From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Daniel Borkmann <daniel@iogearbox.net>,
Piotr Krysiuk <piotras@gmail.com>,
Alexei Starovoitov <ast@kernel.org>
Subject: [PATCH 5.10 1/9] bpf: Wrap aux data inside bpf_sanitize_info container
Date: Thu, 27 May 2021 17:12:53 +0200 [thread overview]
Message-ID: <20210527151139.292532346@linuxfoundation.org> (raw)
In-Reply-To: <20210527151139.242182390@linuxfoundation.org>
From: Daniel Borkmann <daniel@iogearbox.net>
commit 3d0220f6861d713213b015b582e9f21e5b28d2e0 upstream.
Add a container structure struct bpf_sanitize_info which holds
the current aux info, and update call-sites to sanitize_ptr_alu()
to pass it in. This is needed for passing in additional state
later on.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Piotr Krysiuk <piotras@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/verifier.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -5743,15 +5743,19 @@ static bool sanitize_needed(u8 opcode)
return opcode == BPF_ADD || opcode == BPF_SUB;
}
+struct bpf_sanitize_info {
+ struct bpf_insn_aux_data aux;
+};
+
static int sanitize_ptr_alu(struct bpf_verifier_env *env,
struct bpf_insn *insn,
const struct bpf_reg_state *ptr_reg,
const struct bpf_reg_state *off_reg,
struct bpf_reg_state *dst_reg,
- struct bpf_insn_aux_data *tmp_aux,
+ struct bpf_sanitize_info *info,
const bool commit_window)
{
- struct bpf_insn_aux_data *aux = commit_window ? cur_aux(env) : tmp_aux;
+ struct bpf_insn_aux_data *aux = commit_window ? cur_aux(env) : &info->aux;
struct bpf_verifier_state *vstate = env->cur_state;
bool off_is_imm = tnum_is_const(off_reg->var_off);
bool off_is_neg = off_reg->smin_value < 0;
@@ -5780,8 +5784,8 @@ static int sanitize_ptr_alu(struct bpf_v
/* In commit phase we narrow the masking window based on
* the observed pointer move after the simulated operation.
*/
- alu_state = tmp_aux->alu_state;
- alu_limit = abs(tmp_aux->alu_limit - alu_limit);
+ alu_state = info->aux.alu_state;
+ alu_limit = abs(info->aux.alu_limit - alu_limit);
} else {
alu_state = off_is_neg ? BPF_ALU_NEG_VALUE : 0;
alu_state |= off_is_imm ? BPF_ALU_IMMEDIATE : 0;
@@ -5942,7 +5946,7 @@ static int adjust_ptr_min_max_vals(struc
smin_ptr = ptr_reg->smin_value, smax_ptr = ptr_reg->smax_value;
u64 umin_val = off_reg->umin_value, umax_val = off_reg->umax_value,
umin_ptr = ptr_reg->umin_value, umax_ptr = ptr_reg->umax_value;
- struct bpf_insn_aux_data tmp_aux = {};
+ struct bpf_sanitize_info info = {};
u8 opcode = BPF_OP(insn->code);
u32 dst = insn->dst_reg;
int ret;
@@ -6011,7 +6015,7 @@ static int adjust_ptr_min_max_vals(struc
if (sanitize_needed(opcode)) {
ret = sanitize_ptr_alu(env, insn, ptr_reg, off_reg, dst_reg,
- &tmp_aux, false);
+ &info, false);
if (ret < 0)
return sanitize_err(env, insn, ret, off_reg, dst_reg);
}
@@ -6152,7 +6156,7 @@ static int adjust_ptr_min_max_vals(struc
return -EACCES;
if (sanitize_needed(opcode)) {
ret = sanitize_ptr_alu(env, insn, dst_reg, off_reg, dst_reg,
- &tmp_aux, true);
+ &info, true);
if (ret < 0)
return sanitize_err(env, insn, ret, off_reg, dst_reg);
}
next prev parent reply other threads:[~2021-05-27 15:13 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-27 15:12 [PATCH 5.10 0/9] 5.10.41-rc1 review Greg Kroah-Hartman
2021-05-27 15:12 ` Greg Kroah-Hartman [this message]
2021-05-27 15:12 ` [PATCH 5.10 2/9] bpf: Fix mask direction swap upon off reg sign change Greg Kroah-Hartman
2021-05-27 15:12 ` [PATCH 5.10 3/9] bpf: No need to simulate speculative domain for immediates Greg Kroah-Hartman
2021-05-27 15:12 ` [PATCH 5.10 4/9] context_tracking: Move guest exit context tracking to separate helpers Greg Kroah-Hartman
2021-05-27 15:12 ` [PATCH 5.10 5/9] context_tracking: Move guest exit vtime accounting " Greg Kroah-Hartman
2021-05-27 15:12 ` [PATCH 5.10 6/9] KVM: x86: Defer vtime accounting til after IRQ handling Greg Kroah-Hartman
2021-05-27 15:12 ` [PATCH 5.10 7/9] perf unwind: Fix separate debug info files when using elfutils libdws unwinder Greg Kroah-Hartman
2021-05-27 15:13 ` [PATCH 5.10 8/9] perf unwind: Set userdata for all __report_module() paths Greg Kroah-Hartman
2021-05-27 15:13 ` [PATCH 5.10 9/9] NFC: nci: fix memory leak in nci_allocate_device Greg Kroah-Hartman
2021-05-27 19:03 ` [PATCH 5.10 0/9] 5.10.41-rc1 review Jon Hunter
2021-05-27 19:57 ` Fox Chen
2021-05-27 20:34 ` Pavel Machek
2021-05-28 0:01 ` Shuah Khan
2021-05-28 3:08 ` Florian Fainelli
2021-05-28 6:00 ` Guenter Roeck
2021-05-28 6:22 ` Naresh Kamboju
2021-05-28 16:51 ` Sudip Mukherjee
2021-05-29 0:42 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210527151139.292532346@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=linux-kernel@vger.kernel.org \
--cc=piotras@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.