forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
Linux kernel for uConsole
988,028 commits 5 branches 3 tags 4.3 GiB
Find a file
Paul Chaignon 9ff2bebc2c bpf: Fix incorrect state pruning for <8B spill/fill 
commit 345e004d02 upstream.

Commit 354e8f1970 ("bpf: Support <8-byte scalar spill and refill")
introduced support in the verifier to track <8B spill/fills of scalars.
The backtracking logic for the precision bit was however skipping
spill/fills of less than 8B. That could cause state pruning to consider
two states equivalent when they shouldn't be.

As an example, consider the following bytecode snippet:

  0:  r7 = r1
  1:  call bpf_get_prandom_u32
  2:  r6 = 2
  3:  if r0 == 0 goto pc+1
  4:  r6 = 3
  ...
  8: [state pruning point]
  ...
  /* u32 spill/fill */
  10: *(u32 *)(r10 - 8) = r6
  11: r8 = *(u32 *)(r10 - 8)
  12: r0 = 0
  13: if r8 == 3 goto pc+1
  14: r0 = 1
  15: exit

The verifier first walks the path with R6=3. Given the support for <8B
spill/fills, at instruction 13, it knows the condition is true and skips
instruction 14. At that point, the backtracking logic kicks in but stops
at the fill instruction since it only propagates the precision bit for
8B spill/fill. When the verifier then walks the path with R6=2, it will
consider it safe at instruction 8 because R6 is not marked as needing
precision. Instruction 14 is thus never walked and is then incorrectly
removed as 'dead code'.

It's also possible to lead the verifier to accept e.g. an out-of-bound
memory access instead of causing an incorrect dead code elimination.

This regression was found via Cilium's bpf-next CI where it was causing
a conntrack map update to be silently skipped because the code had been
removed by the verifier.

This commit fixes it by enabling support for <8B spill/fills in the
bactracking logic. In case of a <8B spill/fill, the full 8B stack slot
will be marked as needing precision. Then, in __mark_chain_precision,
any tracked register spilled in a marked slot will itself be marked as
needing precision, regardless of the spill size. This logic makes two
assumptions: (1) only 8B-aligned spill/fill are tracked and (2) spilled
registers are only tracked if the spill and fill sizes are equal. Commit
ef979017b8 ("bpf: selftest: Add verifier tests for <8-byte scalar
spill and refill") covers the first assumption and the next commit in
this patchset covers the second.

Fixes: 354e8f1970 ("bpf: Support <8-byte scalar spill and refill")
Signed-off-by: Paul Chaignon <paul@isovalent.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-02-15 17:22:10 +01:00
arch arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI 2023-02-06 07:56:15 +01:00
block blk-cgroup: fix missing pd_online_fn() while activating policy 2023-02-06 07:56:15 +01:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-22 14:13:17 +02:00
crypto crypto: tcrypt - Fix multibuffer skcipher speed test mem leak 2023-01-14 10:15:50 +01:00
Documentation docs: Fix path paste-o for /sys/kernel/warn_count 2023-02-01 08:23:21 +01:00
drivers bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() 2023-02-15 17:22:10 +01:00
fs nfsd: Ensure knfsd shuts down when the "nfsd" pseudofs is unmounted 2023-02-01 08:23:26 +01:00
include netfilter: conntrack: unify established states for SCTP paths 2023-02-01 08:23:27 +01:00
init init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash 2022-12-02 17:40:03 +01:00
io_uring io_uring/rw: remove leftover debug statement 2023-01-24 07:20:02 +01:00
ipc ipc/sem: Fix dangling sem_array access in semtimedop race 2022-12-08 11:24:00 +01:00
kernel bpf: Fix incorrect state pruning for <8B spill/fill 2023-02-15 17:22:10 +01:00
lib netlink: prevent potential spectre v1 gadgets 2023-02-01 08:23:23 +01:00
LICENSES LICENSES/deprecated: add Zlib license text 2020-09-16 14:33:49 +02:00
mm panic: Consolidate open-coded panic_on_warn checks 2023-02-01 08:23:20 +01:00
net net: fix NULL pointer in skb_segment_list 2023-02-06 07:56:16 +01:00
samples samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe() 2023-01-14 10:16:01 +01:00
scripts ftrace/scripts: Update the instructions for ftrace-bisect.sh 2023-02-01 08:23:22 +01:00
security tomoyo: fix broken dependency on *.conf.default 2023-02-01 08:23:10 +01:00
sound ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets 2023-02-01 08:23:17 +01:00
tools Revert "selftests/ftrace: Update synthetic event syntax errors" 2023-02-01 08:23:26 +01:00
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage 2022-02-01 17:25:48 +01:00
virt kvm: Add support for arch compat vm ioctls 2022-10-30 09:41:15 +01:00
.clang-format RDMA 5.10 pull request 2020-10-17 11:18:18 -07:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: generate Module.symvers only when vmlinux exists 2021-05-19 10:12:59 +02:00
.mailmap mailmap: add two more addresses of Uwe Kleine-König 2020-12-06 10:19:07 -08:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS 2020-11-30 10:20:34 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS futex: Move to kernel/futex/ 2023-01-14 10:15:20 +01:00
Makefile Linux 5.10.167 2023-02-06 07:56:16 +01:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.