AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-03-08 02:44:51 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
77a5352ba9
linux_dsm_epyc7002/kernel/bpf
History
Paul Chaignon c6a9efa1d8 bpf: mark registers in all frames after pkt/null checks 
In case of a null check on a pointer inside a subprog, we should mark all
registers with this pointer as either safe or unknown, in both the current
and previous frames.  Currently, only spilled registers and registers in
the current frame are marked.  Packet bound checks in subprogs have the
same issue.  This patch fixes it to mark registers in previous frames as
well.

A good reproducer for null checks looks as follow:

1: ptr = bpf_map_lookup_elem(map, &key);
2: ret = subprog(ptr) {
3:   return ptr != NULL;
4: }
5: if (ret)
6:   value = *ptr;

With the above, the verifier will complain on line 6 because it sees ptr
as map_value_or_null despite the null check in subprog 1.

Note that this patch fixes another resulting bug when using
bpf_sk_release():

1: sk = bpf_sk_lookup_tcp(...);
2: subprog(sk) {
3:   if (sk)
4:     bpf_sk_release(sk);
5: }
6: if (!sk)
7:   return 0;
8: return 1;

In the above, mark_ptr_or_null_regs will warn on line 6 because it will
try to free the reference state, even though it was already freed on
line 3.

Fixes: f4d7e40a5b ("bpf: introduce function calls (verification)")
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2019-04-25 17:20:06 -07:00
..
arraymap.c bpf: introduce BPF_F_LOCK flag 2019-02-01 20:55:39 +01:00
bpf_lru_list.c
bpf_lru_list.h
btf.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-02-08 15:00:17 -08:00
cgroup.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-02-08 15:00:17 -08:00
core.c Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-06 07:59:36 -08:00
cpumap.c xdp: fix cpumap redirect SKB creation bug 2019-03-29 12:15:02 -07:00
devmap.c
disasm.c bpf: disassembler support JMP32 2019-01-26 13:33:01 -08:00
disasm.h
hashtab.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-02-08 15:00:17 -08:00
helpers.c bpf: introduce BPF_F_LOCK flag 2019-02-01 20:55:39 +01:00
inode.c bpf: fix use after free in bpf_evict_inode 2019-03-26 01:38:49 +01:00
local_storage.c bpf: introduce BPF_F_LOCK flag 2019-02-01 20:55:39 +01:00
lpm_trie.c bpf, lpm: fix lookup bug in map_delete_elem 2019-02-22 16:17:53 +01:00
Makefile
map_in_map.c bpf: set inner_map_meta->spin_lock_off correctly 2019-02-27 17:03:13 -08:00
map_in_map.h
offload.c bpf: offload: add priv field for drivers 2019-02-12 17:07:09 +01:00
percpu_freelist.c bpf: fix lockdep false positive in percpu_freelist 2019-01-31 23:18:21 +01:00
percpu_freelist.h bpf: fix lockdep false positive in percpu_freelist 2019-01-31 23:18:21 +01:00
queue_stack_maps.c
reuseport_array.c
stackmap.c bpf: fix lockdep false positive in stackmap 2019-02-11 16:36:24 +01:00
syscall.c bpf: Try harder when allocating memory for large maps 2019-03-18 16:48:25 +01:00
tnum.c
verifier.c bpf: mark registers in all frames after pkt/null checks 2019-04-25 17:20:06 -07:00
xskmap.c