From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-yw1-f176.google.com (mail-yw1-f176.google.com [209.85.128.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 44A1A42CAFA for ; Mon, 6 Jul 2026 12:32:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.176 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783341133; cv=none; b=owxAjsU/wED/ttUmrvAWaTspqrma6/1w9ef5V4bHnnJvRvIxl8Ei2kHL4E19Td+Mqve44NjEUh3hlYBbdrrIeZQIUz+RS6RWHFzv2GkwDFpzkjY7a+GIkdxac+aVZqEtS7AimrLj2ghzKZgS5DpTjmixWjIp7BlYLMRv5GnUbM4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783341133; c=relaxed/simple; bh=jK4ZlhYedd4DEg6MSR/LED1W882a6z/xcp0Bv8UCfCU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=dEYCMu280C9PI2WblPif/K4cJaSC0QgelwF3e5tGpJkjW8W6m7utdSlngv81Sj9IA5eQ7C2Zm2dpbqHgSFJ7r56QQxW9CaxK+KKbPEc6lQqCEJLm/wbFh8oonO9nPCafRWiv2HejsUQmosOaootd+YU2WyAH1GYo6s+LGGVsX0g= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=E18WooU1; arc=none smtp.client-ip=209.85.128.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="E18WooU1" Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-80e24970f1dso24320937b3.0 for ; Mon, 06 Jul 2026 05:32:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1783341125; x=1783945925; darn=vger.kernel.org; h=in-reply-to:content-disposition:content-type:mime-version :references:message-id:subject:cc:to:from:date:from:to:cc:subject :date:message-id:reply-to:content-type; bh=vY6rzYAt+ZQcO2ZDLPVLwSbWNgumvFKyf8BqCln01Do=; b=E18WooU1SZSlTPxCokaGlaqlqgKjf3ediTexgb90kr/pPsjkxPxOPJ57v8hOI7UVFq r1ky4BUbth+UoIL+1HlhHxASShqLG7l/8BywXApvNuhyZIpyHVv+E39YOedO+YMy16jC OoIiRZs6hhRg7THDRccpDtFE7E7ewkVof4Mhc0dI1TMXpZiNEVTLtFXSqXLlj9NRmyQE Mbz0a5vKBA5LPQRAUMldqjMafugIyGgujwIBPUHqwGrtFC1/gXMcUW+z9OsG8gLJwfJT smHRALzwniYnkv6xTZ0jrNo6+y4PkHmmYET3b834xVGKj4gQnmsMzUnS31FAwzl2YiV4 ioiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783341125; x=1783945925; h=in-reply-to:content-disposition:content-type:mime-version :references:message-id:subject:cc:to:from:date:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to :content-type; bh=vY6rzYAt+ZQcO2ZDLPVLwSbWNgumvFKyf8BqCln01Do=; b=b1Bq8UjxoqzQei3W8lwsudhA3g1k36nN0xytL6Nt4pqtjT8nrxjVF9cU43u5ChmfVX dqkCspMLlVVI1jAIAYP7CgpV/25EVGmO9aLfJsJBmW2DkaiIpSmbAyc0UnpvfCivPWdU pbR9VAODeDlyYMBN+8QT2v1LBxpYa1STbvrnWBreOAf272GM2jxPY7JdB5I/fQIcNIRp 61Y7CSEjj9oSMDdsUmURfcJ43jddjha/GlIMeW0zb0Gm3ZIdAH9GkIJ2v8ofwivjF6s0 /RJAgc4Eikxun/6o6R72XUxIUbLl2RYI8194XdaEIgkhOS68cKNQ+uNtuFlvjIR8Bnof SI9A== X-Forwarded-Encrypted: i=1; AHgh+Rq4OV6Xg3MFHNGO0tEAoy6HVVPXeMH7ts0QnDJUje0Lo41CgTNdCLROQvl9WysCIb5Nc9MmNOh3ih/M3RE=@vger.kernel.org X-Gm-Message-State: AOJu0Yz8nbvqEuuxm/EQqITEVkPR8cJjAE29tXBTsc2ne8fW6TEl0Vvu mG5gUB5ukUZI6C98dkYHQqoSNGcjrndKPv+iX8IzfhWQs+f+3gl3PaFx X-Gm-Gg: AfdE7clFETCI4rYPDDfO80E+sfHmcWG1u2chwPNUxD4gUS4VcVhtq/WwBzbAFvM0WLR HGw9A7htr25wv3YAOkun1xd8RJH9r/XfG11Bg6TC68SMusV1Um+vzSs576OpG0oBdN9V56T+K+3 zNdq8ClgVi1HJuA8jKBJQkJDxWZb5+lP2MYW9lksiMXsePoBXAA1aPIBB8KpvqsDbZrW7eJqYHA okkgD9OFNKKgQhhopGoZHRrfre2Uch5dod7W8Tz8uu5nj0vQfI3n/DTl4WJ6lsdybFMpjybZBEC ZkcMKbtaNrm/6WX6ej7VxtDyVfDSp+yiXh6PIyEDSE8aDGICLSkgd0tcOCtWzvzIjutYUdKi/Bb agd1+5uQ2C/SN6vfMENHHh6Yhc7/uAYXWXIjpgNagkD08K5raytdNnd4Vcdf4j6d22PS90RpAYy hRuGE2HB5Jl+ZMoyZltdCHcPhDyZcjy82wNDNZL+N1+MYTq8I= X-Received: by 2002:a05:690c:6013:b0:80c:de1d:3154 with SMTP id 00721157ae682-81be26662eamr156487b3.35.1783341125333; Mon, 06 Jul 2026 05:32:05 -0700 (PDT) Received: from computer ([2405:201:d015:d26b:41c5:151e:6e02:36c7]) by smtp.gmail.com with ESMTPSA id 00721157ae682-81be1d3c4f8sm148277b3.14.2026.07.06.05.32.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Jul 2026 05:32:05 -0700 (PDT) Date: Mon, 6 Jul 2026 18:01:56 +0530 From: Varun R Mallya To: Guangshuo Li Cc: Andrii Nakryiko , Eduard Zingerman , Alexei Starovoitov , Daniel Borkmann , Kumar Kartikeya Dwivedi , Martin KaFai Lau , Song Liu , Yonghong Song , Jiri Olsa , Emil Tsalapatis , bpf@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] libbpf: Limit bitfield dump reads to checked bytes Message-ID: References: <20260706023632.625353-1-lgs201920130244@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260706023632.625353-1-lgs201920130244@gmail.com> On Mon, Jul 06, 2026 at 10:36:32AM +0800, Guangshuo Li wrote: > btf_dump_get_bitfield_value() bounds-checks the number of bytes covered > by the bitfield, but the value-building loops read the full backing type > size. For narrow bitfields this can read past the checked range. > > Checking the full backing type size is too strict for packed bitfields. > For example, a packed structure can contain an 8-bit field backed by an > int type whose BTF size is 4, while the actual object bytes covering the > field are only 1 byte. > > Keep the bounds check based on the bytes covered by the field, and make > the value-building loops consume the same checked byte range. Preserve > the full-size read for the non-bitfield path used by unaligned enum > values. This seems like it's heading in the correct direction, but to justify a change here, could you provide examples that can break the older implementation, if possible, with an ASAN report ? If it's not really possible to craft something like that, then this would be an unnecessary change. > Fixes: 5714ca8cba5e ("libbpf: Fix OOB read in btf_dump_get_bitfield_value") > Signed-off-by: Guangshuo Li > --- > v2: > - Do not check the full backing type size, as it rejects valid packed > bitfields. > - Limit the value-building loops to the checked byte range instead. > - Preserve the non-bitfield path used for unaligned enum values. > > tools/lib/bpf/btf_dump.c | 22 +++++++++++++--------- > 1 file changed, 13 insertions(+), 9 deletions(-) > > diff --git a/tools/lib/bpf/btf_dump.c b/tools/lib/bpf/btf_dump.c > index cc1ba65bb6c5..5d185f7961ff 100644 > --- a/tools/lib/bpf/btf_dump.c > +++ b/tools/lib/bpf/btf_dump.c > @@ -1766,17 +1766,21 @@ static int btf_dump_get_bitfield_value(struct btf_dump *d, > __u64 num = 0; > int i; > > - /* Calculate how many bytes cover the bitfield */ > - start_bit = bits_offset % 8; > - nr_bytes = (start_bit + bit_sz + 7) / 8; > + if (bit_sz) { > + /* Calculate how many bytes cover the bitfield */ > + start_bit = bits_offset % 8; > + nr_bytes = (start_bit + bit_sz + 7) / 8; > + } else { > + nr_bytes = t->size; > + } > > /* Bound check */ > if (data + nr_bytes > d->typed_dump->data_end) > return -E2BIG; > > /* Maximum supported bitfield size is 64 bits */ > - if (t->size > 8) { > - pr_warn("unexpected bitfield size %d\n", t->size); > + if (nr_bytes < 1 || nr_bytes > 8) { > + pr_warn("unexpected bitfield size %d\n", nr_bytes); > return -EINVAL; > } > > @@ -1784,13 +1788,13 @@ static int btf_dump_get_bitfield_value(struct btf_dump *d, > * stored in num, then we left/right shift num to eliminate irrelevant bits. > */ > #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ > - for (i = t->size - 1; i >= 0; i--) > + for (i = nr_bytes - 1; i >= 0; i--) > num = num * 256 + bytes[i]; > - nr_copy_bits = bit_sz + bits_offset; > + nr_copy_bits = bit_sz ? bit_sz + bits_offset : nr_bytes * 8; > #elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ > - for (i = 0; i < t->size; i++) > + for (i = 0; i < nr_bytes; i++) > num = num * 256 + bytes[i]; > - nr_copy_bits = t->size * 8 - bits_offset; > + nr_copy_bits = nr_bytes * 8 - bits_offset; > #else > # error "Unrecognized __BYTE_ORDER__" > #endif > -- > 2.43.0 >