mbox series

[bpf,0/3] bpf: Fix missed var_off related to movsx in verifier

Message ID 20240615174621.3994321-1-yonghong.song@linux.dev (mailing list archive)
Headers show
Series bpf: Fix missed var_off related to movsx in verifier | expand

Message

Yonghong Song June 15, 2024, 5:46 p.m. UTC
Zac reported a verification issue ([1]) where verification unexpectedly succeeded.
This is due to missing proper var_off setting in verifier related to
movsx insn. I found another similar issue as well. This patch set fixed
both problems and added three inline asm tests to test these fixes.

  [1] https://lore.kernel.org/bpf/CAADnVQLPU0Shz7dWV4bn2BgtGdxN3uFHPeobGBA72tpg5Xoykw@mail.gmail.com/

Yonghong Song (3):
  bpf: Add missed var_off setting in set_sext32_default_val()
  bpf: Add missed var_off setting in coerce_subreg_to_size_sx()
  selftests/bpf: Add a few tests to cover

 kernel/bpf/verifier.c                         |  2 +
 .../selftests/bpf/progs/verifier_movsx.c      | 63 +++++++++++++++++++
 2 files changed, 65 insertions(+)

Comments

Eduard Zingerman June 17, 2024, 5:42 p.m. UTC | #1
On Sat, 2024-06-15 at 10:46 -0700, Yonghong Song wrote:
> Zac reported a verification issue ([1]) where verification unexpectedly succeeded.
> This is due to missing proper var_off setting in verifier related to
> movsx insn. I found another similar issue as well. This patch set fixed
> both problems and added three inline asm tests to test these fixes.
> 
>   [1] https://lore.kernel.org/bpf/CAADnVQLPU0Shz7dWV4bn2BgtGdxN3uFHPeobGBA72tpg5Xoykw@mail.gmail.com/
> 
> Yonghong Song (3):
>   bpf: Add missed var_off setting in set_sext32_default_val()
>   bpf: Add missed var_off setting in coerce_subreg_to_size_sx()
>   selftests/bpf: Add a few tests to cover

All looks good, tests cover both patches.

Acked-by: Eduard Zingerman <eddyz87@gmail.com>
patchwork-bot+netdevbpf@kernel.org June 17, 2024, 5:50 p.m. UTC | #2
Hello:

This series was applied to bpf/bpf.git (master)
by Alexei Starovoitov <ast@kernel.org>:

On Sat, 15 Jun 2024 10:46:21 -0700 you wrote:
> Zac reported a verification issue ([1]) where verification unexpectedly succeeded.
> This is due to missing proper var_off setting in verifier related to
> movsx insn. I found another similar issue as well. This patch set fixed
> both problems and added three inline asm tests to test these fixes.
> 
>   [1] https://lore.kernel.org/bpf/CAADnVQLPU0Shz7dWV4bn2BgtGdxN3uFHPeobGBA72tpg5Xoykw@mail.gmail.com/
> 
> [...]

Here is the summary with links:
  - [bpf,1/3] bpf: Add missed var_off setting in set_sext32_default_val()
    https://git.kernel.org/bpf/bpf/c/380d5f89a481
  - [bpf,2/3] bpf: Add missed var_off setting in coerce_subreg_to_size_sx()
    https://git.kernel.org/bpf/bpf/c/44b7f7151dfc
  - [bpf,3/3] selftests/bpf: Add a few tests to cover
    https://git.kernel.org/bpf/bpf/c/a62293c33b05

You are awesome, thank you!