Re: [PATCH bpf v2 1/2] bpf: fix accesses to uninit stack slots

BPF List
 help / color / mirror / Atom feed

From: Eduard Zingerman <eddyz87@gmail.com>
To: Andrei Matei <andreimatei1@gmail.com>,
	bpf@vger.kernel.org,  andrii.nakryiko@gmail.com
Cc: sunhao.th@gmail.com, kernel-team@dataexmachina.dev
Subject: Re: [PATCH bpf v2 1/2] bpf: fix accesses to uninit stack slots
Date: Tue, 28 Nov 2023 16:14:24 +0200	[thread overview]
Message-ID: <fb6dcf08ac74a21da7ed5c20582d24df4184f535.camel@gmail.com> (raw)
In-Reply-To: <2facccd4023ee77059fe483e0b1a21f6ef36e16e.camel@gmail.com>

On Tue, 2023-11-28 at 03:33 +0200, Eduard Zingerman wrote:
[...]
> Also, I think there are some tests that do oob stack read in branches
> that should be proven unreachable, with expectation that if certain
> verifier logic does not work as expected stack access would serve as a
> canary. Have no idea how to identify these tests, though.

I looked through all test cases I ever added (not so many) and it
seems that only one test case should be updated:

diff --git a/tools/testing/selftests/bpf/progs/iters.c b/tools/testing/selftests/bpf/progs/iters.c
index b2181f850d3e..3aca3dc145b5 100644
--- a/tools/testing/selftests/bpf/progs/iters.c
+++ b/tools/testing/selftests/bpf/progs/iters.c
@@ -846,7 +846,7 @@ __naked int delayed_precision_mark(void)
                "call %[bpf_iter_num_next];"
                "if r0 == 0 goto 2f;"
                "if r6 != 42 goto 3f;"
-               "r7 = -32;"
+               "r7 = -33;"
                "call %[bpf_get_prandom_u32];"
                "r6 = r0;"
                "goto 1b;\n"

Here oob access is replaced by unaligned, this does not affect error
message, but should be future proof in case if widening logic would
get smarter.

next prev parent reply	other threads:[~2023-11-28 14:14 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-26  1:50 [PATCH bpf v2 0/2] bpf: fix accesses to uninit stack slots Andrei Matei
2023-11-26  1:50 ` [PATCH bpf v2 1/2] " Andrei Matei
2023-11-28  1:33   ` Eduard Zingerman
2023-11-28  1:43     ` Eduard Zingerman
2023-11-28 14:14     ` Eduard Zingerman [this message]
2023-11-29  6:05   ` Andrii Nakryiko
2023-11-29 16:48     ` Andrei Matei
2023-11-29 23:54       ` Andrii Nakryiko
2023-12-02 22:41         ` Andrei Matei
2023-11-26  1:50 ` [PATCH bpf v2 2/2] bpf: new verifier tests for stack access Andrei Matei
2023-11-28  1:23   ` Eduard Zingerman
2023-11-28  3:15     ` Andrei Matei
2023-11-28 12:55       ` Eduard Zingerman
2023-11-29  6:12         ` Andrii Nakryiko

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b2181f850d3 dfblob:3aca3dc145b )
 OR (
bs:"Re: [PATCH bpf v2 1/2] bpf: fix accesses to uninit stack slots" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fb6dcf08ac74a21da7ed5c20582d24df4184f535.camel@gmail.com \
    --to=eddyz87@gmail.com \
    --cc=andreimatei1@gmail.com \
    --cc=andrii.nakryiko@gmail.com \
    --cc=bpf@vger.kernel.org \
    --cc=kernel-team@dataexmachina.dev \
    --cc=sunhao.th@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox