[PATCH bpf-next] libbpf: Fix overflow detection when dumping bitfields

BPF List
 help / color / mirror / Atom feed

* [PATCH bpf-next] libbpf: Fix overflow detection when dumping bitfields
@ 2023-04-28 15:50 Ilya Leoshkevich
  2023-04-28 17:30 ` Yonghong Song
  0 siblings, 1 reply; 2+ messages in thread
From: Ilya Leoshkevich @ 2023-04-28 15:50 UTC (permalink / raw)
  To: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko
  Cc: bpf, Heiko Carstens, Vasily Gorbik, Alexander Gordeev,
	Ilya Leoshkevich

btf_dump test fails on s390x with the following error:

    unexpected return value dumping fs_context: actual -7 != expected 280

This happens when processing the fs_context.phase member: its type size
is 4, but there are less bytes left until the end of the struct. The
problem is that btf_dump_type_data_check_overflow() does not handle
bitfields.

Add bitfield support; make sure that byte boundaries, which are
computed from bit boundaries, are rounded up.

Fixes: 920d16af9b42 ("libbpf: BTF dumper support for typed data")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tools/lib/bpf/btf_dump.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/tools/lib/bpf/btf_dump.c b/tools/lib/bpf/btf_dump.c
index 580985ee5545..f8b538e8d753 100644
--- a/tools/lib/bpf/btf_dump.c
+++ b/tools/lib/bpf/btf_dump.c
@@ -2250,9 +2250,11 @@ static int btf_dump_type_data_check_overflow(struct btf_dump *d,
 					     const struct btf_type *t,
 					     __u32 id,
 					     const void *data,
-					     __u8 bits_offset)
+					     __u8 bits_offset,
+					     __u8 bit_sz)
 {
 	__s64 size = btf__resolve_size(d->btf, id);
+	const void *end;
 
 	if (size < 0 || size >= INT_MAX) {
 		pr_warn("unexpected size [%zu] for id [%u]\n",
@@ -2280,7 +2282,11 @@ static int btf_dump_type_data_check_overflow(struct btf_dump *d,
 	case BTF_KIND_PTR:
 	case BTF_KIND_ENUM:
 	case BTF_KIND_ENUM64:
-		if (data + bits_offset / 8 + size > d->typed_dump->data_end)
+		if (bit_sz)
+			end = data + (bits_offset + bit_sz + 7) / 8;
+		else
+			end = data + (bits_offset + 7) / 8 + size;
+		if (end > d->typed_dump->data_end)
 			return -E2BIG;
 		break;
 	default:
@@ -2407,7 +2413,7 @@ static int btf_dump_dump_type_data(struct btf_dump *d,
 {
 	int size, err = 0;
 
-	size = btf_dump_type_data_check_overflow(d, t, id, data, bits_offset);
+	size = btf_dump_type_data_check_overflow(d, t, id, data, bits_offset, bit_sz);
 	if (size < 0)
 		return size;
 	err = btf_dump_type_data_check_zero(d, t, id, data, bits_offset, bit_sz);
-- 
2.40.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH bpf-next] libbpf: Fix overflow detection when dumping bitfields
  2023-04-28 15:50 [PATCH bpf-next] libbpf: Fix overflow detection when dumping bitfields Ilya Leoshkevich
@ 2023-04-28 17:30 ` Yonghong Song
  0 siblings, 0 replies; 2+ messages in thread
From: Yonghong Song @ 2023-04-28 17:30 UTC (permalink / raw)
  To: Ilya Leoshkevich, Alexei Starovoitov, Daniel Borkmann,
	Andrii Nakryiko
  Cc: bpf, Heiko Carstens, Vasily Gorbik, Alexander Gordeev



On 4/28/23 8:50 AM, Ilya Leoshkevich wrote:
> btf_dump test fails on s390x with the following error:
> 
>      unexpected return value dumping fs_context: actual -7 != expected 280
> 
> This happens when processing the fs_context.phase member: its type size
> is 4, but there are less bytes left until the end of the struct. The
> problem is that btf_dump_type_data_check_overflow() does not handle
> bitfields.
> 
> Add bitfield support; make sure that byte boundaries, which are
> computed from bit boundaries, are rounded up.

Ilya, Martin has submitted a patch yesterday to fix the issue:
 
https://lore.kernel.org/bpf/20230428013638.1581263-1-martin.lau@linux.dev/

> 
> Fixes: 920d16af9b42 ("libbpf: BTF dumper support for typed data")
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>   tools/lib/bpf/btf_dump.c | 12 +++++++++---
>   1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/tools/lib/bpf/btf_dump.c b/tools/lib/bpf/btf_dump.c
> index 580985ee5545..f8b538e8d753 100644
> --- a/tools/lib/bpf/btf_dump.c
> +++ b/tools/lib/bpf/btf_dump.c
> @@ -2250,9 +2250,11 @@ static int btf_dump_type_data_check_overflow(struct btf_dump *d,
>   					     const struct btf_type *t,
>   					     __u32 id,
>   					     const void *data,
> -					     __u8 bits_offset)
> +					     __u8 bits_offset,
> +					     __u8 bit_sz)
>   {
>   	__s64 size = btf__resolve_size(d->btf, id);
> +	const void *end;
>   
>   	if (size < 0 || size >= INT_MAX) {
>   		pr_warn("unexpected size [%zu] for id [%u]\n",
> @@ -2280,7 +2282,11 @@ static int btf_dump_type_data_check_overflow(struct btf_dump *d,
>   	case BTF_KIND_PTR:
>   	case BTF_KIND_ENUM:
>   	case BTF_KIND_ENUM64:
> -		if (data + bits_offset / 8 + size > d->typed_dump->data_end)
> +		if (bit_sz)
> +			end = data + (bits_offset + bit_sz + 7) / 8;
> +		else
> +			end = data + (bits_offset + 7) / 8 + size;
> +		if (end > d->typed_dump->data_end)
>   			return -E2BIG;
>   		break;
>   	default:
> @@ -2407,7 +2413,7 @@ static int btf_dump_dump_type_data(struct btf_dump *d,
>   {
>   	int size, err = 0;
>   
> -	size = btf_dump_type_data_check_overflow(d, t, id, data, bits_offset);
> +	size = btf_dump_type_data_check_overflow(d, t, id, data, bits_offset, bit_sz);
>   	if (size < 0)
>   		return size;
>   	err = btf_dump_type_data_check_zero(d, t, id, data, bits_offset, bit_sz);

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-04-28 17:31 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-28 15:50 [PATCH bpf-next] libbpf: Fix overflow detection when dumping bitfields Ilya Leoshkevich
2023-04-28 17:30 ` Yonghong Song

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox