From patchwork Wed Oct 11 09:00:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hao Sun X-Patchwork-Id: 151230 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp395815vqb; Wed, 11 Oct 2023 02:03:13 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEH/t+OHVYzDjUXlkQbZOI/24mnkztwTdvEQspAEkIWyOHjj4EBzfffksWIvPhpw+DWRqNx X-Received: by 2002:a05:6a20:7d85:b0:163:57ba:2ad4 with SMTP id v5-20020a056a207d8500b0016357ba2ad4mr25088158pzj.2.1697014993341; Wed, 11 Oct 2023 02:03:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697014993; cv=none; d=google.com; s=arc-20160816; b=WxXhPHpT6jlTdNiLtpFJpOA4OMe4aqYxBICIyIY4nep3RY8P6LK7VuvQzxE/GQdR7I Pxv402/XZw1ZXo8e6/uG0OUgsZs2ignmSD+hzNmvxpy4A6oii3IzIIJWwRJSIZLgjB1i taBxRBa3dQ0R6wGQMQ9OwdCEgUt0mubt++GkX6AIPo/012/hY6nK0uKdPiKDUyA3foX/ HkL8Oj7FH4s8ClqhxG2GW3LuxkrYouvZr7pwfMHhPzTMFvsAjKIPhZBsScKjaPoPMuXh Q5TkT5tRwLRpS3CWlcxEXgbMP+qiWtsiFbGysGSp99x3Kk5NWZe6fFKZaC2UcUkHOz2Z JDYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=f24fRQOC4uNiaUVlL6gWGvPT3XEkaGKsCGt0d1J4olo=; fh=mXBL/m2WqL131Kw3M+zu1H8f4iBK/X/nYOAw26JNs+8=; b=YQCj6szLNPpkf2tRdP64A55Kwx/pDnZXBvJOdfOFCEQeNeXzrefPvxruRocvvtEJ9D y2BanwsGDtLaMw/Xe3LIPNhnoPDHjbbbigUH0KIZqZIF0CV2wmnbbjStzjf3xECdpJ9r pup7c8jClZvbpY/wSsLURakhv4xchaeLKkIap+qegPZOKR4U6RT2HsY8Fp9H1DWVO6jx mlKH4GEMNRCOcvmaYzmHyc1mngr/jxZnaPzXt5gS7yw+mv7qai0zT7fxU1dvqssdJm6E xJsxfRh5TIFNeq33Zd59/GaPzt+Fblt1aki4AuI835afHhm0yM/ahPNZUs2kiP2OUuyT Qkug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NpG1SIAa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id 26-20020a630f5a000000b005859e8c7c2dsi1560821pgp.639.2023.10.11.02.03.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Oct 2023 02:03:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NpG1SIAa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 32B6881130C9; Wed, 11 Oct 2023 02:03:08 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346119AbjJKJBp (ORCPT + 19 others); Wed, 11 Oct 2023 05:01:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51964 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230256AbjJKJBR (ORCPT ); Wed, 11 Oct 2023 05:01:17 -0400 Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43100B8; Wed, 11 Oct 2023 02:01:12 -0700 (PDT) Received: by mail-wr1-x42b.google.com with SMTP id ffacd0b85a97d-3248ac76acbso5792329f8f.1; Wed, 11 Oct 2023 02:01:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697014870; x=1697619670; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=f24fRQOC4uNiaUVlL6gWGvPT3XEkaGKsCGt0d1J4olo=; b=NpG1SIAaJfF5CBPsNL3ABYl4dEjz2howZX3rw3QPRsUGytN9mO7mFkQtaQ8K3TazIF oIWUPn0T9J8Lcz/rTcqJIItu/lktlGuI7eK77BHKVO/Xh0nJvVO4xybaHjuF6DbJC5wH vnxOe9AC4X7KK43e86BSsRTijhxBtfnAQPB0aKFwOnQPWpCyX8fliJsuOzReujMvxlA+ g34zy7lnmAqTX7879vjTsaZd4Bs6a0PDJ1W06elvgN4Uk1DcSsHqGKOQY969nKasC6kS wYVSuVkwrqViOy9QGXibPNZYm/NMNGO04cjet8e9I1dUPZpwwIpvqlPq2r7yFQdzUP/O J6Sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697014870; x=1697619670; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f24fRQOC4uNiaUVlL6gWGvPT3XEkaGKsCGt0d1J4olo=; b=DlmAxzPiNot8oHCNb/3Yl5gTSYe2oHoVl3qF2+rDk7SV2P64k7Ydyx7A57JnE549Mi 9P8DWeeMPd38xQm9ElN37SgwqdjLZyWQRPgcHkdVnLu2hln64tAlfbrbynmZ8Gst/CYo GwoVNft8bqcw+p7z8Lm9DKcb4v83cQcRq5BUt3JN9CCav1OG0E7Yj7LzDu0YJTi972wE 5CRTVIEm5Ad8AnY3u2uMYRy9qJmuZwqREA0EjNDKC1aWV48vEqvcqQRviw/tsXTpsO64 muWMiTiM/uxySmvW11hFqbfhsmBH7mQvm2JclN5FZaPtuh6vUgN8s0Ab0mMqHmTFP2w5 wFPg== X-Gm-Message-State: AOJu0YxS59fRuKHv/ehUFQBMZZk0/djry1vOPQU1v8douXEVVqT/J8ts jvvNFz8EloMtg6bGQzjd8w== X-Received: by 2002:a5d:6c69:0:b0:32c:eeee:d438 with SMTP id r9-20020a5d6c69000000b0032ceeeed438mr4254852wrz.54.1697014870092; Wed, 11 Oct 2023 02:01:10 -0700 (PDT) Received: from amdsuplus2.inf.ethz.ch (amdsuplus2.inf.ethz.ch. [129.132.31.88]) by smtp.gmail.com with ESMTPSA id e28-20020adfa45c000000b0032d892e70b4sm554100wra.37.2023.10.11.02.01.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Oct 2023 02:01:09 -0700 (PDT) From: Hao Sun Date: Wed, 11 Oct 2023 11:00:12 +0200 Subject: [PATCH bpf-next v3 1/3] bpf: Detect jumping to reserved code during check_cfg() MIME-Version: 1.0 Message-Id: <20231011-jmp-into-reserved-fields-v3-1-97d2aa979788@gmail.com> References: <20231011-jmp-into-reserved-fields-v3-0-97d2aa979788@gmail.com> In-Reply-To: <20231011-jmp-into-reserved-fields-v3-0-97d2aa979788@gmail.com> To: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Hao Sun X-Mailer: b4 0.12.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1697014868; l=2204; i=sunhao.th@gmail.com; s=20231009; h=from:subject:message-id; bh=7s+armAaYgTmOreMAmq1jM/+UHfkYy/CB5LBWoJG5Iw=; b=2JmzEYZ+jW5EuRoYwV8LO5vTobCF/hr7/JvRBRIxjqeRNiFvqhUCSds3+XZsFioYRH9g6xPy/ zB6WNafvlcTAn1hD/UEfkfB5z+yyyzMWkzsW6Q1xoeMh1M6bC4zHWb3 X-Developer-Key: i=sunhao.th@gmail.com; a=ed25519; pk=AHFxrImGtyqXOuw4f5xTNh4PGReb7hzD86ayyTZCXd4= X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_SBL_CSS, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 11 Oct 2023 02:03:08 -0700 (PDT) X-Spam-Level: ** X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779449193485052372 X-GMAIL-MSGID: 1779449193485052372 Currently, we don't check if the branch-taken of a jump is reserved code of ld_imm64. Instead, such a issue is captured in check_ld_imm(). The verifier gives the following log in such case: func#0 @0 0: R1=ctx(off=0,imm=0) R10=fp0 0: (18) r4 = 0xffff888103436000 ; R4_w=map_ptr(off=0,ks=4,vs=128,imm=0) 2: (18) r1 = 0x1d ; R1_w=29 4: (55) if r4 != 0x0 goto pc+4 ; R4_w=map_ptr(off=0,ks=4,vs=128,imm=0) 5: (1c) w1 -= w1 ; R1_w=0 6: (18) r5 = 0x32 ; R5_w=50 8: (56) if w5 != 0xfffffff4 goto pc-2 mark_precise: frame0: last_idx 8 first_idx 0 subseq_idx -1 mark_precise: frame0: regs=r5 stack= before 6: (18) r5 = 0x32 7: R5_w=50 7: BUG_ld_00 invalid BPF_LD_IMM insn Here the verifier rejects the program because it thinks insn at 7 is an invalid BPF_LD_IMM, but such a error log is not accurate since the issue is jumping to reserved code not because the program contains invalid insn. Therefore, make the verifier check the jump target during check_cfg(). For the same program, the verifier reports the following log: func#0 @0 jump to reserved code from insn 8 to 7 Signed-off-by: Hao Sun --- kernel/bpf/verifier.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index eed7350e15f4..725ac0b464cf 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -14980,6 +14980,7 @@ static int push_insn(int t, int w, int e, struct bpf_verifier_env *env, { int *insn_stack = env->cfg.insn_stack; int *insn_state = env->cfg.insn_state; + struct bpf_insn *insns = env->prog->insnsi; if (e == FALLTHROUGH && insn_state[t] >= (DISCOVERED | FALLTHROUGH)) return DONE_EXPLORING; @@ -14993,6 +14994,12 @@ static int push_insn(int t, int w, int e, struct bpf_verifier_env *env, return -EINVAL; } + if (e == BRANCH && insns[w].code == 0) { + verbose_linfo(env, t, "%d", t); + verbose(env, "jump to reserved code from insn %d to %d\n", t, w); + return -EINVAL; + } + if (e == BRANCH) { /* mark branch target for state pruning */ mark_prune_point(env, w); From patchwork Wed Oct 11 09:00:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hao Sun X-Patchwork-Id: 151225 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp395413vqb; Wed, 11 Oct 2023 02:02:31 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGl8fvA+7H4/Sb2JgQ6imVR0Z84YvBEhZnVO9hYKnGilp53niBZ2PLPF3oqVc1vRIm0igzK X-Received: by 2002:a05:6a20:8f02:b0:15c:b7bb:2bd9 with SMTP id b2-20020a056a208f0200b0015cb7bb2bd9mr24870880pzk.6.1697014951697; Wed, 11 Oct 2023 02:02:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697014951; cv=none; d=google.com; s=arc-20160816; b=GGKwl0cxVcZOYHrm9Ked62o8G3eX7vw528FwFWXp515KBDufvpl3E47CdjXbHDUL+J fbjs5/Rs2lSaiEbPH1CGs9dyUmFw8geALHhC8130Ag3rzuMJ25bM1nsnPIIyum+KyUhJ ujCAZQpF2z/0XkQxBlNSyCu46nmlNcN4LEZP8miEjUUc55HBx//qzYgXa5MRFzdklFR1 bI6B58qpJvqT4nsg/resLbKI8MiXDvDdZO06EOKz6CMbrbqIB7jpPYAi9BxD6IH4xAeH 3Hh5OC3ChUQ2fIGq+XTmO2450d8mM8Z+2nf8AilKFc9edYsgXz3SgQEJ1tUEj8pINIkL mp2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=Vbwy1DTa+xrXLdPgkHBhYG7WPtaZiV7ExMS9XxhnwBY=; fh=mXBL/m2WqL131Kw3M+zu1H8f4iBK/X/nYOAw26JNs+8=; b=ze6IIFLiBrmFrXJNwlxS0oAJl4iuJhoxfLfEpPSH505RR/0VzDZjMO5nkkzHBGOYz3 T2Xe7cVq2KEjLxyiOHUSlp+0FkLqyRPGtABYi0YmWP8NfjSlFeayddaxtDI4sDABq+nx OP3FkTlBofO2Q4joX4KeDrLdpc/5T0k1N/XVb8rfHj+AsgbFXjLQcgVfL9N7nPWbittN DmvBbduanIV8BOoFz/ljxIz/Z+ozvXgmL1vs4q2QJAw2OSgj/T0CB7WkpYF2H/WMBkY+ VRdm+Mhta/slfmmI6hVxSp255BkYjm2/6HTN5x6taCviAuhi9iSSFlNkLvR109PuwaoO Iatw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="EZjY6/1M"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from lipwig.vger.email (lipwig.vger.email. [23.128.96.33]) by mx.google.com with ESMTPS id d18-20020a17090ab31200b002790e9120ccsi16086028pjr.61.2023.10.11.02.02.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Oct 2023 02:02:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="EZjY6/1M"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id B6AE0822CB2A; Wed, 11 Oct 2023 02:02:29 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345872AbjJKJBt (ORCPT + 19 others); Wed, 11 Oct 2023 05:01:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51894 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230351AbjJKJBS (ORCPT ); Wed, 11 Oct 2023 05:01:18 -0400 Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E543DCC; Wed, 11 Oct 2023 02:01:12 -0700 (PDT) Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-40684f53bfcso60949565e9.0; Wed, 11 Oct 2023 02:01:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697014871; x=1697619671; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Vbwy1DTa+xrXLdPgkHBhYG7WPtaZiV7ExMS9XxhnwBY=; b=EZjY6/1Mid58ezIm0IykbSudocNNeUWwUfIrN5ROBf+GPoiPfQpdl1DUb2+OWoSqNd ukGrOqS9KGnenq2T2L8EJJyxQd6c2QXAN89RPWiNiv6AP1jVRvPFHUbT3fAuqft7vozx IboRGhyrfDmAwMsIDaxnKBHsi+Y3jzbb4WuOzd2xlTiQKZlUJVTdE2QeF85zlgx1FMHw 7j8ZQKHOYegd7kXWHDYhxVfIqF3ee/gaL61/GOd5CNHQMbrIkw0Hsi6HnpExk481oJcC VCL1syD96wNTxSzqR3YIrEDzM+Hn+CJy660oZq1FtdSKrURGfpWGNnJQ4WWvDbWfoErl ALhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697014871; x=1697619671; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Vbwy1DTa+xrXLdPgkHBhYG7WPtaZiV7ExMS9XxhnwBY=; b=Sg4qOotVBEY2ES1L/gi/ebtqBwtQ2ecYid9MtCUg9kl3rnJgeragugeNBap/zGPsTv CvhPytuZtVt+ynKOKGvEr7Ga89sNVnRqWhGnyk96pE0Vjs0i0n4Su9mlpp3QyyLV/Zv5 FCuCOSuFz+RXvNqUylz6D0WSYi9vRLZ5JuvZxQ6M/ADl0IaLKw74HWV/5SYzCuWtaYwR zPQzgajTqVGTK9ca2C75W34oNLN46szmvBVqK6EOnyV6KFrXjziTjy3kH6TSEsNmJsyX 8iSuxNYMcM1L0LrbWs8xl6rI4EmEGLVvUAI1ac5VNdIgduXK+B3W4gpxfJmnM1VonxuW q3Xw== X-Gm-Message-State: AOJu0Yzanwjhb/42KvQSzTha79SIMLQoicfbOOUsIUcWXK8HYsjibcYq Rryz7bVEbuERqdcgdFHF2w== X-Received: by 2002:a5d:4ccf:0:b0:32d:8183:d130 with SMTP id c15-20020a5d4ccf000000b0032d8183d130mr1919084wrt.38.1697014870955; Wed, 11 Oct 2023 02:01:10 -0700 (PDT) Received: from amdsuplus2.inf.ethz.ch (amdsuplus2.inf.ethz.ch. [129.132.31.88]) by smtp.gmail.com with ESMTPSA id e28-20020adfa45c000000b0032d892e70b4sm554100wra.37.2023.10.11.02.01.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Oct 2023 02:01:10 -0700 (PDT) From: Hao Sun Date: Wed, 11 Oct 2023 11:00:13 +0200 Subject: [PATCH bpf-next v3 2/3] bpf: Report internal error on incorrect ld_imm64 in check_ld_imm() MIME-Version: 1.0 Message-Id: <20231011-jmp-into-reserved-fields-v3-2-97d2aa979788@gmail.com> References: <20231011-jmp-into-reserved-fields-v3-0-97d2aa979788@gmail.com> In-Reply-To: <20231011-jmp-into-reserved-fields-v3-0-97d2aa979788@gmail.com> To: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Hao Sun X-Mailer: b4 0.12.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1697014868; l=1218; i=sunhao.th@gmail.com; s=20231009; h=from:subject:message-id; bh=NpK8w4p3AM1Yt2pHCIYFXt2HHedlpqbbEwnK3w779ho=; b=Z8LwFU+VSMfCVZLDofhXitGHupOoUYkUAP9EGZDsNsJ8Z/YBcEFwXm+z5A2K4P7h9KLrAeCfD 8hDC3GMdIRQBrq7pfiXNn+0dZI1DdPVr3QQ2xJU0Ii0TQLMDxkciGnB X-Developer-Key: i=sunhao.th@gmail.com; a=ed25519; pk=AHFxrImGtyqXOuw4f5xTNh4PGReb7hzD86ayyTZCXd4= X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_SBL_CSS, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Wed, 11 Oct 2023 02:02:29 -0700 (PDT) X-Spam-Level: ** X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779449150071932627 X-GMAIL-MSGID: 1779449150071932627 The verifier currently reports "invalid BPF_LD_IMM64 insn" if the size of ld_imm64 is not BPF_DW. The log is not accurate, bacause we already have bpf_code_in_insntable() check in resolve_pseudo_idimm64(), which guarantees the validity of insn code. If the verifier meets an invalid ld_imm64 in check_ld_imm(), then somewhere else in the verifier must be wrong. In such case, current log is confusing and does not reflect the right thing. Therefore, make the verifier report internal error. Signed-off-by: Hao Sun --- kernel/bpf/verifier.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 725ac0b464cf..d25838a2c430 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -14532,8 +14532,8 @@ static int check_ld_imm(struct bpf_verifier_env *env, struct bpf_insn *insn) int err; if (BPF_SIZE(insn->code) != BPF_DW) { - verbose(env, "invalid BPF_LD_IMM insn\n"); - return -EINVAL; + verbose(env, "verifier internal error: ld_imm64 size is not BPF_DW\n"); + return -EFAULT; } if (insn->off != 0) { verbose(env, "BPF_LD_IMM64 uses reserved fields\n"); From patchwork Wed Oct 11 09:00:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hao Sun X-Patchwork-Id: 151227 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:612c:2908:b0:403:3b70:6f57 with SMTP id ib8csp395477vqb; Wed, 11 Oct 2023 02:02:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGvw+/M7IkA8i8Ylw2FwOy2uxGrgipW4wTnya9MmujzDnzVB33HauTfLEovB/JsdL5C1DF2 X-Received: by 2002:a17:902:d2c1:b0:1c1:fbec:bc32 with SMTP id n1-20020a170902d2c100b001c1fbecbc32mr23051077plc.6.1697014957115; Wed, 11 Oct 2023 02:02:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697014957; cv=none; d=google.com; s=arc-20160816; b=KQRijMzMCugy4FtQcrM7ONr0oqWqZqa7YWz17nDqU2zegvdRsq9ycRGiRjuY58uBWd U7xRhrAU/Rp+ca39Y5/FyHqWn8GfvPRkPrvW0bpQ0/iKCcmM/6COL9LCNS0wkkv6/lax KW7Ncx0SqcTKJfNNieaAQmJ6c7AlblTsuCq2J4ai5nchszV1VJTEQU05Diwk0+kZr7pv BbwF60cBJwWnDCm0x1BelPVBhfkw8qGWQXw7ahj+mPDttfTPaX8RiVchXLUdpLqDdzli bXDuybj5SexofrQs3E2IMbf18rxNgCqy6r1uv/RPQ2uUFC42XoErdOYu8HIg3xFP38yT ek6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=5tEQZWkPMfvY8acdWT7VPDJUfmSEGoci9vBUKo7ObaE=; fh=mXBL/m2WqL131Kw3M+zu1H8f4iBK/X/nYOAw26JNs+8=; b=bIUpd03cYj3sfvXP5kE3YDeewYXkidrVZEyg4sUfOSZmfAv/hBQrGVulGdBAu8o8k9 OXHoVOPr0vxdJGyFeYBm4pm0hl4ol6vXllOvNiNpg56EMBQhye3zE1zPO7N02g5zJX1/ HxQ3E+yNKdU6HFolQv6Tu+84L/JKXz6Z6Wk6Z9KWOr9gX/ECnuGUtXO/m0+HuuLHXi6e PDeQXvLOiX8pQ1onYTM3vpgvEiUS8GjNClPmWFo6wrvuOWHzcffkbryFZrVTHJR3x3M4 35UZQq0dISLq6Q+M4u4hg3Utqi4lHzM0NdwcGkxp+Cz80pV8Iw5hTBwW2JdcGznL8X27 evOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=nfcG6iAn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id p7-20020a170902e74700b001c0cbaf6970si15064635plf.501.2023.10.11.02.02.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Oct 2023 02:02:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=nfcG6iAn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 42F3780234C4; Wed, 11 Oct 2023 02:02:26 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345978AbjJKJBw (ORCPT + 19 others); Wed, 11 Oct 2023 05:01:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51976 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345853AbjJKJBU (ORCPT ); Wed, 11 Oct 2023 05:01:20 -0400 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A0A3FBA; Wed, 11 Oct 2023 02:01:13 -0700 (PDT) Received: by mail-wm1-x32e.google.com with SMTP id 5b1f17b1804b1-405505b07dfso4056945e9.0; Wed, 11 Oct 2023 02:01:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697014872; x=1697619672; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=5tEQZWkPMfvY8acdWT7VPDJUfmSEGoci9vBUKo7ObaE=; b=nfcG6iAnCzPaWTSXUNHeDJFtqqLEuZdb46vV2DQxJRq2eMTBDoaGQ+sPAeU4HAaXRj s+yRxZJb/a0ivGfiv0nhdzoDGLKac2XCdQB5ZEQyTHiuMUu4hECIbhTsiK9ZRkwePs1B JR2AksDhUNR0nYty/6eubhSFqZmmpPbRvqOZ0/l7P3Cn+0/M9ibXjGOXrFpjFGTfi6Eg ecWsgv4v+L/hwcopbgQZqFKmvlPBS5fIHafwuOgVO/uSrWKwFJntCdoQBJWJnuwtkTdq G7fmrUYhmkyt+6eO6Xt9DccqbcmLnN8hYXn8fXjfLza+p5dkkT2NWElPJ8e5y/nQpwv4 RBrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697014872; x=1697619672; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5tEQZWkPMfvY8acdWT7VPDJUfmSEGoci9vBUKo7ObaE=; b=kILZAFsopc9q1ZQ9hDM1A1HPRJzZV4kfW96AJoS48uXrAVijkkZ1kaNqn3SB15tTyM EgehJIVF8J5EjvcNFGjZTfU6o+xs2D4SyzyVf6JJ0gcTtbVxMIr7G0Wu/vsCE7UsN8hn Q+c2S1SVZ/RRazCFxUwIRQ/Ya2HBXVERwdjzGpipo12LxLKS4eRbwxHrvQsMhVqUby+a ReyhCmhiPWsdOq/eUNl9apY8KdbpLdm9FVsrL0bnwdIbuMheviU8VIBIV70vDe396oHG Oadda/M5vSvvPsjn8mABwVSR/s9JMf8NrkcFutS4GuLV5KFXCPZz/e47d1/q5qpYQO8t sQ9Q== X-Gm-Message-State: AOJu0YwycjKj8a9Y1ytjz1gLskelG4PD2vUmFGbPxGPFNw+mxzVg7gnS EddOxmnP7ruYWtNwMB8OTQ== X-Received: by 2002:a5d:6048:0:b0:320:6d6:315b with SMTP id j8-20020a5d6048000000b0032006d6315bmr15353783wrt.29.1697014871970; Wed, 11 Oct 2023 02:01:11 -0700 (PDT) Received: from amdsuplus2.inf.ethz.ch (amdsuplus2.inf.ethz.ch. [129.132.31.88]) by smtp.gmail.com with ESMTPSA id e28-20020adfa45c000000b0032d892e70b4sm554100wra.37.2023.10.11.02.01.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Oct 2023 02:01:11 -0700 (PDT) From: Hao Sun Date: Wed, 11 Oct 2023 11:00:14 +0200 Subject: [PATCH bpf-next v3 3/3] bpf: Adapt and add tests for detecting jump to reserved code MIME-Version: 1.0 Message-Id: <20231011-jmp-into-reserved-fields-v3-3-97d2aa979788@gmail.com> References: <20231011-jmp-into-reserved-fields-v3-0-97d2aa979788@gmail.com> In-Reply-To: <20231011-jmp-into-reserved-fields-v3-0-97d2aa979788@gmail.com> To: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Hao Sun X-Mailer: b4 0.12.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1697014868; l=1323; i=sunhao.th@gmail.com; s=20231009; h=from:subject:message-id; bh=N0h3pju8Lq5TulbCouToc5niZOBTvwsgt1HbEhNoYvI=; b=G/m6j8CrPTnWXF8rupUB1VRJ4E/DsmpanWHsgShBwpKp3EVcWmiQx2xJE5Xh6W2yssJPankl4 aJ8gXFa84KLCxp+hU3VUCv05Fuyb12wZJNbYgRCwVsjBwaOQp0QXrOI X-Developer-Key: i=sunhao.th@gmail.com; a=ed25519; pk=AHFxrImGtyqXOuw4f5xTNh4PGReb7hzD86ayyTZCXd4= X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_SBL_CSS, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Wed, 11 Oct 2023 02:02:26 -0700 (PDT) X-Spam-Level: ** X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1779449155622450228 X-GMAIL-MSGID: 1779449155622450228 Adapt errstr of existing tests to make them pass, and add a new case to test backward jump to reserved code. Signed-off-by: Hao Sun --- tools/testing/selftests/bpf/verifier/ld_imm64.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/bpf/verifier/ld_imm64.c b/tools/testing/selftests/bpf/verifier/ld_imm64.c index f9297900cea6..aa3ada0062d9 100644 --- a/tools/testing/selftests/bpf/verifier/ld_imm64.c +++ b/tools/testing/selftests/bpf/verifier/ld_imm64.c @@ -9,8 +9,7 @@ BPF_MOV64_IMM(BPF_REG_0, 2), BPF_EXIT_INSN(), }, - .errstr = "invalid BPF_LD_IMM insn", - .errstr_unpriv = "R1 pointer comparison", + .errstr = "jump to reserved code", .result = REJECT, }, { @@ -23,8 +22,7 @@ BPF_LD_IMM64(BPF_REG_0, 1), BPF_EXIT_INSN(), }, - .errstr = "invalid BPF_LD_IMM insn", - .errstr_unpriv = "R1 pointer comparison", + .errstr = "jump to reserved code", .result = REJECT, }, { @@ -144,3 +142,13 @@ .errstr = "unrecognized bpf_ld_imm64 insn", .result = REJECT, }, +{ + "test15 ld_imm64", + .insns = { + BPF_LD_IMM64(BPF_REG_0, 0), + BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, -2), + BPF_EXIT_INSN(), + }, + .errstr = "jump to reserved code", + .result = REJECT, +},