From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Alexei Starovoitov <ast@kernel.org>,
Sasha Levin <sashal@kernel.org>,
andrii@kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org
Subject: [PATCH AUTOSEL 5.15 23/29] bpf: Make 32->64 bounds propagation slightly more robust
Date: Mon, 20 Dec 2021 20:57:44 -0500 [thread overview]
Message-ID: <20211221015751.116328-23-sashal@kernel.org> (raw)
In-Reply-To: <20211221015751.116328-1-sashal@kernel.org>
From: Daniel Borkmann <daniel@iogearbox.net>
[ Upstream commit e572ff80f05c33cd0cb4860f864f5c9c044280b6 ]
Make the bounds propagation in __reg_assign_32_into_64() slightly more
robust and readable by aligning it similarly as we did back in the
__reg_combine_64_into_32() counterpart. Meaning, only propagate or
pessimize them as a smin/smax pair.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/verifier.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 8a0b4879790e5..03f627e7e233b 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1358,22 +1358,28 @@ static void __reg_bound_offset(struct bpf_reg_state *reg)
reg->var_off = tnum_or(tnum_clear_subreg(var64_off), var32_off);
}
+static bool __reg32_bound_s64(s32 a)
+{
+ return a >= 0 && a <= S32_MAX;
+}
+
static void __reg_assign_32_into_64(struct bpf_reg_state *reg)
{
reg->umin_value = reg->u32_min_value;
reg->umax_value = reg->u32_max_value;
- /* Attempt to pull 32-bit signed bounds into 64-bit bounds
- * but must be positive otherwise set to worse case bounds
- * and refine later from tnum.
+
+ /* Attempt to pull 32-bit signed bounds into 64-bit bounds but must
+ * be positive otherwise set to worse case bounds and refine later
+ * from tnum.
*/
- if (reg->s32_min_value >= 0 && reg->s32_max_value >= 0)
- reg->smax_value = reg->s32_max_value;
- else
- reg->smax_value = U32_MAX;
- if (reg->s32_min_value >= 0)
+ if (__reg32_bound_s64(reg->s32_min_value) &&
+ __reg32_bound_s64(reg->s32_max_value)) {
reg->smin_value = reg->s32_min_value;
- else
+ reg->smax_value = reg->s32_max_value;
+ } else {
reg->smin_value = 0;
+ reg->smax_value = U32_MAX;
+ }
}
static void __reg_combine_32_into_64(struct bpf_reg_state *reg)
--
2.34.1
prev parent reply other threads:[~2021-12-21 1:58 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20211221015751.116328-1-sashal@kernel.org>
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 04/29] mac80211: fix TCP performance on mesh interface Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 05/29] mac80211: set up the fwd_skb->dev for mesh forwarding Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 06/29] mac80211: fix a memory leak where sta_info is not freed Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 07/29] nl80211: reset regdom when reloading regdb Sasha Levin
2021-12-25 18:23 ` Sedat Dilek
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 08/29] iwlwifi: fix LED dependencies Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 09/29] phonet: refcount leak in pep_sock_accep Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 10/29] net: usb: qmi_wwan: add Telit 0x1070 composition Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 12/29] net: bcmgenet: Fix NULL vs IS_ERR() checking Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 13/29] net: ethernet: ti: add missing of_node_put before return Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 15/29] mac80211: Fix the size used for building probe request Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 16/29] mac80211: update channel context before station state Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 17/29] mac80211: do drv_reconfig_complete() before restarting all Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 21/29] net: usb: lan78xx: add Allied Telesis AT29M2-AF Sasha Levin
2021-12-21 1:57 ` [PATCH AUTOSEL 5.15 22/29] virtio_net: fix rx_drops stat for small pkts Sasha Levin
2021-12-21 1:57 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211221015751.116328-23-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=john.fastabend@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).