* [PATCH bpf-next 0/2] Simplify bpf_snprintf verifier code
@ 2021-04-22 23:55 Florent Revest
2021-04-22 23:55 ` [PATCH bpf-next 1/2] bpf: Notify user if we ever hit a bpf_snprintf verifier bug Florent Revest
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Florent Revest @ 2021-04-22 23:55 UTC (permalink / raw)
To: bpf; +Cc: ast, daniel, andrii, kpsingh, jackmanb, linux-kernel, Florent Revest
Alexei requested a couple of cleanups to the bpf_snprintf and
ARG_PTR_TO_CONST_STR verifier code.
https://lore.kernel.org/bpf/CABRcYmL_SMT80UTyV98bRsOzW0wBd1sZcYUpTrcOAV+9m+YoWQ@mail.gmail.com/T/#t
Florent Revest (2):
bpf: Notify user if we ever hit a bpf_snprintf verifier bug
bpf: Remove unnecessary map checks for ARG_PTR_TO_CONST_STR
kernel/bpf/verifier.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--
2.31.1.498.g6c1eba8ee3d-goog
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH bpf-next 1/2] bpf: Notify user if we ever hit a bpf_snprintf verifier bug
2021-04-22 23:55 [PATCH bpf-next 0/2] Simplify bpf_snprintf verifier code Florent Revest
@ 2021-04-22 23:55 ` Florent Revest
2021-04-22 23:55 ` [PATCH bpf-next 2/2] bpf: Remove unnecessary map checks for ARG_PTR_TO_CONST_STR Florent Revest
2021-04-23 17:01 ` [PATCH bpf-next 0/2] Simplify bpf_snprintf verifier code Alexei Starovoitov
2 siblings, 0 replies; 4+ messages in thread
From: Florent Revest @ 2021-04-22 23:55 UTC (permalink / raw)
To: bpf; +Cc: ast, daniel, andrii, kpsingh, jackmanb, linux-kernel, Florent Revest
In check_bpf_snprintf_call(), a map_direct_value_addr() of the fmt map
should never fail because it has already been checked by
ARG_PTR_TO_CONST_STR. But if it ever fails, it's better to error out
with an explicit debug message rather than silently fail.
Signed-off-by: Florent Revest <revest@chromium.org>
Reported-by: Alexei Starovoitov <ast@kernel.org>
---
kernel/bpf/verifier.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 58730872f7e5..59799a9b014a 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -5940,8 +5940,10 @@ static int check_bpf_snprintf_call(struct bpf_verifier_env *env,
fmt_map_off = fmt_reg->off + fmt_reg->var_off.value;
err = fmt_map->ops->map_direct_value_addr(fmt_map, &fmt_addr,
fmt_map_off);
- if (err)
- return err;
+ if (err) {
+ verbose(env, "verifier bug\n");
+ return -EFAULT;
+ }
fmt = (char *)(long)fmt_addr + fmt_map_off;
/* We are also guaranteed that fmt+fmt_map_off is NULL terminated, we
--
2.31.1.498.g6c1eba8ee3d-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH bpf-next 2/2] bpf: Remove unnecessary map checks for ARG_PTR_TO_CONST_STR
2021-04-22 23:55 [PATCH bpf-next 0/2] Simplify bpf_snprintf verifier code Florent Revest
2021-04-22 23:55 ` [PATCH bpf-next 1/2] bpf: Notify user if we ever hit a bpf_snprintf verifier bug Florent Revest
@ 2021-04-22 23:55 ` Florent Revest
2021-04-23 17:01 ` [PATCH bpf-next 0/2] Simplify bpf_snprintf verifier code Alexei Starovoitov
2 siblings, 0 replies; 4+ messages in thread
From: Florent Revest @ 2021-04-22 23:55 UTC (permalink / raw)
To: bpf; +Cc: ast, daniel, andrii, kpsingh, jackmanb, linux-kernel, Florent Revest
reg->type is enforced by check_reg_type() and map should never be NULL
(it would already have been dereferenced anyway) so these checks are
unnecessary.
Signed-off-by: Florent Revest <revest@chromium.org>
Reported-by: Alexei Starovoitov <ast@kernel.org>
---
kernel/bpf/verifier.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 59799a9b014a..2579f6fbb5c3 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -5075,8 +5075,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,
u64 map_addr;
char *str_ptr;
- if (reg->type != PTR_TO_MAP_VALUE || !map ||
- !bpf_map_is_rdonly(map)) {
+ if (!bpf_map_is_rdonly(map)) {
verbose(env, "R%d does not point to a readonly map'\n", regno);
return -EACCES;
}
--
2.31.1.498.g6c1eba8ee3d-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH bpf-next 0/2] Simplify bpf_snprintf verifier code
2021-04-22 23:55 [PATCH bpf-next 0/2] Simplify bpf_snprintf verifier code Florent Revest
2021-04-22 23:55 ` [PATCH bpf-next 1/2] bpf: Notify user if we ever hit a bpf_snprintf verifier bug Florent Revest
2021-04-22 23:55 ` [PATCH bpf-next 2/2] bpf: Remove unnecessary map checks for ARG_PTR_TO_CONST_STR Florent Revest
@ 2021-04-23 17:01 ` Alexei Starovoitov
2 siblings, 0 replies; 4+ messages in thread
From: Alexei Starovoitov @ 2021-04-23 17:01 UTC (permalink / raw)
To: Florent Revest
Cc: bpf, Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko,
KP Singh, Brendan Jackman, LKML
On Thu, Apr 22, 2021 at 4:56 PM Florent Revest <revest@chromium.org> wrote:
>
> Alexei requested a couple of cleanups to the bpf_snprintf and
> ARG_PTR_TO_CONST_STR verifier code.
Applied. Thanks
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-04-23 17:02 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-22 23:55 [PATCH bpf-next 0/2] Simplify bpf_snprintf verifier code Florent Revest
2021-04-22 23:55 ` [PATCH bpf-next 1/2] bpf: Notify user if we ever hit a bpf_snprintf verifier bug Florent Revest
2021-04-22 23:55 ` [PATCH bpf-next 2/2] bpf: Remove unnecessary map checks for ARG_PTR_TO_CONST_STR Florent Revest
2021-04-23 17:01 ` [PATCH bpf-next 0/2] Simplify bpf_snprintf verifier code Alexei Starovoitov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.