From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
bpf@vger.kernel.org, Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Benedict Schlueter <benedict.schlueter@rub.de>,
Piotr Krysiuk <piotras@gmail.com>,
Alexei Starovoitov <ast@kernel.org>,
Ovidiu Panait <ovidiu.panait@windriver.com>
Subject: [PATCH 4.19 04/11] bpf: Do not mark insn as seen under speculative path verification
Date: Fri, 13 Aug 2021 17:07:11 +0200 [thread overview]
Message-ID: <20210813150520.212635115@linuxfoundation.org> (raw)
In-Reply-To: <20210813150520.072304554@linuxfoundation.org>
From: Daniel Borkmann <daniel@iogearbox.net>
commit fe9a5ca7e370e613a9a75a13008a3845ea759d6e upstream.
... in such circumstances, we do not want to mark the instruction as seen given
the goal is still to jmp-1 rewrite/sanitize dead code, if it is not reachable
from the non-speculative path verification. We do however want to verify it for
safety regardless.
With the patch as-is all the insns that have been marked as seen before the
patch will also be marked as seen after the patch (just with a potentially
different non-zero count). An upcoming patch will also verify paths that are
unreachable in the non-speculative domain, hence this extension is needed.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Reviewed-by: Benedict Schlueter <benedict.schlueter@rub.de>
Reviewed-by: Piotr Krysiuk <piotras@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
[OP: - env->pass_cnt is not used in 4.19, so adjust sanitize_mark_insn_seen()
to assign "true" instead
- drop sanitize_insn_aux_data() comment changes, as the function is not
present in 4.19]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/verifier.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2901,6 +2901,19 @@ do_sim:
return !ret ? REASON_STACK : 0;
}
+static void sanitize_mark_insn_seen(struct bpf_verifier_env *env)
+{
+ struct bpf_verifier_state *vstate = env->cur_state;
+
+ /* If we simulate paths under speculation, we don't update the
+ * insn as 'seen' such that when we verify unreachable paths in
+ * the non-speculative domain, sanitize_dead_code() can still
+ * rewrite/sanitize them.
+ */
+ if (!vstate->speculative)
+ env->insn_aux_data[env->insn_idx].seen = true;
+}
+
static int sanitize_err(struct bpf_verifier_env *env,
const struct bpf_insn *insn, int reason,
const struct bpf_reg_state *off_reg,
@@ -5254,7 +5267,7 @@ static int do_check(struct bpf_verifier_
}
regs = cur_regs(env);
- env->insn_aux_data[env->insn_idx].seen = true;
+ sanitize_mark_insn_seen(env);
if (class == BPF_ALU || class == BPF_ALU64) {
err = check_alu_op(env, insn);
@@ -5472,7 +5485,7 @@ process_bpf_exit:
return err;
env->insn_idx++;
- env->insn_aux_data[env->insn_idx].seen = true;
+ sanitize_mark_insn_seen(env);
} else {
verbose(env, "invalid BPF_LD mode\n");
return -EINVAL;
next prev parent reply other threads:[~2021-08-13 15:14 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-13 15:07 [PATCH 4.19 00/11] 4.19.204-rc1 review Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 4.19 01/11] KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 4.19 02/11] tracing: Reject string operand in the histogram expression Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 4.19 03/11] bpf: Inherit expanded/patched seen count from old aux data Greg Kroah-Hartman
2021-08-13 15:07 ` Greg Kroah-Hartman [this message]
2021-08-13 15:07 ` [PATCH 4.19 05/11] bpf: Fix leakage under speculation on mispredicted branches Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 4.19 06/11] bpf, selftests: Adjust few selftest outcomes wrt unreachable code Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 4.19 07/11] KVM: X86: MMU: Use the correct inherited permissions to get shadow page Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 4.19 08/11] USB:ehci:fix Kunpeng920 ehci hardware problem Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 4.19 09/11] ppp: Fix generating ppp unit id when ifname is not specified Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 4.19 10/11] ovl: prevent private clone if bind mount is not allowed Greg Kroah-Hartman
2021-08-13 15:07 ` [PATCH 4.19 11/11] net: xilinx_emaclite: Do not print real IOMEM pointer Greg Kroah-Hartman
2021-08-13 23:25 ` [PATCH 4.19 00/11] 4.19.204-rc1 review Shuah Khan
2021-08-14 11:09 ` Sudip Mukherjee
2021-08-14 11:42 ` Naresh Kamboju
2021-08-14 18:15 ` Guenter Roeck
2021-08-15 19:50 ` Pavel Machek
2021-08-16 3:09 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210813150520.212635115@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ast@kernel.org \
--cc=benedict.schlueter@rub.de \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=john.fastabend@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ovidiu.panait@windriver.com \
--cc=piotras@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.