From mboxrd@z Thu Jan  1 00:00:00 1970
From: Arnaldo Carvalho de Melo <acme@kernel.org>
Subject: Re: [PATCH bpf 1/4] bpf: fix partial copy of map_ptr when dst is
 scalar
Date: Thu, 1 Nov 2018 16:18:53 -0300
Message-ID: <20181101191853.GC20495@kernel.org>
References: <20181031230555.3371-1-daniel@iogearbox.net>
 <20181031230555.3371-2-daniel@iogearbox.net>
 <eb077319-4b9a-d48d-b467-fb11301c4470@solarflare.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Daniel Borkmann <daniel@iogearbox.net>, ast@kernel.org,
        netdev@vger.kernel.org
To: Edward Cree <ecree@solarflare.com>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail.kernel.org ([198.145.29.99]:47256 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726147AbeKBEXN (ORCPT <rfc822;netdev@vger.kernel.org>);
        Fri, 2 Nov 2018 00:23:13 -0400
Content-Disposition: inline
In-Reply-To: <eb077319-4b9a-d48d-b467-fb11301c4470@solarflare.com>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

Em Thu, Nov 01, 2018 at 07:17:29PM +0000, Edward Cree escreveu:
> On 31/10/18 23:05, Daniel Borkmann wrote:
> > ALU operations on pointers such as scalar_reg += map_value_ptr are
> > handled in adjust_ptr_min_max_vals(). Problem is however that map_ptr
> > and range in the register state share a union, so transferring state
> > through dst_reg->range = ptr_reg->range is just buggy as any new
> > map_ptr in the dst_reg is then truncated (or null) for subsequent
> > checks. Fix this by adding a raw member and use it for copying state
> > over to dst_reg.
> >
> > Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
> > Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
> > Cc: Edward Cree <ecree@solarflare.com>
> > Acked-by: Alexei Starovoitov <ast@kernel.org>
> > ---
> Acked-by: Edward Cree <ecree@solarflare.com>
> (though I apparently missed the 63-minute window to hit the git record...)

Those guys are fast! :-)

- Arnaldo