From patchwork Wed Nov 29 00:36:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrii Nakryiko X-Patchwork-Id: 13471995 X-Patchwork-Delegate: bpf@iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=none Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F2E0B1998 for ; Tue, 28 Nov 2023 16:36:42 -0800 (PST) Received: from pps.filterd (m0109334.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3ASIXjju018659 for ; Tue, 28 Nov 2023 16:36:42 -0800 Received: from mail.thefacebook.com ([163.114.132.120]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 3unnkgj96a-20 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Tue, 28 Nov 2023 16:36:42 -0800 Received: from twshared4634.37.frc1.facebook.com (2620:10d:c085:208::11) by mail.thefacebook.com (2620:10d:c085:11d::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Tue, 28 Nov 2023 16:36:37 -0800 Received: by devbig019.vll3.facebook.com (Postfix, from userid 137359) id 964B63C47F961; Tue, 28 Nov 2023 16:36:36 -0800 (PST) From: Andrii Nakryiko To: , , , CC: , , Eduard Zingerman Subject: [PATCH v2 bpf-next 07/10] bpf: enforce precision of R0 on program/async callback return Date: Tue, 28 Nov 2023 16:36:17 -0800 Message-ID: <20231129003620.1049610-8-andrii@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231129003620.1049610-1-andrii@kernel.org> References: <20231129003620.1049610-1-andrii@kernel.org> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-FB-Internal: Safe X-Proofpoint-GUID: BnrMCUT1XqK5LdQEkLhWmDVk3qDCBnH7 X-Proofpoint-ORIG-GUID: BnrMCUT1XqK5LdQEkLhWmDVk3qDCBnH7 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.997,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-28_26,2023-11-27_01,2023-05-22_02 X-Patchwork-Delegate: bpf@iogearbox.net Given we enforce a valid range for program and async callback return value, we must mark R0 as precise to avoid incorrect state pruning. Acked-by: Eduard Zingerman Signed-off-by: Andrii Nakryiko --- kernel/bpf/verifier.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 576d4250ea59..484756c82baa 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -15138,6 +15138,10 @@ static int check_return_code(struct bpf_verifier_env *env, int regno, const char return -EINVAL; } + err = mark_chain_precision(env, regno); + if (err) + return err; + if (!retval_range_within(range, reg)) { verbose_invalid_scalar(env, reg, range, exit_ctx, reg_name); if (!is_subprog &&