From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, "Björn Töpel" <bjorn.topel@gmail.com>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Luke Nelson" <luke.r.nels@gmail.com>,
"Sasha Levin" <sashal@kernel.org>
Subject: [PATCH 5.4 42/84] selftests/bpf: Avoid running unprivileged tests with alignment requirements
Date: Tue, 27 Feb 2024 14:27:09 +0100 [thread overview]
Message-ID: <20240227131554.242956588@linuxfoundation.org> (raw)
In-Reply-To: <20240227131552.864701583@linuxfoundation.org>
5.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Björn Töpel <bjorn.topel@gmail.com>
[ Upstream commit c77b0589ca29ad1859fe7d7c1ecd63c0632379fa ]
Some architectures have strict alignment requirements. In that case,
the BPF verifier detects if a program has unaligned accesses and
rejects them. A user can pass BPF_F_ANY_ALIGNMENT to a program to
override this check. That, however, will only work when a privileged
user loads a program. An unprivileged user loading a program with this
flag will be rejected prior entering the verifier.
Hence, it does not make sense to load unprivileged programs without
strict alignment when testing the verifier. This patch avoids exactly
that.
Signed-off-by: Björn Töpel <bjorn.topel@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Luke Nelson <luke.r.nels@gmail.com>
Link: https://lore.kernel.org/bpf/20201118071640.83773-3-bjorn.topel@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/bpf/test_verifier.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
index 43224c5ec1e9b..1bd285dc55e94 100644
--- a/tools/testing/selftests/bpf/test_verifier.c
+++ b/tools/testing/selftests/bpf/test_verifier.c
@@ -1091,6 +1091,19 @@ static void get_unpriv_disabled()
static bool test_as_unpriv(struct bpf_test *test)
{
+#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
+ /* Some architectures have strict alignment requirements. In
+ * that case, the BPF verifier detects if a program has
+ * unaligned accesses and rejects them. A user can pass
+ * BPF_F_ANY_ALIGNMENT to a program to override this
+ * check. That, however, will only work when a privileged user
+ * loads a program. An unprivileged user loading a program
+ * with this flag will be rejected prior entering the
+ * verifier.
+ */
+ if (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS)
+ return false;
+#endif
return !test->prog_type ||
test->prog_type == BPF_PROG_TYPE_SOCKET_FILTER ||
test->prog_type == BPF_PROG_TYPE_CGROUP_SKB;
--
2.43.0
next prev parent reply other threads:[~2024-02-27 14:24 UTC|newest]
Thread overview: 93+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-27 13:26 [PATCH 5.4 00/84] 5.4.270-rc1 review Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 01/84] KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 02/84] KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 03/84] net/sched: Retire CBQ qdisc Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 04/84] net/sched: Retire ATM qdisc Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 05/84] net/sched: Retire dsmark qdisc Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 06/84] sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 07/84] memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 08/84] nilfs2: replace WARN_ONs for invalid DAT metadata block requests Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 09/84] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 10/84] sched/rt: Fix sysctl_sched_rr_timeslice intial value Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 11/84] sched/rt: Disallow writing invalid values to sched_rt_period_us Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 12/84] scsi: target: core: Add TMF to tmr_list handling Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 13/84] dmaengine: shdma: increase size of dev_id Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 14/84] dmaengine: fsl-qdma: increase size of irq_name Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 15/84] wifi: cfg80211: fix missing interfaces when dumping Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 16/84] wifi: mac80211: fix race condition on enabling fast-xmit Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 17/84] fbdev: savage: Error out if pixclock equals zero Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 18/84] fbdev: sis: " Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 19/84] ahci: asm1166: correct count of reported ports Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 20/84] ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 21/84] ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 22/84] ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 23/84] regulator: pwm-regulator: Add validity checks in continuous .get_voltage Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 24/84] nvmet-tcp: fix nvme tcp ida memory leak Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 25/84] ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 26/84] netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 27/84] nvmet-fc: abort command when there is no binding Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 28/84] hwmon: (coretemp) Enlarge per package core count limit Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 29/84] scsi: lpfc: Use unsigned type for num_sge Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 30/84] firewire: core: send bus reset promptly on gap count error Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 31/84] virtio-blk: Ensure no requests in virtqueues before deleting vqs Greg Kroah-Hartman
2024-02-27 13:26 ` [PATCH 5.4 32/84] s390/qeth: Fix potential loss of L3-IP@ in case of network issues Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 33/84] pmdomain: renesas: r8a77980-sysc: CR7 must be always on Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 34/84] tcp: factor out __tcp_close() helper Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 35/84] tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 36/84] tcp: add annotations around sk->sk_shutdown accesses Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 37/84] pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 38/84] pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 39/84] driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set Greg Kroah-Hartman
2024-02-27 19:38 ` John Stultz
2024-02-28 7:07 ` Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 40/84] spi: mt7621: Fix an error message in mt7621_spi_probe() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 41/84] net: bridge: clear bridges private skb space on xmit Greg Kroah-Hartman
2024-02-27 13:27 ` Greg Kroah-Hartman [this message]
2024-02-27 13:27 ` [PATCH 5.4 43/84] ALSA: hda/realtek - Enable micmute LED on and HP system Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 44/84] Revert "drm/sun4i: dsi: Change the start delay calculation" Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 45/84] drm/amdgpu: Check for valid number of registers to read Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 46/84] x86/alternatives: Disable KASAN in apply_alternatives() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 47/84] dm-integrity: dont modify bios immutable bio_vec in integrity_metadata() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 48/84] iomap: Set all uptodate bits for an Uptodate page Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 49/84] drm/amdgpu: Fix type of second parameter in trans_msg() callback Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 50/84] arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 51/84] PCI: tegra: Fix reporting GPIO error value Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 52/84] PCI: tegra: Fix OF node reference leak Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 53/84] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 54/84] dm-crypt: dont modify the data when using authenticated encryption Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 55/84] gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 56/84] PCI/MSI: Prevent MSI hardware interrupt number truncation Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 57/84] l2tp: pass correct message length to ip6_append_data Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 58/84] ARM: ep93xx: Add terminator to gpiod_lookup_table Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 59/84] usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 60/84] usb: cdns3: fix memory double free when handle zero packet Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 61/84] usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 62/84] usb: roles: dont get/set_role() when usb_role_switch is unregistered Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 63/84] IB/hfi1: Fix a memleak in init_credit_return Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 64/84] RDMA/bnxt_re: Return error for SRQ resize Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 65/84] RDMA/srpt: Make debug output more detailed Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 66/84] RDMA/srpt: fix function pointer cast warnings Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 67/84] scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 68/84] bpf, scripts: Correct GPL license name Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 69/84] scsi: jazz_esp: Only build if SCSI core is builtin Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 70/84] nouveau: fix function cast warnings Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 71/84] ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 72/84] ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 73/84] afs: Increase buffer size in afs_update_volume_status() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 74/84] ipv6: sr: fix possible use-after-free and null-ptr-deref Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 75/84] packet: move from strlcpy with unused retval to strscpy Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 76/84] s390: use the correct count for __iowrite64_copy() Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 77/84] tls: rx: jump to a more appropriate label Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 78/84] tls: rx: drop pointless else after goto Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 79/84] tls: stop recv() if initial process_rx_list gave us non-DATA Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 80/84] netfilter: nf_tables: set dormant flag on hook register failure Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 81/84] drm/syncobj: make lockdep complain on WAIT_FOR_SUBMIT v3 Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 82/84] drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 83/84] fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio Greg Kroah-Hartman
2024-02-27 13:27 ` [PATCH 5.4 84/84] scripts/bpf: Fix xdp_md forward declaration typo Greg Kroah-Hartman
2024-02-27 18:26 ` [PATCH 5.4 00/84] 5.4.270-rc1 review Florian Fainelli
2024-02-28 13:38 ` Jon Hunter
2024-02-28 16:57 ` Shuah Khan
2024-02-28 17:20 ` Naresh Kamboju
2024-02-28 18:18 ` Harshit Mogalapalli
2024-02-29 10:57 ` Shreeya Patel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240227131554.242956588@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=andrii@kernel.org \
--cc=bjorn.topel@gmail.com \
--cc=luke.r.nels@gmail.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox