mirror/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
1d68f22b3d53d368d5cc8d09de890250cae5c945
linux/kernel
History
Yonghong Song 1d68f22b3d bpf: Handle spilled PTR_TO_BTF_ID properly when checking stack_boundary 
This specifically to handle the case like below:
   // ptr below is a socket ptr identified by PTR_TO_BTF_ID
   u64 param[2] = { ptr, val };
   bpf_seq_printf(seq, fmt, sizeof(fmt), param, sizeof(param));

In this case, the 16 bytes stack for "param" contains:
   8 bytes for ptr with spilled PTR_TO_BTF_ID
   8 bytes for val as STACK_MISC

The current verifier will complain the ptr should not be visible
to the helper.
   ...
   16: (7b) *(u64 *)(r10 -64) = r2
   18: (7b) *(u64 *)(r10 -56) = r1
   19: (bf) r4 = r10
   ;
   20: (07) r4 += -64
   ; BPF_SEQ_PRINTF(seq, fmt1, (long)s, s->sk_protocol);
   21: (bf) r1 = r6
   22: (18) r2 = 0xffffa8d00018605a
   24: (b4) w3 = 10
   25: (b4) w5 = 16
   26: (85) call bpf_seq_printf#125
    R0=inv(id=0) R1_w=ptr_seq_file(id=0,off=0,imm=0)
    R2_w=map_value(id=0,off=90,ks=4,vs=144,imm=0) R3_w=inv10
    R4_w=fp-64 R5_w=inv16 R6=ptr_seq_file(id=0,off=0,imm=0)
    R7=ptr_netlink_sock(id=0,off=0,imm=0) R10=fp0 fp-56_w=mmmmmmmm
    fp-64_w=ptr_
   last_idx 26 first_idx 13
   regs=8 stack=0 before 25: (b4) w5 = 16
   regs=8 stack=0 before 24: (b4) w3 = 10
   invalid indirect read from stack off -64+0 size 16

Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/20200509175915.2476783-1-yhs@fb.com
2020-05-09 17:05:27 -07:00
..
bpf
bpf: Handle spilled PTR_TO_BTF_ID properly when checking stack_boundary
2020-05-09 17:05:27 -07:00
cgroup
bpf: Refactor bpf_link update handling
2020-04-28 17:27:07 -07:00
configs
compiler: remove CONFIG_OPTIMIZE_INLINING entirely
2020-04-07 10:43:42 -07:00
debug
Merge tag 'spdx-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx
2020-04-03 13:12:26 -07:00
dma
dma-debug: fix displaying of dma allocation type
2020-04-08 21:46:57 +02:00
events
Merge branch 'work.sysctl' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-04-28 21:23:38 +02:00
gcov
kernel/gcov/fs.c: gcov_seq_next() should increase position index
2020-04-10 15:36:22 -07:00
irq
genirq: Remove setup_irq() and remove_irq()
2020-04-14 10:08:50 +02:00
livepatch
Merge tag 'trace-v5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
2019-11-27 11:42:01 -08:00
locking
locking/lockdep: Improve 'invalid wait context' splat
2020-04-08 12:05:07 +02:00
power
PM / sleep: handle the compat case in snapshot_set_swap_area()
2020-04-06 21:42:36 +02:00
printk
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
rcu
Merge branch 'urgent-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/urgent
2020-04-14 08:36:41 +02:00
sched
Merge branch 'work.sysctl' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-04-28 21:23:38 +02:00
time
Merge branch 'work.sysctl' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2020-04-28 21:23:38 +02:00
trace
bpf: Add bpf_seq_printf and bpf_seq_write helpers
2020-05-09 17:05:26 -07:00
.gitignore
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
acct.c
acct: stop using get_seconds()
2019-12-18 18:07:31 +01:00
async.c
audit_fsnotify.c
fsnotify: use helpers to access data by data_type
2020-03-23 18:19:06 +01:00
audit_tree.c
audit_watch.c
Merge tag 'fsnotify_for_v5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2020-04-06 08:58:42 -07:00
audit.c
audit: check the length of userspace generated audit records
2020-04-20 17:10:58 -04:00
audit.h
audit: trigger accompanying records when no rules present
2020-03-12 10:42:51 -04:00
auditfilter.c
audit: fix error handling in audit_data_to_entry()
2020-02-22 20:36:47 -05:00
auditsc.c
audit: trigger accompanying records when no rules present
2020-03-12 10:42:51 -04:00
backtracetest.c
bounds.c
capability.c
compat.c
y2038: remove unused time32 interfaces
2020-02-21 11:22:15 -08:00
configs.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
context_tracking.c
context-tracking: Introduce CONFIG_HAVE_TIF_NOHZ
2020-02-14 16:05:04 +01:00
cpu_pm.c
cpu.c
Merge tag 'smp-core-2020-03-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2020-03-30 18:06:39 -07:00
crash_core.c
crash_dump.c
cred.c
kernel: doc: remove outdated comment cred.c
2020-03-25 10:04:01 -05:00
delayacct.c
dma.c
elfcore.c
kernel/elfcore.c: include proper prototypes
2019-09-25 17:51:39 -07:00
exec_domain.c
exit.c
proc: Put thread_pid in release_task not proc_flush_pid
2020-04-24 15:49:00 -05:00
extable.c
kernel/extable.c: use address-of operator on section symbols
2020-04-07 10:43:42 -07:00
fail_function.c
fork.c
clone3: add build-time CLONE_ARGS_SIZE_VER* validity checks
2020-04-15 09:56:32 +02:00
freezer.c
Revert "libata, freezer: avoid block device removal while system is frozen"
2019-10-06 09:11:37 -06:00
futex.c
Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2020-03-30 16:17:15 -07:00
gen_kheaders.sh
kheaders: explain why include/config/autoconf.h is excluded from md5sum
2019-11-11 20:10:01 +09:00
groups.c
hung_task.c
iomem.c
irq_work.c
lockdep: Annotate irq_work
2020-03-21 16:00:24 +01:00
jump_label.c
jump_label: Don't warn on __exit jump entries
2019-08-29 15:10:10 +01:00
kallsyms.c
kallsyms: unexport kallsyms_lookup_name() and kallsyms_on_each_symbol()
2020-04-07 10:43:44 -07:00
kcmp.c
kernel/kcmp.c: Use new infrastructure to fix deadlocks in execve
2020-03-25 10:04:01 -05:00
Kconfig.freezer
Kconfig.hz
Kconfig.locks
sched/rt, locking: Use CONFIG_PREEMPTION
2019-12-08 14:37:36 +01:00
Kconfig.preempt
sched/Kconfig: Fix spelling mistake in user-visible help text
2019-11-12 11:35:32 +01:00
kcov.c
kcov: remote coverage support
2019-12-04 19:44:14 -08:00
kexec_core.c
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kexec_elf.c
kexec_elf: support 32 bit ELF files
2019-09-06 23:58:44 +02:00
kexec_file.c
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kexec_internal.h
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kexec.c
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kheaders.c
kmod.c
kmod: make request_module() return an error when autoloading is disabled
2020-04-10 15:36:22 -07:00
kprobes.c
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
ksysfs.c
kthread.c
kthread: Do not preempt current task if it is going to call schedule()
2020-03-20 13:06:20 +01:00
latencytop.c
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
Makefile
kcov: ignore fault-inject and stacktrace
2020-01-31 10:30:41 -08:00
module_signature.c
module_signing.c
module-internal.h
module.c
kernel/module: Hide vermagic header file from general use
2020-04-21 13:27:37 -07:00
notifier.c
x86/mm: split vmalloc_sync_all()
2020-03-21 18:56:06 -07:00
nsproxy.c
ns: Introduce Time Namespace
2020-01-14 12:20:48 +01:00
padata.c
crypto: pcrypt - simplify error handling in pcrypt_create_aead()
2020-03-06 12:28:24 +11:00
panic.c
locking/refcount: Remove unused 'refcount_error_report()' function
2019-11-25 09:15:42 +01:00
params.c
pid_namespace.c
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
pid.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-04-10 12:59:56 -07:00
profile.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
ptrace.c
ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()
2020-01-18 13:51:39 +01:00
range.c
reboot.c
relay.c
resource.c
mm/memory_hotplug.c: use PFN_UP / PFN_DOWN in walk_system_ram_range()
2019-09-24 15:54:09 -07:00
rseq.c
rseq: Reject unknown flags on rseq unregister
2019-12-25 10:41:20 +01:00
seccomp.c
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
signal.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-04-23 13:30:18 -07:00
smp.c
cpu/hotplug: Move bringup of secondary CPUs out of smp_init()
2020-03-25 12:59:37 +01:00
smpboot.c
smpboot.h
softirq.c
lockdep: Rename trace_{hard,soft}{irq_context,irqs_enabled}()
2020-03-21 16:03:54 +01:00
stackleak.c
stacktrace.c
stacktrace: Get rid of unneeded '!!' pattern
2019-11-11 10:30:59 +01:00
stop_machine.c
stop_machine: Make stop_cpus() static
2020-01-17 10:19:21 +01:00
sys_ni.c
y2038: allow disabling time32 system calls
2019-11-15 14:38:30 +01:00
sys.c
sys/sysinfo: Respect boottime inside time namespace
2020-03-03 19:34:32 +01:00
sysctl_binary.c
sysctl: Remove the sysctl system call
2019-11-26 13:03:56 -06:00
sysctl-test.c
kunit: allow kunit tests to be loaded as a module
2020-01-09 16:42:29 -07:00
sysctl.c
sysctl: Fix unused function warning
2020-05-05 11:59:32 -07:00
task_work.c
task_work_run: don't take ->pi_lock unconditionally
2020-03-02 14:06:33 -07:00
taskstats.c
taskstats: fix data-race
2019-12-04 15:18:39 +01:00
test_kprobes.c
torture.c
Merge tag 'smp-core-2020-03-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2020-03-30 18:06:39 -07:00
tracepoint.c
tsacct.c
tsacct: add 64-bit btime field
2019-12-18 18:07:31 +01:00
ucount.c
ucount: Make sure ucounts in /proc/sys/user don't regress again
2020-04-07 21:51:27 +02:00
uid16.c
uid16.h
umh.c
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
up.c
smp/up: Make smp_call_function_single() match SMP semantics
2020-02-07 15:34:12 +01:00
user_namespace.c
user-return-notifier.c
user.c
utsname_sysctl.c
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
utsname.c
watchdog_hld.c
watchdog.c
sysctl: pass kernel pointers to ->proc_handler
2020-04-27 02:07:40 -04:00
workqueue_internal.h
workqueue.c
workqueue: Remove the warning in wq_worker_sleeping()
2020-04-08 11:35:20 +02:00