| Message ID | 20231129003620.1049610-1-andrii@kernel.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | BPF verifier retval logic fixes | expand |
On Tue, Nov 28, 2023 at 04:36:10PM -0800, Andrii Nakryiko wrote: > This patch set fixes BPF verifier logic around validating and enforcing return > values for BPF programs that have specific range of expected return values. > Both sync and async callbacks have similar logic and are fixes as well. > A few tests are added that would fail without the fixes in this patch set. > > Also, while at it, we update retval checking logic to use umin/umax range Looks like this should be change to smin/smax as well > instead of tnum, avoiding future potential issues if expected range cannot be > represented precisely by tnum (e.g., [0, 2] is not representable by tnum and > is treated as [0, 3]). > > There is a little bit of refactoring to unify async callback and program exit > logic to avoid duplication of checks as much as possible. > > v1->v2: > - drop tnum from retval checks (Eduard); > - use smin/smax instead of umin/umax (Alexei). ...
On Wed, Nov 29, 2023 at 3:28 AM Shung-Hsi Yu <shung-hsi.yu@suse.com> wrote: > > On Tue, Nov 28, 2023 at 04:36:10PM -0800, Andrii Nakryiko wrote: > > This patch set fixes BPF verifier logic around validating and enforcing return > > values for BPF programs that have specific range of expected return values. > > Both sync and async callbacks have similar logic and are fixes as well. > > A few tests are added that would fail without the fixes in this patch set. > > > > Also, while at it, we update retval checking logic to use umin/umax range > > Looks like this should be change to smin/smax as well > yep, thanks, I fixed up few more places where I missed umin/umax -> smin/smax updates > > instead of tnum, avoiding future potential issues if expected range cannot be > > represented precisely by tnum (e.g., [0, 2] is not representable by tnum and > > is treated as [0, 3]). > > > > There is a little bit of refactoring to unify async callback and program exit > > logic to avoid duplication of checks as much as possible. > > > > v1->v2: > > - drop tnum from retval checks (Eduard); > > - use smin/smax instead of umin/umax (Alexei). > > ...
This patch set fixes BPF verifier logic around validating and enforcing return values for BPF programs that have specific range of expected return values. Both sync and async callbacks have similar logic and are fixes as well. A few tests are added that would fail without the fixes in this patch set. Also, while at it, we update retval checking logic to use umin/umax range instead of tnum, avoiding future potential issues if expected range cannot be represented precisely by tnum (e.g., [0, 2] is not representable by tnum and is treated as [0, 3]). There is a little bit of refactoring to unify async callback and program exit logic to avoid duplication of checks as much as possible. v1->v2: - drop tnum from retval checks (Eduard); - use smin/smax instead of umin/umax (Alexei). Andrii Nakryiko (10): bpf: provide correct register name for exception callback retval check bpf: enforce precision of R0 on callback return bpf: enforce exact retval range on subprog/callback exit selftests/bpf: add selftest validating callback result is enforced bpf: enforce precise retval range on program exit bpf: unify async callback and program retval checks bpf: enforce precision of R0 on program/async callback return selftests/bpf: validate async callback return value check correctness selftests/bpf: adjust global_func15 test to validate prog exit precision bpf: simplify tnum output if a fully known constant include/linux/bpf_verifier.h | 7 +- kernel/bpf/log.c | 13 ++ kernel/bpf/tnum.c | 6 - kernel/bpf/verifier.c | 120 ++++++++++-------- .../selftests/bpf/progs/exceptions_assert.c | 2 +- .../selftests/bpf/progs/exceptions_fail.c | 2 +- .../selftests/bpf/progs/test_global_func15.c | 34 ++++- .../selftests/bpf/progs/timer_failure.c | 36 ++++-- .../selftests/bpf/progs/user_ringbuf_fail.c | 2 +- .../bpf/progs/verifier_cgroup_inv_retcode.c | 8 +- .../bpf/progs/verifier_direct_packet_access.c | 2 +- .../selftests/bpf/progs/verifier_int_ptr.c | 2 +- .../bpf/progs/verifier_netfilter_retcode.c | 2 +- .../selftests/bpf/progs/verifier_stack_ptr.c | 4 +- .../bpf/progs/verifier_subprog_precision.c | 50 ++++++++ 15 files changed, 211 insertions(+), 79 deletions(-)