From: Shung-Hsi Yu <shung-hsi.yu@suse.com>
To: netdev@vger.kernel.org, bpf@vger.kernel.org,
linux-kernel@vger.kernel.org
Cc: Shung-Hsi Yu <shung-hsi.yu@suse.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>
Subject: [PATCH bpf-next 2/4] bpf: verifier: explain opcode check in check_ld_imm()
Date: Fri, 20 May 2022 19:37:26 +0800 [thread overview]
Message-ID: <20220520113728.12708-3-shung-hsi.yu@suse.com> (raw)
In-Reply-To: <20220520113728.12708-1-shung-hsi.yu@suse.com>
The BPF_SIZE check in the beginning of check_ld_imm() actually guard
against program with JMP instructions that goes to the second
instruction of BPF_LD_IMM64, but may be easily dismissed as an simple
opcode check that's duplicating the effort of bpf_opcode_in_insntable().
Add comment to better reflect the importance of the check.
Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
---
kernel/bpf/verifier.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 79a2695ee2e2..133929751f80 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -9921,6 +9921,10 @@ static int check_ld_imm(struct bpf_verifier_env *env, struct bpf_insn *insn)
struct bpf_map *map;
int err;
+ /* checks that this is not the second part of BPF_LD_IMM64, which is
+ * skipped over during opcode check, but a JMP with invalid offset may
+ * cause check_ld_imm() to be called upon it.
+ */
if (BPF_SIZE(insn->code) != BPF_DW) {
verbose(env, "invalid BPF_LD_IMM insn\n");
return -EINVAL;
--
2.36.1
next prev parent reply other threads:[~2022-05-20 11:38 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-20 11:37 [PATCH bpf-next 0/4] bpf: verifier: remove redundant opcode checks Shung-Hsi Yu
2022-05-20 11:37 ` [PATCH bpf-next 1/4] bpf: verifier: update resolve_pseudo_ldimm64() comment Shung-Hsi Yu
2022-05-20 11:37 ` Shung-Hsi Yu [this message]
2022-05-20 23:50 ` [PATCH bpf-next 2/4] bpf: verifier: explain opcode check in check_ld_imm() Yonghong Song
2022-05-21 0:25 ` Yonghong Song
2022-05-24 7:10 ` Shung-Hsi Yu
2022-05-24 15:12 ` Alexei Starovoitov
2022-05-26 8:59 ` Shung-Hsi Yu
2022-05-20 11:37 ` [PATCH bpf-next 3/4] bpf: verifier: remove redundant opcode checks Shung-Hsi Yu
2022-05-20 22:46 ` Alexei Starovoitov
2022-05-20 11:37 ` [PATCH bpf-next 4/4] selftests/bpf: add reason of rejection in ld_imm64 Shung-Hsi Yu
2022-05-21 0:27 ` Yonghong Song
2022-05-24 4:49 ` Shung-Hsi Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220520113728.12708-3-shung-hsi.yu@suse.com \
--to=shung-hsi.yu@suse.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.