system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-21 03:28:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/kernel/bpf
History
Arthur Fabre fbeb1603bf bpf: verifier: MOV64 don't mark dst reg unbounded 
When check_alu_op() handles a BPF_MOV64 between two registers,
it calls check_reg_arg(DST_OP) on the dst register, marking it
as unbounded. If the src and dst register are the same, this
marks the src as unbounded, which can lead to unexpected errors
for further checks that rely on bounds info. For example:

	BPF_MOV64_IMM(BPF_REG_2, 0),
	BPF_MOV64_REG(BPF_REG_2, BPF_REG_2),
	BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_2),
	BPF_MOV64_IMM(BPF_REG_0, 0),
	BPF_EXIT_INSN(),

Results in:

	"math between ctx pointer and register with unbounded
	min value is not allowed"

check_alu_op() now uses check_reg_arg(DST_OP_NO_MARK), and MOVs
that need to mark the dst register (MOVIMM, MOV32) do so.

Added a test case for MOV64 dst == src, and dst != src.

Signed-off-by: Arthur Fabre <afabre@cloudflare.com>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2018-07-31 22:09:33 +02:00
..
arraymap.c bpf: btf: Rename btf_key_id and btf_value_id in bpf_map_info 2018-05-23 12:03:32 +02:00
bpf_lru_list.c bpf: lru: Lower the PERCPU_NR_SCANS from 16 to 4 2017-04-17 13:55:52 -04:00
bpf_lru_list.h bpf: Only set node->ref = 1 if it has not been set 2017-09-01 09:57:39 -07:00
btf.c bpf: btf: Fix bitfield extraction for big endian 2018-07-11 22:36:08 +02:00
cgroup.c bpf: fix rcu annotations in compute_effective_progs() 2018-07-18 15:01:54 +02:00
core.c bpf: bpf_prog_array_alloc() should return a generic non-rcu pointer 2018-07-18 15:01:20 +02:00
cpumap.c xdp: introduce xdp_return_frame_rx_napi 2018-05-24 18:36:15 -07:00
devmap.c xdp: XDP_REDIRECT should check IFF_UP and MTU 2018-07-07 15:25:35 -07:00
disasm.c bpf: Remove struct bpf_verifier_env argument from print_bpf_insn 2018-03-23 17:38:57 +01:00
disasm.h bpf: Remove struct bpf_verifier_env argument from print_bpf_insn 2018-03-23 17:38:57 +01:00
hashtab.c bpf: hash map: decrement counter on error 2018-07-03 23:26:28 +02:00
helpers.c bpf: implement bpf_get_current_cgroup_id() helper 2018-06-03 18:22:41 -07:00
inode.c bpf: implement dummy fops for bpf objects 2018-06-08 10:58:48 -07:00
lpm_trie.c treewide: kmalloc() -> kmalloc_array() 2018-06-12 16:19:22 -07:00
Makefile bpf: introduce new bpf AF_XDP map type BPF_MAP_TYPE_XSKMAP 2018-05-03 15:55:24 -07:00
map_in_map.c bpf: Add syscall lookup support for fd array and htab 2017-06-29 13:13:25 -04:00
map_in_map.h bpf: Add syscall lookup support for fd array and htab 2017-06-29 13:13:25 -04:00
offload.c bpf: offload: allow program and map sharing per-ASIC 2018-07-18 15:10:34 +02:00
percpu_freelist.c bpf: fix lockdep splat 2017-11-15 19:46:32 +09:00
percpu_freelist.h bpf: introduce percpu_freelist 2016-03-08 15:28:31 -05:00
sockmap.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2018-07-20 23:58:30 -07:00
stackmap.c bpf: avoid -Wmaybe-uninitialized warning 2018-05-28 17:40:59 +02:00
syscall.c bpf: sockhash, disallow bpf_tcp_close and update in parallel 2018-07-07 15:19:30 -07:00
tnum.c bpf/verifier: improve register value range tracking with ARSH 2018-04-29 08:45:53 -07:00
verifier.c bpf: verifier: MOV64 don't mark dst reg unbounded 2018-07-31 22:09:33 +02:00
xskmap.c xsk: clean up SPDX headers 2018-05-18 16:07:02 +02:00