From patchwork Mon Oct  9 16:14:13 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: David Vernet <void@manifault.com>
X-Patchwork-Id: 150195
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:a888:0:b0:403:3b70:6f57 with SMTP id x8csp1976642vqo;
        Mon, 9 Oct 2023 09:14:40 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IFkb6gV/8rJC+7nvxZZJKoO0MXtoW3ZrILO6YcC+2tsm76B0rFzBWqN8RPTbYL8WEiueRZr
X-Received: by 2002:a05:6a20:3c9e:b0:13e:90aa:8c8b with SMTP id
 b30-20020a056a203c9e00b0013e90aa8c8bmr18910241pzj.4.1696868080149;
        Mon, 09 Oct 2023 09:14:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1696868080; cv=none;
        d=google.com; s=arc-20160816;
        b=bc03jZb2WjvvxiObLEGq+3wOFdHoNOJU8u4MEI6QhtYl9a8ybizkGLczNzMWsvfbAS
         2UVygUh+7lt7X09s5RcBgwVdsALcFTXOxhvTRIkpRG97BN/lufgD/UXwTMzyGdbXkWFc
         arDpDGTfXZhIxixbBA1NUd6jYDNMevvPP3/Z9f+sTvOguxAruxG9eDCm+CQWR8lpyUIx
         MSYxBqUsDnsAM0h1PcyhgE6CShCKlmb7bhkbPjLtEzAzDlK+fyoUWNara9HP4tUHr4tD
         ckyBa7eAXajaz6QNoRZd+zqZJvlECs3qtSEWG5R/b/TN1m0KHCQQ3Vur0NEBQjLfDsCd
         BGmw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=2oz2+J9eLTjHyn4qVA1tue5CmqKBSnkz6z7OJvEmTc0=;
        fh=fRduVGGcbGNLOU4DUo/BPZE9kW2AdZyQZjfnRZNvspU=;
        b=TOFLkokJu38UGgwWfWuOBZ2nYpwvSU07I4c+gZm/ptT9W3qlCHhYaxMlSNkS0T0vyu
         ULmWydv54id3NK7IZthYd3OMyd5sSSxEi6vE/8E4yFJe+3EbNai5gDAv396eoIPNKrVS
         By0wl+zeQd2hdSjwzmZ8hzlShP8UJ1sFnQZdqjTofH6mbR0QTkkmBMNeeLcjkeOktHvS
         WPP7pv2X8AhcBketQSxdkL4kEZb3VeK9RiK5Gmj+TqrjznyFDNUu5L5W78gJl3BOCz98
         bsCGVH3EKH3+h+BGUzx+POq7N7laW/W2VNHZv4WI6MeP4lElXFv5zyw1E4UuNvJMRRSh
         Q2sA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.37 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from snail.vger.email (snail.vger.email. [23.128.96.37])
        by mx.google.com with ESMTPS id
 c66-20020a633545000000b0056a19c7c2e5si9726609pga.361.2023.10.09.09.14.39
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 09 Oct 2023 09:14:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.37 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by snail.vger.email (Postfix) with ESMTP id 362FC801F757;
	Mon,  9 Oct 2023 09:14:39 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1377672AbjJIQOb (ORCPT <rfc822;ezelljr.billy@gmail.com>
        + 18 others); Mon, 9 Oct 2023 12:14:31 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44838 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1377121AbjJIQO0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 9 Oct 2023 12:14:26 -0400
Received: from mail-il1-f176.google.com (mail-il1-f176.google.com
 [209.85.166.176])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3B222D8;
        Mon,  9 Oct 2023 09:14:21 -0700 (PDT)
Received: by mail-il1-f176.google.com with SMTP id
 e9e14a558f8ab-3526c9c401aso15576715ab.1;
        Mon, 09 Oct 2023 09:14:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1696868061; x=1697472861;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=2oz2+J9eLTjHyn4qVA1tue5CmqKBSnkz6z7OJvEmTc0=;
        b=kHJhqvPwQU6jb5ZG0u1Az33HdKVJyFPDl5jiBUDtAUctOpU6Jq5UJLyj+uSJIHfTpg
         TJC9B8pITZ/qez3Y155oz6T/gZsMVmqyoqcJwp1JUc9wM/QwRKIxty8YSRAMhmqS2+yi
         n8xD7p1tt7vCsfaf65uTxJpf6MhS0zeyAHCd67inSxrUegE06eo3zSBKA5u7jhGUPt7U
         nXMEmiqyTePqtgKFEmPGzeKvvtOV/QmbPI727HN1/N0M2degSmvAe/F6XqEoEyOCP+sv
         JcmTjgwWIoKDTkGNxhPvm3bdlusmJixVyLefcRDfJUcTeo2tS66GU/Cchps2NTy/lDgj
         SXPA==
X-Gm-Message-State: AOJu0YzOHUPWQ86RwQlU93Ca7+h2ilYaX7ZvtATiuCxy0RqlKCI9I9lq
        nT402+haGDiB0kt+dl5E+kPB1pfZ78R4Aqit
X-Received: by 2002:a05:6e02:178f:b0:350:f0e6:a7c5 with SMTP id
 y15-20020a056e02178f00b00350f0e6a7c5mr10686419ilu.16.1696868060761;
        Mon, 09 Oct 2023 09:14:20 -0700 (PDT)
Received: from localhost (c-24-1-27-177.hsd1.il.comcast.net. [24.1.27.177])
        by smtp.gmail.com with ESMTPSA id
 dp19-20020a0566381c9300b0043a1a45a7b2sm2208240jab.62.2023.10.09.09.14.20
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 09 Oct 2023 09:14:20 -0700 (PDT)
From: David Vernet <void@manifault.com>
To: bpf@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
        martin.lau@linux.dev, song@kernel.org, yonghong.song@linux.dev,
        john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com,
        haoluo@google.com, jolsa@kernel.org, linux-kernel@vger.kernel.org,
        kernel-team@meta.com
Subject: [PATCH bpf-next 1/2] bpf: Fix verifier log for async callback return
 values
Date: Mon,  9 Oct 2023 11:14:13 -0500
Message-ID: <20231009161414.235829-1-void@manifault.com>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,
        FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
        RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
        autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
 not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]);
 Mon, 09 Oct 2023 09:14:39 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1779295143997115940
X-GMAIL-MSGID: 1779295143997115940

The verifier, as part of check_return_code(), verifies that async
callbacks such as from e.g. timers, will return 0. It does this by
correctly checking that R0->var_off is in tnum_const(0), which
effectively checks that it's in a range of 0. If this condition fails,
however, it prints an error message which says that the value should
have been in (0x0; 0x1). This results in possibly confusing output such
as the following in which an async callback returns 1:

At async callback the register R0 has value (0x1; 0x0) should have been
in (0x0; 0x1)

The fix is easy -- we should just pass the tnum_const(0) as the correct
range to verbose_invalid_scalar(), which will then print the following:

At async callback the register R0 has value (0x1; 0x0) should have been
in (0x0; 0x0)

Fixes: bfc6bb74e4f1 ("bpf: Implement verifier support for validation of async callbacks.")
Signed-off-by: David Vernet <void@manifault.com>
---
 kernel/bpf/verifier.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index eed7350e15f4..9093fb74c88e 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -14729,7 +14729,7 @@ static int check_return_code(struct bpf_verifier_env *env, int regno)
 	struct tnum enforce_attach_type_range = tnum_unknown;
 	const struct bpf_prog *prog = env->prog;
 	struct bpf_reg_state *reg;
-	struct tnum range = tnum_range(0, 1);
+	struct tnum range = tnum_range(0, 1), const_0 = tnum_const(0);
 	enum bpf_prog_type prog_type = resolve_prog_type(env->prog);
 	int err;
 	struct bpf_func_state *frame = env->cur_state->frame[0];
@@ -14777,8 +14777,8 @@ static int check_return_code(struct bpf_verifier_env *env, int regno)
 			return -EINVAL;
 		}
 
-		if (!tnum_in(tnum_const(0), reg->var_off)) {
-			verbose_invalid_scalar(env, reg, &range, "async callback", "R0");
+		if (!tnum_in(const_0, reg->var_off)) {
+			verbose_invalid_scalar(env, reg, &const_0, "async callback", "R0");
 			return -EINVAL;
 		}
 		return 0;