linux-uconsole

History

Daniel Borkmann bc23105ca0 bpf: fix context access in tracing progs on 32 bit archs Wang reported that all the testcases for BPF_PROG_TYPE_PERF_EVENT program type in test_verifier report the following errors on x86_32: 172/p unpriv: spill/fill of different pointers ldx FAIL Unexpected error message! 0: (bf) r6 = r10 1: (07) r6 += -8 2: (15) if r1 == 0x0 goto pc+3 R1=ctx(id=0,off=0,imm=0) R6=fp-8,call_-1 R10=fp0,call_-1 3: (bf) r2 = r10 4: (07) r2 += -76 5: (7b) (u64 )(r6 +0) = r2 6: (55) if r1 != 0x0 goto pc+1 R1=ctx(id=0,off=0,imm=0) R2=fp-76,call_-1 R6=fp-8,call_-1 R10=fp0,call_-1 fp-8=fp 7: (7b) (u64 )(r6 +0) = r1 8: (79) r1 = (u64 )(r6 +0) 9: (79) r1 = (u64 )(r1 +68) invalid bpf_context access off=68 size=8 378/p check bpf_perf_event_data->sample_period byte load permitted FAIL Failed to load prog 'Permission denied'! 0: (b7) r0 = 0 1: (71) r0 = (u8 )(r1 +68) invalid bpf_context access off=68 size=1 379/p check bpf_perf_event_data->sample_period half load permitted FAIL Failed to load prog 'Permission denied'! 0: (b7) r0 = 0 1: (69) r0 = (u16 )(r1 +68) invalid bpf_context access off=68 size=2 380/p check bpf_perf_event_data->sample_period word load permitted FAIL Failed to load prog 'Permission denied'! 0: (b7) r0 = 0 1: (61) r0 = (u32 )(r1 +68) invalid bpf_context access off=68 size=4 381/p check bpf_perf_event_data->sample_period dword load permitted FAIL Failed to load prog 'Permission denied'! 0: (b7) r0 = 0 1: (79) r0 = (u64 )(r1 +68) invalid bpf_context access off=68 size=8 Reason is that struct pt_regs on x86_32 doesn't fully align to 8 byte boundary due to its size of 68 bytes. Therefore, bpf_ctx_narrow_access_ok() will then bail out saying that off & (size_default - 1) which is 68 & 7 doesn't cleanly align in the case of sample_period access from struct bpf_perf_event_data, hence verifier wrongly thinks we might be doing an unaligned access here though underlying arch can handle it just fine. Therefore adjust this down to machine size and check and rewrite the offset for narrow access on that basis. We also need to fix corresponding pe_prog_is_valid_access(), since we hit the check for off % size != 0 (e.g. 68 % 8 -> 4) in the first and last test. With that in place, progs for tracing work on x86_32. Reported-by: Wang YanQing <udknight@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Tested-by: Wang YanQing <udknight@gmail.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org>		2018-06-03 07:46:56 -07:00
..
acpi	xen: fixes for 4.17-rc1	2018-04-12 11:04:35 -07:00
asm-generic	earlycon: Use a pointer table to fix __earlycon_table stride	2018-04-23 10:06:59 +02:00
clocksource
crypto
drm	drm: Fix HDCP downstream dev count read	2018-04-16 12:10:48 -04:00
dt-bindings	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-05-11 20:53:22 -04:00
keys
kvm	KVM: arm/arm64: vgic: Fix source vcpu issues for GICv2 SGI	2018-04-27 12:39:09 +01:00
linux	bpf: fix context access in tracing progs on 32 bit archs	2018-06-03 07:46:56 -07:00
math-emu
media	MAINTAINERS & files: Canonize the e-mails I use at files	2018-05-04 06:21:06 -04:00
memory
misc
net	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-05-26 19:46:15 -04:00
pcmcia
ras
rdma	IB/uverbs: Fix uverbs_attr_get_obj	2018-05-23 15:25:53 -06:00
scsi	scsi: core: remove reference to scsi_show_extd_sense()	2018-04-18 23:37:39 -04:00
soc	soc: bcm2835: Make !RASPBERRYPI_FIRMWARE dummies return failure	2018-04-16 15:15:23 -07:00
sound	ALSA: control: Hardening for potential Spectre v1	2018-04-25 10:37:46 +02:00
target
trace	net/ipv4: Remove tracepoint in fib_validate_source	2018-05-24 23:01:15 -04:00
uapi	bpf: make sure to clear unused fields in tunnel/xfrm state fetch	2018-06-03 07:46:55 -07:00
video
xen	xen/sndif: Sync up with the canonical definition in Xen	2018-04-17 08:26:33 -04:00