2023 08:13:53 -0700 (PDT)
From: Hao Sun <sunhao.th@gmail.com>
Subject: [PATCH bpf-next 0/2] bpf: Fix incorrect immediate spill
Date: Thu, 26 Oct 2023 17:13:09 +0200
Message-Id: <20231026-fix-check-stack-write-v1-0-6b325ef3ce7e@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-B4-Tracking: v=1; b=H4sIAAWCOmUC/x2MUQqAIBAFrxL73YJZCHaV6MNsrSWwUKkguntLP
wMD894DmRJThr56INHJmfco0tQV+NXFhZBncdBKt43SBgPf6FfyG+bihFfiQug7Za0xtpuDA9k
eiST8fweYjoCR7gLj+34dH7TqcQAAAA==
To: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>,
Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>,
Mykola Lysenko <mykolal@fb.com>, Shuah Khan <shuah@kernel.org>,
Eduard Zingerman <eddyz87@gmail.com>
Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-kselftest@vger.kernel.org, Hao Sun <sunhao.th@gmail.com>
X-Mailer: b4 0.12.3
X-Developer-Signature: v=1; a=ed25519-sha256; t=1698333232; l=785;
i=sunhao.th@gmail.com; s=20231009; h=from:subject:message-id;
bh=hVtWhlWKiLNsK4TYgLnM0yAhs3/EIdWSD0x17NE3x9c=;
b=2H7GmzLqjMdVeNw0YfwhoZY6qXRqYIpp46DpQQuOdRtHfXMGnuKNyu6wg+wOQJeOpW4DaB/X1
l5c9ynjK6qNCwSXgTI+g3ShDQEGI8HgOnTCN6Vca4SHK5J5YcC8Ic0A
X-Developer-Key: i=sunhao.th@gmail.com; a=ed25519;
pk=AHFxrImGtyqXOuw4f5xTNh4PGReb7hzD86ayyTZCXd4=
X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,
SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]);
Thu, 26 Oct 2023 08:14:27 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1780831510482016613
X-GMAIL-MSGID: 1780831510482016613
|
| Series |
bpf: Fix incorrect immediate spill
|
|
Message
Hao Sun
Oct. 26, 2023, 3:13 p.m. UTC
Immediate is incorrectly cast to u32 before being spilled, losing sign
information. The range information is incorrect after load again. Fix
immediate spill by remove the cast. The second patch add a test case
for this.
Signed-off-by: Hao Sun <sunhao.th@gmail.com>
---
Hao Sun (2):
bpf: Fix check_stack_write_fixed_off() to correctly spill imm
selftests/bpf: Add test for immediate spilled to stack
kernel/bpf/verifier.c | 2 +-
tools/testing/selftests/bpf/verifier/bpf_st_mem.c | 32 +++++++++++++++++++++++
2 files changed, 33 insertions(+), 1 deletion(-)
---
base-commit: 399f6185a1c02f39bcadb8749bc2d9d48685816f
change-id: 20231026-fix-check-stack-write-c40996694dfa
Best regards,
Comments
On Thu, 2023-10-26 at 17:13 +0200, Hao Sun wrote: > Immediate is incorrectly cast to u32 before being spilled, losing sign > information. The range information is incorrect after load again. Fix > immediate spill by remove the cast. The second patch add a test case > for this. > > Signed-off-by: Hao Sun <sunhao.th@gmail.com> Thank you for finding and fixing this issue. Acked-by: Eduard Zingerman <eddyz87@gmail.com> > --- > Hao Sun (2): > bpf: Fix check_stack_write_fixed_off() to correctly spill imm > selftests/bpf: Add test for immediate spilled to stack > > kernel/bpf/verifier.c | 2 +- > tools/testing/selftests/bpf/verifier/bpf_st_mem.c | 32 +++++++++++++++++++++++ > 2 files changed, 33 insertions(+), 1 deletion(-) > --- > base-commit: 399f6185a1c02f39bcadb8749bc2d9d48685816f > change-id: 20231026-fix-check-stack-write-c40996694dfa > > Best regards,