diff mbox series

[bpf-next] libbpf: Fix overflow detection when dumping bitfields

Message ID 20230428155035.530862-1-iii@linux.ibm.com (mailing list archive)
State Superseded
Delegated to: BPF
Headers show
Series [bpf-next] libbpf: Fix overflow detection when dumping bitfields | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for bpf-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 8 this patch: 8
netdev/cc_maintainers fail 1 blamed authors not CCed: alan.maguire@oracle.com; 9 maintainers not CCed: alan.maguire@oracle.com yhs@fb.com kpsingh@kernel.org martin.lau@linux.dev john.fastabend@gmail.com song@kernel.org sdf@google.com jolsa@kernel.org haoluo@google.com
netdev/build_clang success Errors and warnings before: 8 this patch: 8
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 8 this patch: 8
netdev/checkpatch warning WARNING: line length of 86 exceeds 80 columns
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-PR success PR summary
bpf/vmtest-bpf-next-VM_Test-1 success Logs for ShellCheck
bpf/vmtest-bpf-next-VM_Test-2 success Logs for build for aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-3 success Logs for build for aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-4 success Logs for build for s390x with gcc
bpf/vmtest-bpf-next-VM_Test-5 success Logs for build for x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-6 success Logs for build for x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-7 success Logs for set-matrix
bpf/vmtest-bpf-next-VM_Test-8 success Logs for test_maps on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-9 success Logs for test_maps on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-11 success Logs for test_maps on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-12 success Logs for test_maps on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-14 pending Logs for test_progs on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-15 pending Logs for test_progs on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-16 success Logs for test_progs on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-17 success Logs for test_progs on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-18 success Logs for test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-19 success Logs for test_progs_no_alu32 on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-20 pending Logs for test_progs_no_alu32 on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-21 success Logs for test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-22 success Logs for test_progs_no_alu32 on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-23 success Logs for test_progs_no_alu32_parallel on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-24 success Logs for test_progs_no_alu32_parallel on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-25 success Logs for test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-26 success Logs for test_progs_no_alu32_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-27 success Logs for test_progs_parallel on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-28 success Logs for test_progs_parallel on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-29 success Logs for test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-30 success Logs for test_progs_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-31 success Logs for test_verifier on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-32 success Logs for test_verifier on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-33 success Logs for test_verifier on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-34 success Logs for test_verifier on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-35 success Logs for test_verifier on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-36 success Logs for veristat
bpf/vmtest-bpf-next-VM_Test-10 success Logs for test_maps on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-13 success Logs for test_progs on aarch64 with gcc

Commit Message

Ilya Leoshkevich April 28, 2023, 3:50 p.m. UTC 
btf_dump test fails on s390x with the following error:

    unexpected return value dumping fs_context: actual -7 != expected 280

This happens when processing the fs_context.phase member: its type size
is 4, but there are less bytes left until the end of the struct. The
problem is that btf_dump_type_data_check_overflow() does not handle
bitfields.

Add bitfield support; make sure that byte boundaries, which are
computed from bit boundaries, are rounded up.

Fixes: 920d16af9b42 ("libbpf: BTF dumper support for typed data")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tools/lib/bpf/btf_dump.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

Comments

Yonghong Song April 28, 2023, 5:30 p.m. UTC | #1 
On 4/28/23 8:50 AM, Ilya Leoshkevich wrote:
> btf_dump test fails on s390x with the following error:
> 
>      unexpected return value dumping fs_context: actual -7 != expected 280
> 
> This happens when processing the fs_context.phase member: its type size
> is 4, but there are less bytes left until the end of the struct. The
> problem is that btf_dump_type_data_check_overflow() does not handle
> bitfields.
> 
> Add bitfield support; make sure that byte boundaries, which are
> computed from bit boundaries, are rounded up.

Ilya, Martin has submitted a patch yesterday to fix the issue:
 
https://lore.kernel.org/bpf/20230428013638.1581263-1-martin.lau@linux.dev/

> 
> Fixes: 920d16af9b42 ("libbpf: BTF dumper support for typed data")
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>   tools/lib/bpf/btf_dump.c | 12 +++++++++---
>   1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/tools/lib/bpf/btf_dump.c b/tools/lib/bpf/btf_dump.c
> index 580985ee5545..f8b538e8d753 100644
> --- a/tools/lib/bpf/btf_dump.c
> +++ b/tools/lib/bpf/btf_dump.c
> @@ -2250,9 +2250,11 @@ static int btf_dump_type_data_check_overflow(struct btf_dump *d,
>   					     const struct btf_type *t,
>   					     __u32 id,
>   					     const void *data,
> -					     __u8 bits_offset)
> +					     __u8 bits_offset,
> +					     __u8 bit_sz)
>   {
>   	__s64 size = btf__resolve_size(d->btf, id);
> +	const void *end;
>   
>   	if (size < 0 || size >= INT_MAX) {
>   		pr_warn("unexpected size [%zu] for id [%u]\n",
> @@ -2280,7 +2282,11 @@ static int btf_dump_type_data_check_overflow(struct btf_dump *d,
>   	case BTF_KIND_PTR:
>   	case BTF_KIND_ENUM:
>   	case BTF_KIND_ENUM64:
> -		if (data + bits_offset / 8 + size > d->typed_dump->data_end)
> +		if (bit_sz)
> +			end = data + (bits_offset + bit_sz + 7) / 8;
> +		else
> +			end = data + (bits_offset + 7) / 8 + size;
> +		if (end > d->typed_dump->data_end)
>   			return -E2BIG;
>   		break;
>   	default:
> @@ -2407,7 +2413,7 @@ static int btf_dump_dump_type_data(struct btf_dump *d,
>   {
>   	int size, err = 0;
>   
> -	size = btf_dump_type_data_check_overflow(d, t, id, data, bits_offset);
> +	size = btf_dump_type_data_check_overflow(d, t, id, data, bits_offset, bit_sz);
>   	if (size < 0)
>   		return size;
>   	err = btf_dump_type_data_check_zero(d, t, id, data, bits_offset, bit_sz);
diff mbox series

Patch

diff --git a/tools/lib/bpf/btf_dump.c b/tools/lib/bpf/btf_dump.c
index 580985ee5545..f8b538e8d753 100644
--- a/tools/lib/bpf/btf_dump.c
+++ b/tools/lib/bpf/btf_dump.c
@@ -2250,9 +2250,11 @@  static int btf_dump_type_data_check_overflow(struct btf_dump *d,
 					     const struct btf_type *t,
 					     __u32 id,
 					     const void *data,
-					     __u8 bits_offset)
+					     __u8 bits_offset,
+					     __u8 bit_sz)
 {
 	__s64 size = btf__resolve_size(d->btf, id);
+	const void *end;
 
 	if (size < 0 || size >= INT_MAX) {
 		pr_warn("unexpected size [%zu] for id [%u]\n",
@@ -2280,7 +2282,11 @@  static int btf_dump_type_data_check_overflow(struct btf_dump *d,
 	case BTF_KIND_PTR:
 	case BTF_KIND_ENUM:
 	case BTF_KIND_ENUM64:
-		if (data + bits_offset / 8 + size > d->typed_dump->data_end)
+		if (bit_sz)
+			end = data + (bits_offset + bit_sz + 7) / 8;
+		else
+			end = data + (bits_offset + 7) / 8 + size;
+		if (end > d->typed_dump->data_end)
 			return -E2BIG;
 		break;
 	default:
@@ -2407,7 +2413,7 @@  static int btf_dump_dump_type_data(struct btf_dump *d,
 {
 	int size, err = 0;
 
-	size = btf_dump_type_data_check_overflow(d, t, id, data, bits_offset);
+	size = btf_dump_type_data_check_overflow(d, t, id, data, bits_offset, bit_sz);
 	if (size < 0)
 		return size;
 	err = btf_dump_type_data_check_zero(d, t, id, data, bits_offset, bit_sz);