bpf: make reg_not_null() true for CONST_PTR_TO_MAP #9042
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![kernel-patches-daemon-bpf[bot]](https://avatars.githubusercontent.com/u/70728002?s=60&v=4){kind=small}
|
Upstream branch: cd2e103 |
|
Upstream branch: cd2e103 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/966056=>bpf-next
branch
from
4bc77dd to
95c5ea2
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
810d3c3 to
8af34a9
Compare
|
Upstream branch: 7fdaba9 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/966056=>bpf-next
branch
from
95c5ea2 to
b8de394
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
8af34a9 to
efe09e8
Compare
|
Upstream branch: 919319b |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/966056=>bpf-next
branch
from
b8de394 to
e8bb226
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
efe09e8 to
ccbb215
Compare
|
Upstream branch: 97744b4 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/966056=>bpf-next
branch
from
e8bb226 to
016ad84
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
ccbb215 to
de55d92
Compare
|
Upstream branch: a570f38 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/966056=>bpf-next
branch
from
016ad84 to
ff5d226
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
de55d92 to
6d7073a
Compare
When reg->type is CONST_PTR_TO_MAP, it can not be null. However the verifier explores the branches under rX == 0 in check_cond_jmp_op() even if reg->type is CONST_PTR_TO_MAP, because it was not checked for in reg_not_null(). Fix this by adding CONST_PTR_TO_MAP to the set of types that are considered non nullable in reg_not_null(). An old "unpriv: cmp map pointer with zero" selftest fails with this change, because now early out correctly triggers in check_cond_jmp_op(), making the verification to pass. In practice verifier may allow pointer to null comparison in unpriv, since in many cases the relevant branch and comparison op are removed as dead code. So change the expected test result to __success_unpriv. Signed-off-by: Ihor Solodrai <[email protected]> Acked-by: Andrii Nakryiko <[email protected]>
Add a test for CONST_PTR_TO_MAP comparison with a non-0 constant. A BPF program with this code must not pass verification in unpriv. Signed-off-by: Ihor Solodrai <[email protected]>
A test requires the following to happen: * CONST_PTR_TO_MAP value is put on the stack * then this value is checked for null * the code in the null branch fails verification I was able to achieve this by using a stack allocated array of maps, populated with values from a global map. This is the first test case: map_ptr_is_never_null. The second test case (map_ptr_is_never_null_rb) involves an array of ringbufs and attempts to recreate a common coding pattern [1]. [1] https://lore.kernel.org/bpf/CAEf4BzZNU0gX_sQ8k8JaLe1e+Veth3Rk=4x7MDhv=hQxvO8EDw@mail.gmail.com/ Suggested-by: Andrii Nakryiko <[email protected]> Signed-off-by: Ihor Solodrai <[email protected]> Acked-by: Andrii Nakryiko <[email protected]>
|
Upstream branch: 64a064c |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/966056=>bpf-next
branch
from
ff5d226 to
ca2c2d4
Compare
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=968739 expired. Closing PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: make reg_not_null() true for CONST_PTR_TO_MAP
version: 2
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=968449