From: Joanne Koong <joannelkoong@gmail.com>
To: Roberto Sassu <roberto.sassu@huaweicloud.com>
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@linux.dev, song@kernel.org, yhs@fb.com,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com,
haoluo@google.com, jolsa@kernel.org, mykolal@fb.com,
dhowells@redhat.com, jarkko@kernel.org, rostedt@goodmis.org,
mingo@redhat.com, paul@paul-moore.com, jmorris@namei.org,
serge@hallyn.com, shuah@kernel.org, bpf@vger.kernel.org,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org,
deso@posteo.net, memxor@gmail.com,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: Re: [PATCH v14 02/12] bpf: Move dynptr type check to is_dynptr_type_expected()
Date: Tue, 30 Aug 2022 09:46:41 -0700 [thread overview]
Message-ID: <CAJnrk1bL2MSN81ORrkm9JcFQh3qsJ1jVGXEycSjyhk+Jv_Bz2Q@mail.gmail.com> (raw)
In-Reply-To: <20220830161716.754078-3-roberto.sassu@huaweicloud.com>
On Tue, Aug 30, 2022 at 9:18 AM Roberto Sassu
<roberto.sassu@huaweicloud.com> wrote:
>
> From: Roberto Sassu <roberto.sassu@huawei.com>
>
> Move dynptr type check to is_dynptr_type_expected() from
> is_dynptr_reg_valid_init(), so that callers can better determine the cause
> of a negative result (dynamic pointer not valid/initialized, dynamic
> pointer of the wrong type).
>
> Also, splitting makes the code more readable, since checking the dynamic
> pointer type is not necessarily related to validity and initialization.
I think it'd be helpful to also include that btf will be using these
functions, which seems like the main motivation behind why this change
is needed.
>
> Split the validity/initialization and dynamic pointer type check also in
> the verifier, and adjust the expected error message in the test (a test for
> an unexpected dynptr type passed to a helper cannot be added due to missing
> suitable helpers, but this case has been tested manually).
The bpf_ringbuf_submit_dynptr() and bpf_ringbuf_discard_dynptr()
helpers take in only ringbuf-type dynptrs, so either of these would
work for testing the case where an incorrect dynptr type is passed in
:)
>
> Cc: Joanne Koong <joannelkoong@gmail.com>
> Cc: Kumar Kartikeya Dwivedi <memxor@gmail.com>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
> kernel/bpf/verifier.c | 35 ++++++++++++++-----
> .../testing/selftests/bpf/prog_tests/dynptr.c | 2 +-
> 2 files changed, 28 insertions(+), 9 deletions(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 0194a36d0b36..1b913db252a3 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -779,8 +779,8 @@ static bool is_dynptr_reg_valid_uninit(struct bpf_verifier_env *env, struct bpf_
> return true;
> }
>
> -static bool is_dynptr_reg_valid_init(struct bpf_verifier_env *env, struct bpf_reg_state *reg,
> - enum bpf_arg_type arg_type)
> +static bool is_dynptr_reg_valid_init(struct bpf_verifier_env *env,
> + struct bpf_reg_state *reg)
> {
> struct bpf_func_state *state = func(env, reg);
> int spi = get_spi(reg->off);
> @@ -796,11 +796,24 @@ static bool is_dynptr_reg_valid_init(struct bpf_verifier_env *env, struct bpf_re
> return false;
> }
>
> + return true;
> +}
> +
> +static bool is_dynptr_type_expected(struct bpf_verifier_env *env,
> + struct bpf_reg_state *reg,
> + enum bpf_arg_type arg_type)
> +{
> + struct bpf_func_state *state = func(env, reg);
> + int spi = get_spi(reg->off);
> + enum bpf_dynptr_type dynptr_type;
nit: the above 2 lines should be swapped to maintain reverse christmas
tree order of declarations
> +
> /* ARG_PTR_TO_DYNPTR takes any type of dynptr */
> if (arg_type == ARG_PTR_TO_DYNPTR)
> return true;
>
> - return state->stack[spi].spilled_ptr.dynptr.type == arg_to_dynptr_type(arg_type);
> + dynptr_type = arg_to_dynptr_type(arg_type);
> +
> + return state->stack[spi].spilled_ptr.dynptr.type == dynptr_type;
> }
>
> /* The reg state of a pointer or a bounded scalar was saved when
> @@ -6050,21 +6063,27 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,
> }
>
> meta->uninit_dynptr_regno = regno;
> - } else if (!is_dynptr_reg_valid_init(env, reg, arg_type)) {
> + } else if (!is_dynptr_reg_valid_init(env, reg)) {
> + verbose(env,
> + "Expected an initialized dynptr as arg #%d\n",
> + arg + 1);
> + return -EINVAL;
> + } else if (!is_dynptr_type_expected(env, reg, arg_type)) {
> const char *err_extra = "";
>
> switch (arg_type & DYNPTR_TYPE_FLAG_MASK) {
> case DYNPTR_TYPE_LOCAL:
> - err_extra = "local ";
> + err_extra = "local";
> break;
> case DYNPTR_TYPE_RINGBUF:
> - err_extra = "ringbuf ";
> + err_extra = "ringbuf";
> break;
> default:
> + err_extra = "<unknown>";
> break;
> }
> -
> - verbose(env, "Expected an initialized %sdynptr as arg #%d\n",
> + verbose(env,
> + "Expected a dynptr of type %s as arg #%d\n",
> err_extra, arg + 1);
> return -EINVAL;
> }
> diff --git a/tools/testing/selftests/bpf/prog_tests/dynptr.c b/tools/testing/selftests/bpf/prog_tests/dynptr.c
> index bcf80b9f7c27..8fc4e6c02bfd 100644
> --- a/tools/testing/selftests/bpf/prog_tests/dynptr.c
> +++ b/tools/testing/selftests/bpf/prog_tests/dynptr.c
> @@ -30,7 +30,7 @@ static struct {
> {"invalid_helper2", "Expected an initialized dynptr as arg #3"},
> {"invalid_write1", "Expected an initialized dynptr as arg #1"},
> {"invalid_write2", "Expected an initialized dynptr as arg #3"},
> - {"invalid_write3", "Expected an initialized ringbuf dynptr as arg #1"},
> + {"invalid_write3", "Expected an initialized dynptr as arg #1"},
> {"invalid_write4", "arg 1 is an unacquired reference"},
> {"invalid_read1", "invalid read from stack"},
> {"invalid_read2", "cannot pass in dynptr at an offset"},
> --
> 2.25.1
>
next prev parent reply other threads:[~2022-08-30 16:47 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-30 16:17 [PATCH v14 00/12] bpf: Add kfuncs for PKCS#7 signature verification Roberto Sassu
2022-08-30 16:17 ` [PATCH v14 01/12] bpf: Allow kfuncs to be used in LSM programs Roberto Sassu
2022-08-30 16:17 ` [PATCH v14 02/12] bpf: Move dynptr type check to is_dynptr_type_expected() Roberto Sassu
2022-08-30 16:46 ` Joanne Koong [this message]
2022-08-31 9:22 ` Roberto Sassu
2022-08-30 16:17 ` [PATCH v14 03/12] btf: Allow dynamic pointer parameters in kfuncs Roberto Sassu
2022-08-30 16:17 ` [PATCH v14 04/12] bpf: Export bpf_dynptr_get_size() Roberto Sassu
2022-08-30 16:17 ` [PATCH v14 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set KEY_LOOKUP_FLAGS_ALL Roberto Sassu
2022-08-31 2:53 ` Jarkko Sakkinen
2022-08-31 4:51 ` Jarkko Sakkinen
2022-08-31 6:29 ` Jarkko Sakkinen
2022-08-31 9:23 ` Roberto Sassu
2022-08-31 15:33 ` Alexei Starovoitov
2022-08-31 15:55 ` Roberto Sassu
2022-09-02 3:27 ` Jarkko Sakkinen
2022-08-30 16:17 ` [PATCH v14 06/12] bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs Roberto Sassu
2022-08-30 16:17 ` [PATCH v14 07/12] bpf: Add bpf_verify_pkcs7_signature() kfunc Roberto Sassu
2022-08-30 16:17 ` [PATCH v14 08/12] selftests/bpf: Compile kernel with everything as built-in Roberto Sassu
2022-08-30 16:17 ` [PATCH v14 09/12] selftests/bpf: Add verifier tests for bpf_lookup_*_key() and bpf_key_put() Roberto Sassu
2022-08-30 16:17 ` [PATCH v14 10/12] selftests/bpf: Add additional tests for bpf_lookup_*_key() Roberto Sassu
2022-08-30 16:17 ` [PATCH v14 11/12] selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc Roberto Sassu
2022-08-30 16:17 ` [PATCH v14 12/12] selftests/bpf: Add verifier tests for dynamic pointers parameters in kfuncs Roberto Sassu
2022-08-30 16:54 ` Joanne Koong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJnrk1bL2MSN81ORrkm9JcFQh3qsJ1jVGXEycSjyhk+Jv_Bz2Q@mail.gmail.com \
--to=joannelkoong@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=deso@posteo.net \
--cc=dhowells@redhat.com \
--cc=haoluo@google.com \
--cc=jarkko@kernel.org \
--cc=jmorris@namei.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=mingo@redhat.com \
--cc=mykolal@fb.com \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=rostedt@goodmis.org \
--cc=sdf@google.com \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.