From patchwork Mon Dec 2 08:38:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13890115 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4544F1F943F for ; Mon, 2 Dec 2024 08:38:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.65 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128701; cv=none; b=XoKZ+rj1KTNi+JrJ03Heq68TEbAiCdke8PDgpUnPX4CAPG3twKfc9Tp5y/4HKHf+6pylzKWrS6u7XSlAX7tWZ4UokImx2oknZlb0OZ/Vx2cIO9bpJ1P3UFy2K4P2LHT7McF5OlIzTkcxEJ/X2+9JaXGmHXKc5RvSIW+U7diYo/k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128701; c=relaxed/simple; bh=8QKwIiBntZD2MzUZUX1nWX5FpBk+OIRS/kwzNTQf9wE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=aaqnyukK4luOvDsewK95/HrGD7yEHLpICYaZZnPbNi7oMcJEYi1tDvYTqw3OqGUhSU9syOvKhdGhumt87nIJl44HSA2IANTMrrIblCfHaarD/8HrG8EFc46QDiqgGSWoUebxreEwGHN0cGrGzxx6eN5+3Y2xn+wVtfX5VmRdjko= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=UvfrJDsY; arc=none smtp.client-ip=209.85.221.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="UvfrJDsY" Received: by mail-wr1-f65.google.com with SMTP id ffacd0b85a97d-385dbf79881so1680738f8f.1 for ; Mon, 02 Dec 2024 00:38:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733128697; x=1733733497; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eTJj6emno+kv5jH3LmKF38jEkbL2R9ATn6RutiqDWEA=; b=UvfrJDsYQdkJATaMTM83N+bG/KA9teQoo9EIT50o0iLB/ComGxQ6X4lT2lLEw/P1fc kjXNZIJTLOtjPqnsKf3lpDbq8DQ/fp3AaI5oozeJsK+lV/xpFhlPUDq6YahyqZb9fg43 +emTUoOxAw/hnlBvmGtVT0xVx74QQIPsfhLwMT1+LP3P7kAuxZy/NFh1JYGNqjx0QHcP DMt0OD6Uu5zd6/Yb+aiM6Hgn2KrzJ3LmZQtsa3amsNdNs9iHxhupQeo8jNiA6OHNX7zT OiN6fFGutw38uxnGAnGXIggWr5CTNVrWFDxgxYi0fjRSyqp8vy77Dx2xxc6S9nMZwSIB Ixvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733128697; x=1733733497; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eTJj6emno+kv5jH3LmKF38jEkbL2R9ATn6RutiqDWEA=; b=Vmxv6QdF3q0i6kdNtHIvlhMUaWO6mYIJ8w45+HGLBA7OP1fY16GOifilvD/FofGw6y lIWwa+XW1k8/NRdelguNog/EOvPyPHFbCBMFKx237/54zMpsLOiAAxgNSYPUsDLlS3PE U8woXiuW2xKGAepKX9EMAWrn5KrVndAEiPq7+fAxJAKPhkX8esln44JibdtaUD7LKlWJ iiDPcpqnjv7+BpBwZHBaqAJK7MrVNscOozjjov7dIqXOXNQCl8VS/UV/Maa81dTcDwQF qyC3OYFTpwgPFhuRV5P9aOFBX4JEQhmYBlcVDLml1XTm9yvmsCyfZNfb4iOWW4aahhWl EKfA== X-Gm-Message-State: AOJu0YyhYWoI1jLn8pF1RHuM50wrNu/SFPuynL7RuWMjZygA5T1VPYsh tbGO8RityNRv55ViZY2FASPZh0Ptwdoq+4/9YfihMj5qfO9uAe/bnLbIA1Ozrfc= X-Gm-Gg: ASbGnctEwV7UZ47crZCt1Cbv3VlKOGupRcFtgccAiAQZcI5fhVqQmX7EdPsWvvYFKke Lq+yV6eP9uoBCZ0fMq6YmjVpN6+fuvvIoqIvzNgjhTK2ejEotWlK+bV0fMiBEVQs1m93SBbQYot 491qHZS7mvietW5xKewTgCX/H5qsiQqxIOHQm2L+lOdqa5HPDGOIz84QT3hrUi4IVQgt2VQfQbb iF0C6vpUoVUgrAgdgpXg14HcbF+/PNQWSKpSo3hy8G053WiharPtzeCXTKoSE5ShHTxU+RVj9EI hA== X-Google-Smtp-Source: AGHT+IEEiSoyOxP2/lryT3g+9bffFA+uO6NkJLTnH8S1XHRmNnoCeWLxU/YsP+gFxtlN4ZPsvHAsMw== X-Received: by 2002:a5d:47a8:0:b0:385:e9c0:85d9 with SMTP id ffacd0b85a97d-385e9c0880cmr5107439f8f.16.1733128697150; Mon, 02 Dec 2024 00:38:17 -0800 (PST) Received: from localhost (fwdproxy-cln-028.fbsv.net. [2a03:2880:31ff:1c::face:b00c]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-385f8448d32sm371743f8f.96.2024.12.02.00.38.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Dec 2024 00:38:16 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Tao Lyu , Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Eduard Zingerman , Mathias Payer , Meng Xu , Sanidhya Kashyap Subject: [PATCH bpf-next v3 1/5] bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc Date: Mon, 2 Dec 2024 00:38:10 -0800 Message-ID: <20241202083814.1888784-2-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241202083814.1888784-1-memxor@gmail.com> References: <20241202083814.1888784-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2009; h=from:subject; bh=8QKwIiBntZD2MzUZUX1nWX5FpBk+OIRS/kwzNTQf9wE=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnTXG0rd01yTqMYIa9RVy7O4XJknp/0sE3CZO69g3J Eo2oQguJAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ01xtAAKCRBM4MiGSL8RykyuD/ 4w67fkFqlM7TioC/+AVwJmrTGJaihO4CAzJIYZsPdI2s2vGKfunN3Xhcbx05BP1rfpY88zf4B0YxkE EiJWs3v/ohE3h/53hmAAaprRdRocFWNu/HX2UhuHxh5z6JoX5KW+OKbgRKU/OymEPi/xgfhmpXkUAy f4q5qI5//wZJedPNQPVHTbHo94zMwEPY+1I6xlu1/BZ0y9PwFivPHKbnurPtYK40K1lZFoaB5K0+At mog1nwVzRmUOE7YNH9oxmIZQJPmylqvekgVMzcqW7IHzlDQrpJgI8hTMY6a7JoBXi4Wq73t5nKyZog u3vQzSYuuyK2lvgL1QGkN0158Ioi8eO/KDNxG56Tu03LILHvdTJvR+JX+P+Fv3LPdMkMsaLedB17dz tbMazIAmY5qPTdGobRV+uIcYjERAsLN2HljrUoQuiUEt89xbujGIUbitz+nkYLkvP6EyzcaJ7g6Ji2 G0pq2zratlVaeqsDJr4Zy1oor4ePDCO1wijRpEerbHFMLD9K8RxpQKEFw46ORSwcNDjeAyTcDuSS10 EO7s4N3HYi5BD/ecJUwweBPfRyI5GdCNsTi0lvGcOoqlH30SV+e5f6/dMVNQwffVTd8Ffds7QBT1wq Ig4vIyiBgUAp8PUhW+gojZ1G4cQjaE8aqi+ilG9lBlt3KS4w/ctaZitgFcLg== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net Inside mark_stack_slot_misc, we should not upgrade STACK_INVALID to STACK_MISC when allow_ptr_leaks is false, since invalid contents shouldn't be read unless the program has the relevant capabilities. The relaxation only makes sense when env->allow_ptr_leaks is true. However, such conversion in privileged mode becomes unnecessary, as invalid slots can be read without being upgraded to STACK_MISC. Currently, the condition is inverted (i.e. checking for true instead of false), simply remove it to restore correct behavior. Fixes: eaf18febd6eb ("bpf: preserve STACK_ZERO slots on partial reg spills") Reported-by: Tao Lyu Signed-off-by: Kumar Kartikeya Dwivedi Acked-by: Eduard Zingerman Acked-by: Andrii Nakryiko --- kernel/bpf/verifier.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 1c4ebb326785..c6a5c431495c 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -1202,14 +1202,17 @@ static bool is_spilled_scalar_reg64(const struct bpf_stack_state *stack) /* Mark stack slot as STACK_MISC, unless it is already STACK_INVALID, in which * case they are equivalent, or it's STACK_ZERO, in which case we preserve * more precise STACK_ZERO. - * Note, in uprivileged mode leaving STACK_INVALID is wrong, so we take - * env->allow_ptr_leaks into account and force STACK_MISC, if necessary. + * Regardless of allow_ptr_leaks setting (i.e., privileged or unprivileged + * mode), we won't promote STACK_INVALID to STACK_MISC. In privileged case it is + * unnecessary as both are considered equivalent when loading data and pruning, + * in case of unprivileged mode it will be incorrect to allow reads of invalid + * slots. */ static void mark_stack_slot_misc(struct bpf_verifier_env *env, u8 *stype) { if (*stype == STACK_ZERO) return; - if (env->allow_ptr_leaks && *stype == STACK_INVALID) + if (*stype == STACK_INVALID) return; *stype = STACK_MISC; } From patchwork Mon Dec 2 08:38:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13890117 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-lf1-f65.google.com (mail-lf1-f65.google.com [209.85.167.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D48B81F9EB0 for ; Mon, 2 Dec 2024 08:38:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.65 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128702; cv=none; b=gm4yycDx9cwhrnMxMpRUhp2eiSvBxLwxbd6ZOYjSaflA0Xo2tUM1j5B40B4kWW9/gpj3d4q6O9Sm/SnkybuCs4PaYcNcoQfRizZDZ3ohNdmXoO0XEMwdDSr/qzYTvAxX8ggmTIFySKUDIeixp3nTEVXrikP4cUrHATRJh9AH+k0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128702; c=relaxed/simple; bh=6hBaUCoLMQRT9OMYIV/E4fQ+WFggaHezKACaBhUmbxY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OAufY5w1ad3uo6lUjiZ6wpeIbHTU0xsaU9fMwtLZOPQK1MN783U02XApiGR/vjl/STMIGcdVmDpxhDxc1g6lLbU8k3t3f9sFmHugVfyxVH9cXoNH3vY4E+aAOOF/dibiFpAvnHtaFi2NYILKvyPCCzaGqy9ucjC+vsAxUtt0pC4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MkELEJw+; arc=none smtp.client-ip=209.85.167.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MkELEJw+" Received: by mail-lf1-f65.google.com with SMTP id 2adb3069b0e04-53de8ecafeeso4159708e87.1 for ; Mon, 02 Dec 2024 00:38:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733128699; x=1733733499; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TBuWEvdApgxP5Q2IqHCQIxx5djraKO4paNwwTeZrtNI=; b=MkELEJw+PkEarNGnnhUOW4fZkj7+GcRq9h8DE+YVDLZA3Pcvb/GDLBnxXVPN4b8cCB q85AyK3gVx0uo9YZXNJngxjvxvJCX0uTEwZVwcwH9LoMNLZI5tklpbzeiNieclkwphWG Vqnv1uuSyFQVhvrapDFtRKWmrfZWMZNe3Zkx4FcJBXs2pN+dA4mn0h9fiC7Lkt7KG+Ve 6NXbo/iHKvA0N/zcKJRtVZSUFBF7sXDjLKQDvKoMt/SNw7yX0n44s6iz671QW+c1joQD 9TAoUelJh20oflB9mLaVDg2YQwLDV+qQFf9wQhMc3QZ7s9o6Xs55pusBhTT5Lx0vHDQP Qb/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733128699; x=1733733499; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TBuWEvdApgxP5Q2IqHCQIxx5djraKO4paNwwTeZrtNI=; b=ie4GS65fnw8JaQAsOpJ9FRnnHyYaWqNQxcLMydPibUVRLsqTRYoXW6sFs5tnUkv5vg l+tDVD6QUJYDeFaqcHQQTvKLxsBVOaTTSrnNNmhdXOTbDmvfpbyFLn2lPVrv90UKfITl Nxx7YnaQTcmdpnyKi1Mdzz0hUV24Y9LYgf2jJT3j2XNKZzIXf7dv87vvh0BfFX+nSGAM fA5Y/xLZvrJpQjwzOWLjgumxGmSfIEWc8xJSvfwdTj4+62GijfYiR61hSxlA4br0mXKY S4jE9rao75JeSMpuZT9U8aUMEeiZEXTfzikvaKBlQ6VvPYmMRY9tRYXrHp4liDVb8pC4 ZE6Q== X-Gm-Message-State: AOJu0YyAngdO336Mrve4vUvbaUzhf1LyrzkTazuT83evmKBczwhfak85 sJz0eEQhDyA4D9r/bclnZzGY19jxp6PmOLbcnbWFo5uj8P6uIrlvGqUQI7IXv4w= X-Gm-Gg: ASbGnctmMJ6aTU3BS3/L9T/0E87byTwoGDsWXcrRtLw3BgJcpCFnqUet1wDQzINV5sW zSlGjEQdi9XAOX0IOg9J3X799GI8H/HG/A08GESKsVRukKibi6CqXEMOpVJJrFeihPOS/y+Z1Eq v12zDtVt8yVUMNTdiw0XT1KwxpGw9oq/yqOSQvjpYack6imime1s194jc9uLGphoKt83lSFcS4a uHgrHxlH9w94W7B6XH24XiqjI1G90kN2WCzPT5fBOBQusqczBa8ICSX37amVsOlJ0gaUxEYT9WH Kg== X-Google-Smtp-Source: AGHT+IEEuGZhXzKxq+rPHMMAcYPFXjoBAj0XJjezKLHltLgs7NjLMR2HK9kOo+jm+7qOqPhnCkRXFQ== X-Received: by 2002:a05:6512:224f:b0:53d:d3f1:13aa with SMTP id 2adb3069b0e04-53df00d1177mr11328366e87.20.1733128698479; Mon, 02 Dec 2024 00:38:18 -0800 (PST) Received: from localhost (fwdproxy-cln-030.fbsv.net. [2a03:2880:31ff:1e::face:b00c]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-434b0d9bee2sm145354065e9.1.2024.12.02.00.38.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Dec 2024 00:38:17 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Eduard Zingerman , Tao Lyu , Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Mathias Payer , Meng Xu , Sanidhya Kashyap Subject: [PATCH bpf-next v3 2/5] bpf: Fix narrow scalar spill onto 64-bit spilled scalar slots Date: Mon, 2 Dec 2024 00:38:11 -0800 Message-ID: <20241202083814.1888784-3-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241202083814.1888784-1-memxor@gmail.com> References: <20241202083814.1888784-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1871; i=memxor@gmail.com; h=from:subject; bh=zMweRPTEA82WhEH1Z7QTD3IVzZuxXUvMdTmeHQkETiw=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnTXG0UdAHJwvnhgJJEdo0njXcQv4Aa9507/CwHytU UrfOov2JAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ01xtAAKCRBM4MiGSL8RytIID/ 0dbSx3x+Ask/7LXskTQQHKfyjKuKc2UUvfXbrRKR3cSfTcEhav2EL6pzwnB3sFVgYqWcS7s0MSHMQc PjglpqzLswHWBbFjrVl3RF922lcZEq5/y/LB9D7h+gRCwbqnqexDpTSnBYnfBsMAPqNxYxsZo6jtXM 22oJLMYLS2e6aUK3oHcAT4m5kEKODFxo7/zWsybmRmTzWpNucARmTA2tlcDOA8UM6JYHtTLbfKNlwi uZFNDOdaWznZ8Yyb2osIzcfI+9hfqwIq+zLeOxMfNzh7jnTGonAbSalETkRp5cZ/g9aGGvuomgvyeq Byvf/H83pGPGsgJ6hl/shY1q2lqWz2YNoBM6OYNhybrVUCENqUnnl060jk72+4zR5js8PI/z7AJnmh HHrlaG+Pl1pM8OrhI+GzksqnkAQliusUjfx6JRoXD+Z4LOP+ouNQ1E4HbT2uh9IODFdij1UBbtrocl qC1xNtU2fZcuw06ZnMDXVjEznf30RXgIk0y8qiwMQHC54LXQRenB/T0W0V0nGUUM/InRXco2/qW00M KMMJgLRJm4NfXKDgY8iy19OYKm1JBqJ2Qp0EtS33TOAvldIHTAFQqI8EW9c3MPRazmr0sszdQzXbX0 Rk88Ult4pC4hwfL+R0hfXk3lkRgWRTyyBqsxsij7GdvODWYWpgPZphgkTrHA== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net From: Tao Lyu When CAP_PERFMON and CAP_SYS_ADMIN (allow_ptr_leaks) are disabled, the verifier aims to reject partial overwrite on an 8-byte stack slot that contains a spilled pointer. However, in such a scenario, it rejects all partial stack overwrites as long as the targeted stack slot is a spilled register, because it does not check if the stack slot is a spilled pointer. Incomplete checks will result in the rejection of valid programs, which spill narrower scalar values onto scalar slots, as shown below. 0: R1=ctx() R10=fp0 ; asm volatile ( @ repro.bpf.c:679 0: (7a) *(u64 *)(r10 -8) = 1 ; R10=fp0 fp-8_w=1 1: (62) *(u32 *)(r10 -8) = 1 attempt to corrupt spilled pointer on stack processed 2 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0. Fix this by expanding the check to not consider spilled scalar registers when rejecting the write into the stack. Previous discussion on this patch is at link [0]. [0]: https://lore.kernel.org/bpf/20240403202409.2615469-1-tao.lyu@epfl.ch Fixes: ab125ed3ec1c ("bpf: fix check for attempt to corrupt spilled pointer") Acked-by: Eduard Zingerman Signed-off-by: Tao Lyu Signed-off-by: Kumar Kartikeya Dwivedi Acked-by: Andrii Nakryiko --- kernel/bpf/verifier.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index c6a5c431495c..51f7a846d719 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -4703,6 +4703,7 @@ static int check_stack_write_fixed_off(struct bpf_verifier_env *env, */ if (!env->allow_ptr_leaks && is_spilled_reg(&state->stack[spi]) && + !is_spilled_scalar_reg(&state->stack[spi]) && size != BPF_REG_SIZE) { verbose(env, "attempt to corrupt spilled pointer on stack\n"); return -EACCES; From patchwork Mon Dec 2 08:38:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13890118 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C3F711F9F47 for ; Mon, 2 Dec 2024 08:38:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.68 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128703; cv=none; b=sljon4I1JLxp2y/bi+45ZyLX35NXJjFS39pFkSqzR4G+vEBmrbfa5MSIFaQqNjW6frwWtzBZ++COXTWwOs6CFmUKJg04FS4tdS4SA3TrWojUuK4Nt+045cY7LS5NcXPO/8NHEWvDBJqarFKwfD2Waa24LLecHei9RGeXBOtvaa0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128703; c=relaxed/simple; bh=rOJw+8D1KBgKbyd/PvbKSgkm0K4bIXQsue4PbVNzj80=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bZuHsADVUxilbPjaLJtzPGGJduDSqatnu34am498wNtegOlp0WWZO0zENwOsVO6Co2Wb28xvVrqNNftSPWDZzpJDRv5wYmh0hBJeFD6l1AypdJ9pmbwEuS9SOy5vwwdQjIzczfunYMd8l0Lio91qXDxIH+TmyhZJzhSaINfve4s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=cDcjEmGx; arc=none smtp.client-ip=209.85.128.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="cDcjEmGx" Received: by mail-wm1-f68.google.com with SMTP id 5b1f17b1804b1-434b3e32e9dso32805545e9.2 for ; Mon, 02 Dec 2024 00:38:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733128700; x=1733733500; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=uyFMKAQH+vfZKPjYMh2i7WVy9DY6zU2NazglKYcnS7M=; b=cDcjEmGxyCv1MZg9tuZfgFrnhoqsF2+K3SgNbQ7Oux9gyX5i3+6z2RGV7T//nS6T8B ay5x2wMpLuD8MX0kUk1PJ7H9ma5+ZpHMClsc4hGLUnyOl/x+MfOhCgqVEGHB8A+k/6z4 DDCmtiU3PPtDdrNUuoLbwMVRC9pIIyNfZsgE49JvZ/4INf+0cpLVUGl6H/WvVeMokZMm HW3AX+Km41LXw9mYStWLHUDvtQ+r24ZRP3utjbVrcn3osytnI3fQgsl44AIhEcBvrprp 199ygA5Llke2hc2G4/6p+/xI/4qBBsZW48oVq7tVb6TKAhUXSX3Ew0zPmYs8MRqX0IBq iilA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733128700; x=1733733500; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uyFMKAQH+vfZKPjYMh2i7WVy9DY6zU2NazglKYcnS7M=; b=MOzsm7evCjoFZWU02Yp8HpuNLHKcpFhbbZBFqe1OrGqin7c1K5c7bq1H4QBvNTwcz3 aS88fx7GN9/iUNo35fTNJMR+OWRmviCowbi89oKsCaMPSd9LsA2obo3lRGN0ZePdXNT8 xk37E5qZp8tUmhrgkAe01yDJt16k4vJ9KNYaNbJRuxf0t2ybtpZhTxtBDH4kGPu6Kn/6 jz7vtyIOW1orfGaLYnI6FptkvZngLXl1dupamzDxXkUBr1lKsiCG9+IP+c8D2zZnRsB5 8Kmq1ZDCavJJexSTEP9tnx+LYK1ymLMbSJtJzREuXcFFhoZvORLKUhnlM5qlyUV/aUxX aI4w== X-Gm-Message-State: AOJu0YxqrLnAKhtOhd7mrKJxMfG6mNo2x8JpNmlIYeEWiB0hiFe5vb5V 8PGlBbXabScnb0dZpoQrPoAyFbdpZzMgW/qtDqulwOYtCGDu167zB0N0IwUaDWc= X-Gm-Gg: ASbGnctWBCcOLSj4qCvUdgBcZGvaEVE36GNxhQwhacHvgNOEju7C+418ybF3p5kL8fH baj1YgMPTFCIhq4fn5Evp01Rgr8HrLKagl9qsygI8/Zh+3rHK7DeYt6kYZGUXx1IhyWbfS/iXq0 dEDYkSGiOvDqTcjQnzFze+3CI5R0CHbPnvv0mYiCEQ5Fvzblahnhm0DoleakLApAUxy3iSK1lbx 05I0ojdjde5F5iivYJ084qf30PxCHOyGWNXFxiy3EhxAGeuyXhcwuh3EgwJy1kYt3qE5RchVdSd YQ== X-Google-Smtp-Source: AGHT+IEdgbwEq3elQiQXjU2DkkqEzcvoWlvH8MohDf8oAdcM7otMEUB+WAcLM5hKYSJB8ZCIUJB/YA== X-Received: by 2002:a05:600c:4f12:b0:432:cbe5:4f09 with SMTP id 5b1f17b1804b1-434a9db8171mr206503535e9.4.1733128699622; Mon, 02 Dec 2024 00:38:19 -0800 (PST) Received: from localhost (fwdproxy-cln-033.fbsv.net. [2a03:2880:31ff:21::face:b00c]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-434aa7d26b5sm174583335e9.35.2024.12.02.00.38.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Dec 2024 00:38:19 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Eduard Zingerman , Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Tao Lyu , Mathias Payer , Meng Xu , Sanidhya Kashyap Subject: [PATCH bpf-next v3 3/5] selftests/bpf: Introduce __caps_unpriv annotation for tests Date: Mon, 2 Dec 2024 00:38:12 -0800 Message-ID: <20241202083814.1888784-4-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241202083814.1888784-1-memxor@gmail.com> References: <20241202083814.1888784-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=6375; i=memxor@gmail.com; h=from:subject; bh=U62+fxodhxglrXh9TNGKlIpaS7jvsh0J+Sl94Vgvjdw=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnTXG0l4E8mtmSMqHl8P3bOo8clFEq4YdqXIoGr+r0 eCvHANKJAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ01xtAAKCRBM4MiGSL8Ryg8zD/ wPNOaloqWcEy7s6zfhoioNi4rmaCnSe0YGJcLv0pO2zs92xfROFKxzrR+6G+vMwoT5y7HH3Iskk3gU 9049iD3omIPIeW8FQ4GZ2TpnWdGPeVE6EzxppcN5xkKe1UXlvPqBtEj3+nNF+GAM9v0ZHUeL4RdaMu nsOFs5UI0PqGecsVCKPb7Yd0USzdfOJjTK3ntQvdzNOoA78/VIOJAGAXYUx2CZ0myyKEI/7v/J+0Qq xkuWGqawfxD7pjih0EVBwOEaPVQ0ndpzaKcOKNGmjnEV/BFW+O4MPR47dEQaQlU2WqdRSN5PObFgzr Q9TJDz966+9hxMyQBFI4b855hnDdDZxiNFva69OanMFyqWxPxRdcown3oILWGLot+Y4SdUwUm6TTAN PMPOmIQsbkSuuyHqoHeq67AJ+jd5PaYBJoLIt84X6unvtnSQd/2ENYiXv7RUFhExYolWm7tNQ00RBw WAQyJmvvG/qcKhv79gAOqFL4z3PX4XYvRh9m7/U551pDMe7tVIIbkif8Jj15YOWg8TTUWQ9AglZnxy JmB5FBmC0ZkXtBL6oZQhNaZT+0hhGG8fwBLOLpgTLXDRV298jEGvOYuZz/YUhGqzddL7Cj6Vf5engX uuzkh2Tlx/OHtLJ8yQ6mkSBF3xUTALLyKoH0vszGggFKjyOCVLYFUhvy05fQ== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net From: Eduard Zingerman Add a __caps_unpriv annotation so that tests requiring specific capabilities while dropping the rest can conveniently specify them during selftest declaration instead of munging with capabilities at runtime from the testing binary. While at it, let us convert test_verifier_mtu to use this new support instead. The original diff for this idea is available at link [0]. [0]: https://lore.kernel.org/bpf/a1e48f5d9ae133e19adc6adf27e19d585e06bab4.camel@gmail.com Signed-off-by: Eduard Zingerman [ Kartikeya: rebase on bpf-next, remove unnecessary bits, convert test_verifier_mtu ] Signed-off-by: Kumar Kartikeya Dwivedi --- .../selftests/bpf/prog_tests/verifier.c | 19 +-------- tools/testing/selftests/bpf/progs/bpf_misc.h | 2 + .../selftests/bpf/progs/verifier_mtu.c | 3 +- tools/testing/selftests/bpf/test_loader.c | 41 +++++++++++++++++++ 4 files changed, 46 insertions(+), 19 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/verifier.c b/tools/testing/selftests/bpf/prog_tests/verifier.c index d9f65adb456b..3ee40ee9413a 100644 --- a/tools/testing/selftests/bpf/prog_tests/verifier.c +++ b/tools/testing/selftests/bpf/prog_tests/verifier.c @@ -225,24 +225,7 @@ void test_verifier_xdp(void) { RUN(verifier_xdp); } void test_verifier_xdp_direct_packet_access(void) { RUN(verifier_xdp_direct_packet_access); } void test_verifier_bits_iter(void) { RUN(verifier_bits_iter); } void test_verifier_lsm(void) { RUN(verifier_lsm); } - -void test_verifier_mtu(void) -{ - __u64 caps = 0; - int ret; - - /* In case CAP_BPF and CAP_PERFMON is not set */ - ret = cap_enable_effective(1ULL << CAP_BPF | 1ULL << CAP_NET_ADMIN, &caps); - if (!ASSERT_OK(ret, "set_cap_bpf_cap_net_admin")) - return; - ret = cap_disable_effective(1ULL << CAP_SYS_ADMIN | 1ULL << CAP_PERFMON, NULL); - if (!ASSERT_OK(ret, "disable_cap_sys_admin")) - goto restore_cap; - RUN(verifier_mtu); -restore_cap: - if (caps) - cap_enable_effective(caps, NULL); -} +void test_verifier_mtu(void) { RUN(verifier_mtu); } static int init_test_val_map(struct bpf_object *obj, char *map_name) { diff --git a/tools/testing/selftests/bpf/progs/bpf_misc.h b/tools/testing/selftests/bpf/progs/bpf_misc.h index eccaf955e394..cd9dd427a91d 100644 --- a/tools/testing/selftests/bpf/progs/bpf_misc.h +++ b/tools/testing/selftests/bpf/progs/bpf_misc.h @@ -106,6 +106,7 @@ * __arch_* Specify on which architecture the test case should be tested. * Several __arch_* annotations could be specified at once. * When test case is not run on current arch it is marked as skipped. + * __caps_unpriv Specify the capabilities that should be set when running the test */ #define __msg(msg) __attribute__((btf_decl_tag("comment:test_expect_msg=" XSTR(__COUNTER__) "=" msg))) #define __xlated(msg) __attribute__((btf_decl_tag("comment:test_expect_xlated=" XSTR(__COUNTER__) "=" msg))) @@ -129,6 +130,7 @@ #define __arch_x86_64 __arch("X86_64") #define __arch_arm64 __arch("ARM64") #define __arch_riscv64 __arch("RISCV64") +#define __caps_unpriv(caps) __attribute__((btf_decl_tag("comment:test_caps_unpriv=" XSTR(caps)))) /* Convenience macro for use with 'asm volatile' blocks */ #define __naked __attribute__((naked)) diff --git a/tools/testing/selftests/bpf/progs/verifier_mtu.c b/tools/testing/selftests/bpf/progs/verifier_mtu.c index 70c7600a26a0..88b1fa5f6030 100644 --- a/tools/testing/selftests/bpf/progs/verifier_mtu.c +++ b/tools/testing/selftests/bpf/progs/verifier_mtu.c @@ -6,7 +6,8 @@ SEC("tc/ingress") __description("uninit/mtu: write rejected") -__failure __msg("invalid indirect read from stack") +__success __failure_unpriv __msg_unpriv("invalid indirect read from stack") +__caps_unpriv(CAP_BPF) int tc_uninit_mtu(struct __sk_buff *ctx) { __u32 mtu; diff --git a/tools/testing/selftests/bpf/test_loader.c b/tools/testing/selftests/bpf/test_loader.c index 3e9b009580d4..d693e1fc6fa5 100644 --- a/tools/testing/selftests/bpf/test_loader.c +++ b/tools/testing/selftests/bpf/test_loader.c @@ -36,6 +36,7 @@ #define TEST_TAG_ARCH "comment:test_arch=" #define TEST_TAG_JITED_PFX "comment:test_jited=" #define TEST_TAG_JITED_PFX_UNPRIV "comment:test_jited_unpriv=" +#define TEST_TAG_CAPS_UNPRIV "comment:test_caps_unpriv=" /* Warning: duplicated in bpf_misc.h */ #define POINTER_VALUE 0xcafe4all @@ -74,6 +75,7 @@ struct test_subspec { struct expected_msgs jited; int retval; bool execute; + __u64 caps; }; struct test_spec { @@ -276,6 +278,33 @@ static int parse_int(const char *str, int *val, const char *name) return 0; } +static int parse_caps(const char *str, __u64 *val, const char *name) +{ + int cap_flag = 0; + char *token = NULL, *saveptr = NULL; + + char *str_cpy = strdup(str); + if (str_cpy == NULL) { + PRINT_FAIL("Memory allocation failed\n"); + return -EINVAL; + } + + token = strtok_r(str_cpy, "|", &saveptr); + while (token != NULL) { + errno = 0; + cap_flag = strtol(token, NULL, 10); + if (errno) { + PRINT_FAIL("failed to parse caps %s\n", name); + return -EINVAL; + } + *val |= (1ULL << cap_flag); + token = strtok_r(NULL, "|", &saveptr); + } + + free(str_cpy); + return 0; +} + static int parse_retval(const char *str, int *val, const char *name) { struct { @@ -541,6 +570,12 @@ static int parse_test_spec(struct test_loader *tester, jit_on_next_line = true; } else if (str_has_pfx(s, TEST_BTF_PATH)) { spec->btf_custom_path = s + sizeof(TEST_BTF_PATH) - 1; + } else if (str_has_pfx(s, TEST_TAG_CAPS_UNPRIV)) { + val = s + sizeof(TEST_TAG_CAPS_UNPRIV) - 1; + err = parse_caps(val, &spec->unpriv.caps, "test caps"); + if (err) + goto cleanup; + spec->mode_mask |= UNPRIV; } } @@ -917,6 +952,12 @@ void run_subtest(struct test_loader *tester, test__end_subtest(); return; } + if (subspec->caps) { + err = cap_enable_effective(subspec->caps, NULL); + if (err) + PRINT_FAIL("failed to set capabilities: %i, %s\n", err, strerror(err)); + goto subtest_cleanup; + } } /* Implicitly reset to NULL if next test case doesn't specify */ From patchwork Mon Dec 2 08:38:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13890119 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE0A01F9F54 for ; Mon, 2 Dec 2024 08:38:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.68 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128704; cv=none; b=Rw7b9zqbz1b6LbFUmjoJ1dMjo+eONvhFncKYHwJlkzorTG0i5PBiRB388+qBflIPdjKVkJujlDwWIWgLhbfFkL26z8d4qsVbVxzRhqKE9+fwee0ejZHAp9v5aJ+WuLOVizhOBbCydM2RXSWWCluW7gRr1y3132hi+bWKzl8pozA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128704; c=relaxed/simple; bh=0f9/IXsdD2wpp3jPPE+35gn5ZfMT+UDAVZ6Q+0zzh0M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WrVl2EZPEhWSeqVcYZY7UzAWM/VbWIyuDzNBjS1bziT18hrmUW9r4x5eLeqp3YW+9PBMbTwMeaOdJpb5hxi4ChBpUQB5yjPNfhGYdUCrGjz03ov83N/5uHu6HtcEjZtNcgNB8/qPfN84J6coQIWNxVItG3JcOMBc1AnnPg0xmZQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TeYYKcJc; arc=none smtp.client-ip=209.85.128.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TeYYKcJc" Received: by mail-wm1-f68.google.com with SMTP id 5b1f17b1804b1-434a099ba95so35617825e9.0 for ; Mon, 02 Dec 2024 00:38:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733128701; x=1733733501; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nRF95go81yeay253Jkfjdhxv7Z65qGYIa1/dE4r10MY=; b=TeYYKcJc+xmJrCkj8ri3BaqloMuIkcrt8JGNurYl9811VG65nQhXiwpVLaYmm5DnFK OMaaHbi3fR4z2i4gVnsCMcTsdQTNQLbpbhWSkbVAY2h6iMiqTwXg7fCUIatatgfRxwh0 60Jj31a8Aumn920TFWr3eWqQvimHrxpvRg0flEOKFL35aDIt7WiNcTiVwSI1aj8AP7Z9 vn9gCubjFR/oBtTEGii7GhZjxIiSazOdNUq+Gh/hl8Bc3mvkyuMjqRa3TCV7u8Qe+spK Mhf5E2MslEUWqzlBMHuQRf9a2/pI0bpockktzJ1+PLgm788svNqVjU0wZeQvvcczv0eZ qvbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733128701; x=1733733501; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nRF95go81yeay253Jkfjdhxv7Z65qGYIa1/dE4r10MY=; b=Gh/rxRYwCl5M1owcj8eA3w8QowUpAM4vWYtDbfCJ5BZG1KGFrRp17YOVnKt9pj1hLv A48fK+ew2G9DRH4b9fdQxaIi5AhDoETmNQP1CCbXEnyVlG80d40I3S9jkViDDpmczsy5 ZIJsvnX/eP0biLemr3Tr+weoFe0kvMolq0rsuAjvHri3gHaeDbAjmYUBLcYgZfg/NJHW JmXJ0gOE7cATqj4pr7T1j6yJOjok3ITSAfSVGRi4frVuXkcuqezt2x1ckYJb/kadREsL ia/0ukzsyXC+koyxmtdvgQqQBhLQLiMN5pz7le8jrq0v94Plh/UmMshXyC13QEf4P5JA 3PEw== X-Gm-Message-State: AOJu0YzIFVtc/ocwZDgiZCZbfK9U9yWSipHKQ3axeLOI379Vpasg0P5h 85hV8P9xNrZYGOwO4NWBHXYAd9TjrbmcOa+oeMPpVCkTwsBfb+1GjCrk6RLa3Vo= X-Gm-Gg: ASbGncsmw9zzpVmzVoYxQ3w9JLYr3MgECQdmEwfX5fGoDNUl6DgfO4pXJidSY7MUgXO 1u4dNm/7/q+ZUIK9MpTzwG1Hr+hrjJ5YdGfIjYjcsBj+55uQhmt/JbG1DE086yrU6TSyDyWCzsB mKB/kgTyKXVprDxDyUZRKU/FvBp6VeC1eBaRwqL04QzNRPPw1v3304jMpOcPRZ/1YLIEsZlNI8/ 9VqQ6Xg2fO71TfHLLHO9505ehXv43cJnmEXBFk7jet6X2Vlh1MZQ+b0TWGl1kLROO6rTfPz6U83 XQ== X-Google-Smtp-Source: AGHT+IEOu+GEPSlf+mye97K1S/NlGD6sj3UC66hyv3N1tArkT/6zBo9Ujk06WMbrjQ387y8U6ZkvZw== X-Received: by 2002:a05:600c:1549:b0:434:a169:6ff7 with SMTP id 5b1f17b1804b1-434a9dc0f05mr201232275e9.9.1733128700714; Mon, 02 Dec 2024 00:38:20 -0800 (PST) Received: from localhost (fwdproxy-cln-019.fbsv.net. [2a03:2880:31ff:13::face:b00c]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-434b0f327casm146040145e9.27.2024.12.02.00.38.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Dec 2024 00:38:20 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Eduard Zingerman , Tao Lyu , Mathias Payer , Meng Xu , Sanidhya Kashyap Subject: [PATCH bpf-next v3 4/5] selftests/bpf: Add test for reading from STACK_INVALID slots Date: Mon, 2 Dec 2024 00:38:13 -0800 Message-ID: <20241202083814.1888784-5-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241202083814.1888784-1-memxor@gmail.com> References: <20241202083814.1888784-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1300; h=from:subject; bh=0f9/IXsdD2wpp3jPPE+35gn5ZfMT+UDAVZ6Q+0zzh0M=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnTXG0caEDQsBfdajdqdnI7WAGkL261xTZPnZ/byzO t8nmWaCJAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ01xtAAKCRBM4MiGSL8RyqbYD/ 4hYwb4MUd6lFnFT7z0CE3V3Mq3aq9Zf0Kv1fT3AjZVn2zluZYsNd31+epU4FWV1dqASG1B7D2ta5Aa V1Digy65vwkZIZtZbbu4IML1QKPSPDK4mm5FtWHYVNr5A8Rogeja+kdOq6kxNkdrycB6OTyfHu8/jQ kccK1H1Ge67JDagbGGK0dQnIFhVRdl3JqOazhvUsd/sDmXl1rGoA5YXQ8jRS10KrYpmtOxvf3ATLD1 D/w9A75Q5qkEQPiaExgyd1ATo1PJUv1AGLeY9txa1KLDSI/mrVgnPh+CXii0dtHdr+li6DHdO/y6MK LpZS2XwJ/UCY2YOg63R2eVL0S0nzSuDCCBIt2D0E1cOX2yfB/5VjFIiEEU30VN60PlbiyqGGqszP4R Oeyr5HBxV0QVyWlcAVd4vDuSps1qrLlg24r54JFUbgeCvkulsdtk7ajsWiX38FWualDk2Ibn63yyoF Cn0d9xzPBiN+ayMxQCgHgw3KAFLoUL0971kzE3qJeLHiQA4oB7L000nCLinZzHNgijeuZTU49IabKY ExjSNjBoy0sKqZvqrOej1JuSFuLkL5wY68FN5PCxfNEZ06xb9QBWJxA5z9I8HplHQgBEbZcf+7iv57 9sQPkOmWPBcwUo462TV85i3prpW1QcLIzpdJ09cI9B+ckO1LtKuV4fN3Gekg== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net Ensure that when CAP_PERFMON is dropped, and the verifier sees allow_ptr_leaks as false, we are not permitted to read from a STACK_INVALID slot. Without the fix, the test will report unexpected success in loading. Signed-off-by: Kumar Kartikeya Dwivedi Acked-by: Eduard Zingerman --- .../selftests/bpf/progs/verifier_spill_fill.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tools/testing/selftests/bpf/progs/verifier_spill_fill.c b/tools/testing/selftests/bpf/progs/verifier_spill_fill.c index 671d9f415dbf..f5cd21326811 100644 --- a/tools/testing/selftests/bpf/progs/verifier_spill_fill.c +++ b/tools/testing/selftests/bpf/progs/verifier_spill_fill.c @@ -1244,4 +1244,21 @@ __naked void old_stack_misc_vs_cur_ctx_ptr(void) : __clobber_all); } +SEC("tc") +__description("stack_noperfmon: reject read of invalid slots") +__success __failure_unpriv __msg_unpriv("invalid read from stack off -8+1 size 8") +__caps_unpriv(CAP_BPF) +__naked void stack_noperfmon_reject_invalid_read(void) +{ + asm volatile (" \ + r2 = 1; \ + r6 = r10; \ + r6 += -8; \ + *(u8 *)(r6 + 0) = r2; \ + r2 = *(u64 *)(r6 + 0); \ + r0 = 0; \ + exit; \ +" ::: __clobber_all); +} + char _license[] SEC("license") = "GPL"; From patchwork Mon Dec 2 08:38:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13890120 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E00631F9F60 for ; Mon, 2 Dec 2024 08:38:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.65 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128705; cv=none; b=cJF5PddCzwkzbNEplPNpA+GaP/9VUK2lJr8JZBVVMgRQB3+qyxlQU1Hb/vLivk5ZlzYnP/PnOdi/hk5PO7lSp5ChutJStzFc/4FJeus6Rw+TGmapSvrH7ReZ7gjroin0EfOKXcuUcGG5sSNp1nBB080sjrZAOkf4RhZHthPq/QY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733128705; c=relaxed/simple; bh=yftFKNwJm1Jz0VZlXa7rxyy5dYGaYgKeYANzbooirzQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QF5J6lsSomBj8lPT8AwY2iQpX45vFKihNH8X7orHCbgcHOaT13R9EWy7FoJoR9o3ckwcBZN11gaKgB+oc8/1pnxFQTlEPCMw7XxtQJPyPyqj+Ql7e/NLf39oloTRUOYEORaqQvzJnPpAH7miBlfyWBOtPRAWqnkKxgJ6CQ5caj4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bUmSdLGi; arc=none smtp.client-ip=209.85.128.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bUmSdLGi" Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-434a752140eso32413665e9.3 for ; Mon, 02 Dec 2024 00:38:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733128702; x=1733733502; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=RtrhSNEc8IrFO3j7mDizJkeNO+uKck/49EIV89z8Exk=; b=bUmSdLGiXXp0krRsciXEYmKFLXzBPRXaP3j0qwobL+/DCZJqkVdkAKCf0cWFNpn0cJ yg1TCON/Dcn8X9edwE3hCM3YmhkpmSEtWdFSpvx8O7TQkksXe0gpYuD2YkU3IOiet3t7 oAq0KlsUTjE2RCRJLRjsR8xkoNWO2/cHNfdP3HfKr7bfyVYaY1BW0cfv0+ItaZBOiUVY sTRyMSfcUhtR0J7NI0hHuho6S7wK/cYpW4FiZmWxJAI7W6bpWphmy87xOWaIVMxSeBE5 pvbfpLNHUWF0Q3O/CMm6AZ6vVT9mFGM/dmmDBRc0dF5cKndSLDWu4rPORuK1AsBZBoGD DabQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733128702; x=1733733502; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=RtrhSNEc8IrFO3j7mDizJkeNO+uKck/49EIV89z8Exk=; b=TM7ZanjGbDN+b7YaRrLVAwaAPDqzwGMRz4T/cSv4hABU/7S6BymVRXfpfnR2TrHGUN GHAWpJvYa7wNJbtKskIfdG7lDSfXUdVoyT5vfpPyou3Ma2X+0SDjEJ25jNQzYpG8mPip ekw1LuSICLQfyDBQDYaVeUHc75lqGfpEhVPVaSC8HKGLlLP/GhcmqDmqhD43mpBlTYfE Pg6XaNfMpvSboH04LgQ4SVXjtkvkMqJCjU0uPmLwDpNfOLzwo+AhfX8/+mpzRO79h25U 6ds4tw2qfEbJLL8UEUrUes3g9n1SaKPX13x3rJxIyLttWBW/GXGPlp1vsQDoXlu0eF9I j0kQ== X-Gm-Message-State: AOJu0YypomCqBoWyi4d/zz/MSQCwpNxd7OlwSbi2LGitizpxLce3CRKM ySD+Od26tmPtq9+yQCBVF3YJInfCiHUeBVinVWxyqkep+pQXEAECOYPrY6guaXY= X-Gm-Gg: ASbGncuie9QJRNYjzdgQpBnpPlm3iR5CozX9LkdBT2/8qKtk4rifOUqcJI/V9y2Tvpn G2/i36ip+SXAZ4qTEcD1PznopE+tx84Byy+V/10r1GfeiYnaYUPZNnwDH8fJE2MUd1nfDDrlmxA 46lA07kzh86HHQr0eKAf4RHH21+QPRQxQ8+grghYWMXIWBpmxqivnexDdibhqtVAjsiaLiCGVp0 Cwjs06Rw4TvN5OpNNW9RKmz5TWuXfFalIoKDz2hZdVt6h+ehf3gqqWkKRFP0m6wC7Fo2edsK5K/ wg== X-Google-Smtp-Source: AGHT+IFtNySmWCNiwxup05k4xMHd5oBGveSNYc/fLZWF1n43yW1/VoR1Ps/UfE9u0+/7ORIqDuvRwA== X-Received: by 2002:a05:600c:198b:b0:434:a1d3:a331 with SMTP id 5b1f17b1804b1-434a9de8d46mr175957385e9.22.1733128701876; Mon, 02 Dec 2024 00:38:21 -0800 (PST) Received: from localhost (fwdproxy-cln-037.fbsv.net. [2a03:2880:31ff:25::face:b00c]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-434b0f7dd78sm143221005e9.44.2024.12.02.00.38.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Dec 2024 00:38:21 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Eduard Zingerman , Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Tao Lyu , Mathias Payer , Meng Xu , Sanidhya Kashyap Subject: [PATCH bpf-next v3 5/5] selftests/bpf: Add test for narrow spill into 64-bit spilled scalar Date: Mon, 2 Dec 2024 00:38:14 -0800 Message-ID: <20241202083814.1888784-6-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241202083814.1888784-1-memxor@gmail.com> References: <20241202083814.1888784-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1190; h=from:subject; bh=yftFKNwJm1Jz0VZlXa7rxyy5dYGaYgKeYANzbooirzQ=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnTXG0l02jSpcGOiTMciM4t3evEvbQqHstq8RX3V6Y CQrZZ1mJAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ01xtAAKCRBM4MiGSL8RymRXD/ 91JzaDFVu3Rtnrk8TeEnK4NzxfTSIxZDn0v3Diqgm2gpj7WoErI4fV/+LMyttqn6Iwb+QAIAaxNnn8 AuBI+OoGH3pLmHl0fIjxSoHXCtgnKDtiSt2okxtPTC/5FvwbO0gmtLihnaCFaB0ue2oCeMEmor18Pw dLucuLgjO4MQa6NQjOBOhKWTguY/h5ABScGVSQYZIrvOYbnfdaunbez8SH6AhgbYEDC6SNm6Bz+T6x Gg+u7rLvW6okIV+N1GT6AHRXlIeReW9VxVbd/GU5BHkFPAsV7kGnn/04TPn+eqCv2NHG2KEihLaMPa y7nDk8F5RmW3aAzPbDEXNy54G9SfAznpFcukKE4j8iBIMnXLfVWsjCI5M4Zb/0pzWOf2IccljK9Sxa Gs0MVgf2YuJX3aGmvRC/4VzfwGAsJmAhpJxGGH1RDlJf/eHkw6GlLXa2Q0No5iYWTmLit4BsqDbHad QugNSNMHSbJVGTXQbPGNBH8JgzlQov1Pysp7RzFBU13lni3lAwgCWvnO4nt0eqioRzABziM3/8ORUh D5Cqx/Kg4+hRhW1diw1s+ZBeLD0Yktkeuvr++6ZG8+EBvZHtNAbdL6BBC7j7rhdM32FWuialN96vdN R7eaplsxODGFw2du/tBp3xp3d6hRqXEG2JzwbbDIRufWlEVVuWBuiryJZ4dg== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net Add a test case to verify that without CAP_PERFMON, the test now succeeds instead of failing due to a verification error. Acked-by: Eduard Zingerman Signed-off-by: Kumar Kartikeya Dwivedi --- .../selftests/bpf/progs/verifier_spill_fill.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tools/testing/selftests/bpf/progs/verifier_spill_fill.c b/tools/testing/selftests/bpf/progs/verifier_spill_fill.c index f5cd21326811..83b5cd705ccd 100644 --- a/tools/testing/selftests/bpf/progs/verifier_spill_fill.c +++ b/tools/testing/selftests/bpf/progs/verifier_spill_fill.c @@ -1261,4 +1261,20 @@ __naked void stack_noperfmon_reject_invalid_read(void) " ::: __clobber_all); } +SEC("socket") +__description("stack_noperfmon: narrow spill onto 64-bit scalar spilled slots") +__success __success_unpriv +__caps_unpriv(CAP_BPF) +__naked void stack_noperfmon_spill_32bit_onto_64bit_slot(void) +{ + asm volatile(" \ + r0 = 0; \ + *(u64 *)(r10 - 8) = r0; \ + *(u32 *)(r10 - 8) = r0; \ + exit; \ +" : + : + : __clobber_all); +} + char _license[] SEC("license") = "GPL";