From patchwork Wed Oct 19 08:25:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 4636 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp212186wrs; Wed, 19 Oct 2022 02:06:55 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7Zldaq+hEfisXjIKyxk5uBFu2Ff8WW3pyeIPy1O1iaysCoyJKB/NN9gnsd1SQgUA5PSrXA X-Received: by 2002:a17:906:5d04:b0:722:f46c:b891 with SMTP id g4-20020a1709065d0400b00722f46cb891mr5848686ejt.4.1666170405044; Wed, 19 Oct 2022 02:06:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666170405; cv=none; d=google.com; s=arc-20160816; b=ypjsCUewH1E8eQT4Lmtwr/myYLr30uXSvrwL/1brBINH+3RG/+pYvNSe68kmwW4Q5R ULawi5Y+YhSY5cXxgItN2peuFlfdDJk2QU+amBZqJ/sCYsRx39GhOi3Ugoik0UX1a+Hc msGxRe3z8m/WCaZ4WV6it/V+PMt/SGTKMMBR/urg1NcsTfk3KKZUTWlayE0AD62wREJi F2pp5SMFBfBR0HPuyZT9UFKrRaYoxz4D4EhornrOzo6DrRNQTm75S376Dlui2PsGSjjz g6fdUpuh3IYPlF5bR1N0fpaFDDFXM722zXoAsk9Sdu1cknXWN1mBuSgk3UjRYXY8tFzd Pgvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=L1ovdmAtjtt1aDIRSjQsKmE77cBc3L+p+XtHOcJ0abc=; b=BjYz8pTsOmNAmmz2pv39kl5uuK3scGHK82E2TSzlII5sKGrgjOJqKtyoyD/luKc5JC R02FW9YiXZaSOAP5chij7EmRRMJuLrEEjhzd/CXhgwUMdBmz/mpxxkbo8hzu3BL0xysQ T3wPFxYXvAznpB2CuKa2KDUIHECInPOshwxSk28PgOkqlnIEIALcuXfLviBZW9dqK62c /+xNiRj0w67T9VC5jZp12rdD3n6hvWMJ/JMnqVPNw4AgeSh0Kl9jfTuvhuFFvHiC9+V+ 502RuQRJLXT4KRcIW730Gv2S9BQMAAHBCDCy9BjeT3A6QSTRZItQ9NQ24x7yK2hkLg1h mH1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=UmHHcEOZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hr2-20020a1709073f8200b007919b3ad78esi4491616ejc.495.2022.10.19.02.06.12; Wed, 19 Oct 2022 02:06:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=UmHHcEOZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232024AbiJSI5f (ORCPT + 99 others); Wed, 19 Oct 2022 04:57:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60606 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231968AbiJSI4m (ORCPT ); Wed, 19 Oct 2022 04:56:42 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B947CE85; Wed, 19 Oct 2022 01:53:00 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 442906187C; Wed, 19 Oct 2022 08:51:52 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 52D8BC433C1; Wed, 19 Oct 2022 08:51:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1666169511; bh=G3B/VF+S16OMDOiqigw8aZvlTpB0ciFKkf7elAxmEL0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UmHHcEOZZLP1W7dByqKbK4yIZh7tRb8IHVlN6d5+8W+REWJ80L3OVdRAu61Kjph+D ga3QvgKlp5nAKuP7MWnYrpup4tUQP0LCMe4+jLhqszkSleb50NfNAnrCsJMIeKiDml ZDgZXXMz/sd6N/oKbb5CRuMC/zN1bfdsOovWJADg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stanislav Fomichev , Lorenz Bauer , Alexei Starovoitov , Sasha Levin Subject: [PATCH 6.0 271/862] bpf: btf: fix truncated last_member_type_id in btf_struct_resolve Date: Wed, 19 Oct 2022 10:25:58 +0200 Message-Id: <20221019083302.004100561@linuxfoundation.org> X-Mailer: git-send-email 2.38.0 In-Reply-To: <20221019083249.951566199@linuxfoundation.org> References: <20221019083249.951566199@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747106298572686280?= X-GMAIL-MSGID: =?utf-8?q?1747106298572686280?= From: Lorenz Bauer [ Upstream commit a37a32583e282d8d815e22add29bc1e91e19951a ] When trying to finish resolving a struct member, btf_struct_resolve saves the member type id in a u16 temporary variable. This truncates the 32 bit type id value if it exceeds UINT16_MAX. As a result, structs that have members with type ids > UINT16_MAX and which need resolution will fail with a message like this: [67414] STRUCT ff_device size=120 vlen=12 effect_owners type_id=67434 bits_offset=960 Member exceeds struct_size Fix this by changing the type of last_member_type_id to u32. Fixes: a0791f0df7d2 ("bpf: fix BTF limits") Reviewed-by: Stanislav Fomichev Signed-off-by: Lorenz Bauer Link: https://lore.kernel.org/r/20220910110120.339242-1-oss@lmb.io Signed-off-by: Alexei Starovoitov Signed-off-by: Sasha Levin --- kernel/bpf/btf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index 7e64447659f3..36fd4b509294 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -3128,7 +3128,7 @@ static int btf_struct_resolve(struct btf_verifier_env *env, if (v->next_member) { const struct btf_type *last_member_type; const struct btf_member *last_member; - u16 last_member_type_id; + u32 last_member_type_id; last_member = btf_type_member(v->t) + v->next_member - 1; last_member_type_id = last_member->type;