From: Andrii Nakryiko <andrii@kernel.org>
To: <bpf@vger.kernel.org>, <ast@kernel.org>, <daniel@iogearbox.net>,
<martin.lau@kernel.org>
Cc: <andrii@kernel.org>, <kernel-team@meta.com>
Subject: [PATCH bpf-next 03/10] bpf: enforce precision of R0 on callback return
Date: Tue, 21 Nov 2023 17:16:49 -0800 [thread overview]
Message-ID: <20231122011656.1105943-4-andrii@kernel.org> (raw)
In-Reply-To: <20231122011656.1105943-1-andrii@kernel.org>
Given verifier checks actual value, r0 has to be precise, so we need to
propagate precision properly. r0 also has to be marked as read,
otherwise subsequent state comparisons will ignore such register as
unimportant and precision won't really help here.
Fixes: 69c087ba6225 ("bpf: Add bpf_for_each_map_elem() helper")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
---
kernel/bpf/verifier.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index a921dba4f603..b227f23e063d 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -9493,6 +9493,13 @@ static int prepare_func_exit(struct bpf_verifier_env *env, int *insn_idx)
verbose(env, "R0 not a scalar value\n");
return -EACCES;
}
+
+ /* we are going to rely on register's precise value */
+ err = mark_reg_read(env, r0, r0->parent, REG_LIVE_READ64);
+ err = err ?: mark_chain_precision(env, BPF_REG_0);
+ if (err)
+ return err;
+
if (!tnum_in(range, r0->var_off)) {
verbose_invalid_scalar(env, r0, &range, "callback return", "R0");
return -EINVAL;
--
2.34.1
next prev parent reply other threads:[~2023-11-22 1:17 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-22 1:16 [PATCH bpf-next 00/10] BPF verifier retval logic fixes Andrii Nakryiko
2023-11-22 1:16 ` [PATCH bpf-next 01/10] bpf: rearrange bpf_func_state fields to save a bit of memory Andrii Nakryiko
2023-11-22 15:12 ` Eduard Zingerman
2023-11-22 1:16 ` [PATCH bpf-next 02/10] bpf: provide correct register name for exception callback retval check Andrii Nakryiko
2023-11-22 15:12 ` Eduard Zingerman
2023-11-23 1:44 ` Alexei Starovoitov
2023-11-24 3:39 ` Andrii Nakryiko
2023-11-22 1:16 ` Andrii Nakryiko [this message]
2023-11-22 15:12 ` [PATCH bpf-next 03/10] bpf: enforce precision of R0 on callback return Eduard Zingerman
2023-11-22 1:16 ` [PATCH bpf-next 04/10] bpf: enforce exact retval range on subprog/callback exit Andrii Nakryiko
2023-11-22 15:13 ` Eduard Zingerman
2023-11-22 17:45 ` Andrii Nakryiko
2023-11-27 10:55 ` Shung-Hsi Yu
2023-11-27 18:19 ` Andrii Nakryiko
2023-11-22 1:16 ` [PATCH bpf-next 05/10] selftests/bpf: add selftest validating callback result is enforced Andrii Nakryiko
2023-11-22 15:13 ` Eduard Zingerman
2023-11-22 17:46 ` Andrii Nakryiko
2023-11-22 1:16 ` [PATCH bpf-next 06/10] bpf: enforce precise retval range on program exit Andrii Nakryiko
2023-11-22 15:13 ` Eduard Zingerman
2023-11-22 1:16 ` [PATCH bpf-next 07/10] bpf: unify async callback and program retval checks Andrii Nakryiko
2023-11-22 15:13 ` Eduard Zingerman
2023-11-22 1:16 ` [PATCH bpf-next 08/10] bpf: enforce precision of R0 on program/async callback return Andrii Nakryiko
2023-11-22 15:13 ` Eduard Zingerman
2023-11-22 1:16 ` [PATCH bpf-next 09/10] selftests/bpf: validate async callback return value check correctness Andrii Nakryiko
2023-11-22 15:13 ` Eduard Zingerman
2023-11-22 1:16 ` [PATCH bpf-next 10/10] selftests/bpf: adjust global_func15 test to validate prog exit precision Andrii Nakryiko
2023-11-22 15:13 ` Eduard Zingerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231122011656.1105943-4-andrii@kernel.org \
--to=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@meta.com \
--cc=martin.lau@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox