mbox series

[bpf,0/2] bpf: Fix out-of-bound issue when jit-ing bpf_pseudo_func

Message ID 20211106014007.650366-1-kafai@fb.com (mailing list archive)
Headers show
Series bpf: Fix out-of-bound issue when jit-ing bpf_pseudo_func | expand

Message

Martin KaFai Lau Nov. 6, 2021, 1:40 a.m. UTC 
This set fixes an out-of-bound access issue when jit-ing the
bpf_pseudo_func insn (i.e. ld_imm64 with src_reg == BPF_PSEUDO_FUNC)

Martin KaFai Lau (2):
  bpf: Stop caching subprog index in the bpf_pseudo_func insn
  bpf: selftest: Trigger a DCE on the whole subprog

 include/linux/bpf.h                           |  6 +++
 kernel/bpf/core.c                             |  7 ++++
 kernel/bpf/verifier.c                         | 37 +++++++------------
 .../bpf/progs/for_each_array_map_elem.c       | 12 ++++++
 4 files changed, 39 insertions(+), 23 deletions(-)

Comments

Alexei Starovoitov Nov. 6, 2021, 8:25 p.m. UTC | #1 
On Fri, Nov 5, 2021 at 6:40 PM Martin KaFai Lau <kafai@fb.com> wrote:
>
> This set fixes an out-of-bound access issue when jit-ing the
> bpf_pseudo_func insn (i.e. ld_imm64 with src_reg == BPF_PSEUDO_FUNC)
>
> Martin KaFai Lau (2):
>   bpf: Stop caching subprog index in the bpf_pseudo_func insn
>   bpf: selftest: Trigger a DCE on the whole subprog
>
>  include/linux/bpf.h                           |  6 +++
>  kernel/bpf/core.c                             |  7 ++++
>  kernel/bpf/verifier.c                         | 37 +++++++------------
>  .../bpf/progs/for_each_array_map_elem.c       | 12 ++++++
>  4 files changed, 39 insertions(+), 23 deletions(-)

Thanks!
Applied to bpf tree with
Reported-by: Yonatan Komornik <yoniko@gmail.com>