From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Alexei Starovoitov <ast@kernel.org>,
John Fastabend <john.fastabend@gmail.com>,
Ovidiu Panait <ovidiu.panait@windriver.com>
Subject: [PATCH 4.19 046/116] bpf, test_verifier: switch bpf_get_stacks 0 s> r8 test
Date: Mon, 31 May 2021 15:13:42 +0200 [thread overview]
Message-ID: <20210531130641.741241614@linuxfoundation.org> (raw)
In-Reply-To: <20210531130640.131924542@linuxfoundation.org>
From: Daniel Borkmann <daniel@iogearbox.net>
[ no upstream commit ]
Switch the comparison, so that is_branch_taken() will recognize that below
branch is never taken:
[...]
17: [...] R1_w=inv0 [...] R8_w=inv(id=0,smin_value=-2147483648,smax_value=-1,umin_value=18446744071562067968,var_off=(0xffffffff80000000; 0x7fffffff)) [...]
17: (67) r8 <<= 32
18: [...] R8_w=inv(id=0,smax_value=-4294967296,umin_value=9223372036854775808,umax_value=18446744069414584320,var_off=(0x8000000000000000; 0x7fffffff00000000)) [...]
18: (c7) r8 s>>= 32
19: [...] R8_w=inv(id=0,smin_value=-2147483648,smax_value=-1,umin_value=18446744071562067968,var_off=(0xffffffff80000000; 0x7fffffff)) [...]
19: (6d) if r1 s> r8 goto pc+16
[...] R1_w=inv0 [...] R8_w=inv(id=0,smin_value=-2147483648,smax_value=-1,umin_value=18446744071562067968,var_off=(0xffffffff80000000; 0x7fffffff)) [...]
[...]
Currently we check for is_branch_taken() only if either K is source, or source
is a scalar value that is const. For upstream it would be good to extend this
properly to check whether dst is const and src not.
For the sake of the test_verifier, it is probably not needed here:
# ./test_verifier 101
#101/p bpf_get_stack return R0 within range OK
Summary: 1 PASSED, 0 SKIPPED, 0 FAILED
I haven't seen this issue in test_progs* though, they are passing fine:
# ./test_progs-no_alu32 -t get_stack
Switching to flavor 'no_alu32' subdirectory...
#20 get_stack_raw_tp:OK
Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED
# ./test_progs -t get_stack
#20 get_stack_raw_tp:OK
Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[OP: backport to 4.19]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/bpf/test_verifier.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/tools/testing/selftests/bpf/test_verifier.c
+++ b/tools/testing/selftests/bpf/test_verifier.c
@@ -12263,7 +12263,7 @@ static struct bpf_test tests[] = {
BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
BPF_ALU64_IMM(BPF_LSH, BPF_REG_8, 32),
BPF_ALU64_IMM(BPF_ARSH, BPF_REG_8, 32),
- BPF_JMP_REG(BPF_JSGT, BPF_REG_1, BPF_REG_8, 16),
+ BPF_JMP_REG(BPF_JSLT, BPF_REG_8, BPF_REG_1, 16),
BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_8),
BPF_MOV64_REG(BPF_REG_2, BPF_REG_7),
BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_8),
next prev parent reply other threads:[~2021-05-31 13:30 UTC|newest]
Thread overview: 122+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-31 13:12 [PATCH 4.19 000/116] 4.19.193-rc1 review Greg Kroah-Hartman
2021-05-31 13:12 ` [PATCH 4.19 001/116] mm, vmstat: drop zone->lock in /proc/pagetypeinfo Greg Kroah-Hartman
2021-05-31 13:12 ` [PATCH 4.19 002/116] usb: dwc3: gadget: Enable suspend events Greg Kroah-Hartman
2021-05-31 13:12 ` [PATCH 4.19 003/116] NFC: nci: fix memory leak in nci_allocate_device Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 004/116] cifs: set server->cipher_type to AES-128-CCM for SMB3.0 Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 005/116] NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 006/116] iommu/vt-d: Fix sysfs leak in alloc_iommu() Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 007/116] perf intel-pt: Fix sample instruction bytes Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 008/116] perf intel-pt: Fix transaction abort handling Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 009/116] proc: Check /proc/$pid/attr/ writes against file opener Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 010/116] net: hso: fix control-request directions Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 011/116] mac80211: assure all fragments are encrypted Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 012/116] mac80211: prevent mixed key and fragment cache attacks Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 013/116] mac80211: properly handle A-MSDUs that start with an RFC 1042 header Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 014/116] cfg80211: mitigate A-MSDU aggregation attacks Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 015/116] mac80211: drop A-MSDUs on old ciphers Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 016/116] mac80211: add fragment cache to sta_info Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 017/116] mac80211: check defrag PN against current frame Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 018/116] mac80211: prevent attacks on TKIP/WEP as well Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 019/116] mac80211: do not accept/forward invalid EAPOL frames Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 020/116] mac80211: extend protection against mixed key and fragment cache attacks Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 021/116] ath10k: Validate first subframe of A-MSDU before processing the list Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 022/116] dm snapshot: properly fix a crash when an origin has no snapshots Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 023/116] kgdb: fix gcc-11 warnings harder Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 024/116] misc/uss720: fix memory leak in uss720_probe Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 025/116] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 026/116] mei: request autosuspend after sending rx flow control Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 027/116] staging: iio: cdc: ad7746: avoid overwrite of num_channels Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 028/116] iio: adc: ad7793: Add missing error code in ad7793_setup() Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 029/116] USB: trancevibrator: fix control-request direction Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 030/116] USB: usbfs: Dont WARN about excessively large memory allocations Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 031/116] serial: sh-sci: Fix off-by-one error in FIFO threshold register setting Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 032/116] serial: rp2: use request_firmware instead of request_firmware_nowait Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 033/116] USB: serial: ti_usb_3410_5052: add startech.com device id Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 034/116] USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 035/116] USB: serial: ftdi_sio: add IDs for IDS GmbH Products Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 036/116] USB: serial: pl2303: add device id for ADLINK ND-6530 GC Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 037/116] usb: dwc3: gadget: Properly track pending and queued SG Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 038/116] usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 039/116] net: usb: fix memory leak in smsc75xx_bind Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 040/116] bpf: fix up selftests after backports were fixed Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 041/116] bpf, selftests: Fix up some test_verifier cases for unprivileged Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 042/116] selftests/bpf: Test narrow loads with off > 0 in test_verifier Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 043/116] selftests/bpf: add selftest part of "bpf: improve verifier branch analysis" Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 044/116] bpf: extend is_branch_taken to registers Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 045/116] bpf: Test_verifier, bpf_get_stack return value add <0 Greg Kroah-Hartman
2021-05-31 13:13 ` Greg Kroah-Hartman [this message]
2021-05-31 13:13 ` [PATCH 4.19 047/116] bpf: Move off_reg into sanitize_ptr_alu Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 048/116] bpf: Ensure off_reg has no mixed signed bounds for all types Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 049/116] bpf: Rework ptr_limit into alu_limit and add common error path Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 050/116] bpf: Improve verifier error messages for users Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 051/116] bpf: Refactor and streamline bounds check into helper Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 052/116] bpf: Move sanitize_val_alu out of op switch Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 053/116] bpf: Tighten speculative pointer arithmetic mask Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 054/116] bpf: Update selftests to reflect new error states Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 055/116] bpf: Fix leakage of uninitialized bpf stack under speculation Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 056/116] bpf: Wrap aux data inside bpf_sanitize_info container Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 057/116] bpf: Fix mask direction swap upon off reg sign change Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 058/116] bpf: No need to simulate speculative domain for immediates Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 059/116] spi: gpio: Dont leak SPI master in probe error path Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 060/116] spi: mt7621: Disable clock " Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 061/116] spi: mt7621: Dont leak SPI master " Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 062/116] Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails Greg Kroah-Hartman
2021-05-31 13:13 ` [PATCH 4.19 063/116] NFS: fix an incorrect limit in filelayout_decode_layout() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 064/116] NFS: Dont corrupt the value of pg_bytes_written in nfs_do_recoalesce() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 065/116] NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 066/116] drm/meson: fix shutdown crash when component not probed Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 067/116] net/mlx4: Fix EEPROM dump support Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 068/116] Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 069/116] tipc: skb_linearize the head skb when reassembling msgs Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 070/116] net: dsa: mt7530: fix VLAN traffic leaks Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 071/116] net: dsa: fix a crash if ->get_sset_count() fails Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 072/116] i2c: s3c2410: fix possible NULL pointer deref on read message after write Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 073/116] i2c: i801: Dont generate an interrupt on bus reset Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 074/116] perf jevents: Fix getting maximum number of fds Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 075/116] platform/x86: hp_accel: Avoid invoking _INI to speed up resume Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 076/116] serial: max310x: unregister uart driver in case of failure and abort Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 077/116] net: fujitsu: fix potential null-ptr-deref Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 078/116] net: caif: remove BUG_ON(dev == NULL) in caif_xmit Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 079/116] char: hpet: add checks after calling ioremap Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 080/116] ALSA: sb8: Add a comment note regarding an unused pointer Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 081/116] isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 082/116] dmaengine: qcom_hidma: comment platform_driver_register call Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 083/116] libertas: register sysfs groups properly Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 084/116] ASoC: cs43130: handle errors in cs43130_probe() properly Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 085/116] media: dvb: Add check on sp8870_readreg return Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 086/116] media: gspca: properly check for errors in po1030_probe() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 087/116] scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 088/116] openrisc: Define memory barrier mb Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 089/116] btrfs: do not BUG_ON in link_to_fixup_dir Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 090/116] platform/x86: hp-wireless: add AMDs hardware id to the supported list Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 091/116] platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 092/116] SMB3: incorrect file id in requests compounded with open Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 093/116] drm/amd/display: Disconnect non-DP with no EDID Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 094/116] drm/amd/amdgpu: fix refcount leak Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 095/116] drm/amdgpu: Fix a use-after-free Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 096/116] net: netcp: Fix an error message Greg Kroah-Hartman
2021-05-31 18:44 ` Marion & Christophe JAILLET
2021-05-31 13:14 ` [PATCH 4.19 097/116] net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 098/116] net: fec: fix the potential memory leak in fec_enet_init() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 099/116] net: mdio: thunder: Fix a double free issue in the .remove function Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 100/116] net: mdio: octeon: Fix some double free issues Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 101/116] openvswitch: meter: fix race when getting now_ms Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 102/116] net: bnx2: Fix error return code in bnx2_init_board() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 103/116] mld: fix panic in mld_newpack() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 104/116] staging: emxx_udc: fix loop in _nbu2ss_nuke() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 105/116] ASoC: cs35l33: fix an error code in probe() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 106/116] bpf: Set mac_len in bpf_skb_change_head Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 107/116] ixgbe: fix large MTU request from VF Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 108/116] scsi: libsas: Use _safe() loop in sas_resume_port() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 109/116] ipv6: record frag_max_size in atomic fragments in input path Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 110/116] sch_dsmark: fix a NULL deref in qdisc_reset() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 111/116] MIPS: alchemy: xxs1500: add gpio-au1000.h header file Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 112/116] MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 113/116] hugetlbfs: hugetlb_fault_mutex_hash() cleanup Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 114/116] drivers/net/ethernet: clean up unused assignments Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 115/116] net: hns3: check the return of skb_checksum_help() Greg Kroah-Hartman
2021-05-31 13:14 ` [PATCH 4.19 116/116] usb: core: reduce power-on-good delay time of root hub Greg Kroah-Hartman
2021-06-01 8:22 ` [PATCH 4.19 000/116] 4.19.193-rc1 review Samuel Zou
2021-06-01 9:06 ` Pavel Machek
2021-06-01 9:32 ` Naresh Kamboju
2021-06-02 2:23 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210531130641.741241614@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=john.fastabend@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ovidiu.panait@windriver.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).