diff options
| author | Alexei Starovoitov <ast@kernel.org> | 2022-03-05 15:29:36 -0800 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2022-03-05 15:29:45 -0800 |
| commit | 401af75c4975759d45c3627a7588351b4ab3e2a8 (patch) | |
| tree | f0b594982bfae3c0e046bcca8e4a9313fc0d35dc /include | |
| parent | caec549534823d8d0fad43ab6753fd03ddb1c456 (diff) | |
| parent | 8218ccb5bd68976ed5d75028ef50c13a857eee25 (diff) | |
Merge branch 'Fixes for bad PTR_TO_BTF_ID offset'
Kumar Kartikeya Dwivedi says:
====================
This set fixes a bug related to bad var_off being permitted for kfunc call in
case of PTR_TO_BTF_ID, consolidates offset checks for all register types allowed
as helper or kfunc arguments into a common shared helper, and introduces a
couple of other checks to harden the kfunc release logic and prevent future
bugs. Some selftests are also included that fail in absence of these fixes,
serving as demonstration of the issues being fixed.
Changelog:
----------
v3 -> v4:
v3: https://lore.kernel.org/bpf/20220304000508.2904128-1-memxor@gmail.com
* Update commit message for __diag patch to say clang instead of LLVM (Nathan)
* Address nits for check_func_arg_reg_off (Martin)
* Add comment for fixed_off_ok case, remove is_kfunc check (Martin)
v2 -> v3:
v2: https://lore.kernel.org/bpf/20220303045029.2645297-1-memxor@gmail.com
* Add my SoB to __diag for clang patch (Nathan)
v1 -> v2:
v1: https://lore.kernel.org/bpf/20220301065745.1634848-1-memxor@gmail.com
* Put reg->off check for release kfunc inside check_func_arg_reg_off,
make the check a bit more readable
* Squash verifier selftests errstr update into patch 3 for bisect (Alexei)
* Include fix from Nathan for clang warning about missing prototypes
* Add unified __diag_ingore_all that works for both GCC/LLVM (Alexei)
Older discussion:
Link: https://lore.kernel.org/bpf/20220219113744.1852259-1-memxor@gmail.com
Kumar Kartikeya Dwivedi (7):
bpf: Add check_func_arg_reg_off function
bpf: Fix PTR_TO_BTF_ID var_off check
bpf: Disallow negative offset in check_ptr_off_reg
bpf: Harden register offset checks for release helpers and kfuncs
compiler_types.h: Add unified __diag_ignore_all for GCC/LLVM
bpf: Replace __diag_ignore with unified __diag_ignore_all
selftests/bpf: Add tests for kfunc register offset checks
====================
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/bpf_verifier.h | 4 | ||||
| -rw-r--r-- | include/linux/compiler-clang.h | 25 | ||||
| -rw-r--r-- | include/linux/compiler-gcc.h | 3 | ||||
| -rw-r--r-- | include/linux/compiler_types.h | 4 |
4 files changed, 36 insertions, 0 deletions
diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index 7a7be8c057f2..c1fc4af47f69 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -521,6 +521,10 @@ bpf_prog_offload_remove_insns(struct bpf_verifier_env *env, u32 off, u32 cnt); int check_ptr_off_reg(struct bpf_verifier_env *env, const struct bpf_reg_state *reg, int regno); +int check_func_arg_reg_off(struct bpf_verifier_env *env, + const struct bpf_reg_state *reg, int regno, + enum bpf_arg_type arg_type, + bool is_release_func); int check_kfunc_mem_size_reg(struct bpf_verifier_env *env, struct bpf_reg_state *reg, u32 regno); int check_mem_reg(struct bpf_verifier_env *env, struct bpf_reg_state *reg, diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index 3c4de9b6c6e3..babb1347148c 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -68,3 +68,28 @@ #define __nocfi __attribute__((__no_sanitize__("cfi"))) #define __cficanonical __attribute__((__cfi_canonical_jump_table__)) + +/* + * Turn individual warnings and errors on and off locally, depending + * on version. + */ +#define __diag_clang(version, severity, s) \ + __diag_clang_ ## version(__diag_clang_ ## severity s) + +/* Severity used in pragma directives */ +#define __diag_clang_ignore ignored +#define __diag_clang_warn warning +#define __diag_clang_error error + +#define __diag_str1(s) #s +#define __diag_str(s) __diag_str1(s) +#define __diag(s) _Pragma(__diag_str(clang diagnostic s)) + +#if CONFIG_CLANG_VERSION >= 110000 +#define __diag_clang_11(s) __diag(s) +#else +#define __diag_clang_11(s) +#endif + +#define __diag_ignore_all(option, comment) \ + __diag_clang(11, ignore, option) diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index ccbbd31b3aae..d364c98a4a80 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -151,6 +151,9 @@ #define __diag_GCC_8(s) #endif +#define __diag_ignore_all(option, comment) \ + __diag_GCC(8, ignore, option) + /* * Prior to 9.1, -Wno-alloc-size-larger-than (and therefore the "alloc_size" * attribute) do not work, and must be disabled. diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 3f31ff400432..8e5d2f50f951 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -371,4 +371,8 @@ struct ftrace_likely_data { #define __diag_error(compiler, version, option, comment) \ __diag_ ## compiler(version, error, option) +#ifndef __diag_ignore_all +#define __diag_ignore_all(option, comment) +#endif + #endif /* __LINUX_COMPILER_TYPES_H */ |