[bpf,v1,0/2] Add missing size check for BTF-based ctx access

Message ID	20241212092050.3204165-1-memxor@gmail.com (mailing list archive)
Headers	show Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 09E3820E330 for <bpf@vger.kernel.org>; Thu, 12 Dec 2024 09:20:57 +0000 (UTC) From: Kumar Kartikeya Dwivedi <memxor@gmail.com> To: bpf@vger.kernel.org Cc: kkd@meta.com, Alexei Starovoitov <ast@kernel.org>, Andrii Nakryiko <andrii@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Martin KaFai Lau <martin.lau@kernel.org>, Eduard Zingerman <eddyz87@gmail.com>, Robert Morris <rtm@mit.edu>, kernel-team@fb.com Subject: [PATCH bpf v1 0/2] Add missing size check for BTF-based ctx access Date: Thu, 12 Dec 2024 01:20:48 -0800 Message-ID: <20241212092050.3204165-1-memxor@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Add missing size check for BTF-based ctx access \| expand [bpf,v1,0/2] Add missing size check for BTF-based ctx access [bpf,v1,1/2] bpf: Check size for BTF-based ctx access of pointer members [bpf,v1,2/2] selftests/bpf: Add test for narrow ctx load for pointer args

Message ID

20241212092050.3204165-1-memxor@gmail.com (mailing list archive)

Headers

From: Kumar Kartikeya Dwivedi <memxor@gmail.com>
To: bpf@vger.kernel.org
Cc: kkd@meta.com,
	Alexei Starovoitov <ast@kernel.org>,
	Andrii Nakryiko <andrii@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Martin KaFai Lau <martin.lau@kernel.org>,
	Eduard Zingerman <eddyz87@gmail.com>,
	Robert Morris <rtm@mit.edu>,
	kernel-team@fb.com
Subject: [PATCH bpf v1 0/2] Add missing size check for BTF-based ctx access
Date: Thu, 12 Dec 2024 01:20:48 -0800
Message-ID: <20241212092050.3204165-1-memxor@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Add missing size check for BTF-based ctx access | expand

Message

Kumar Kartikeya Dwivedi Dec. 12, 2024, 9:20 a.m. UTC

This set fixes a issue reported for tracing and struct ops programs
using btf_ctx_access for ctx checks, where loading a pointer argument
from the ctx doesn't enforce a BPF_DW access size check. The original
report is at link [0]. Also add a regression test along with the fix.

  [0]: https://lore.kernel.org/bpf/51338.1732985814@localhost

Kumar Kartikeya Dwivedi (2):
  bpf: Check size for BTF-based ctx access of pointer members
  selftests/bpf: Add test for narrow ctx load for pointer args

 kernel/bpf/btf.c                              |  6 +++
 .../bpf/progs/verifier_btf_ctx_access.c       | 40 ++++++++++++++++++-
 .../selftests/bpf/progs/verifier_d_path.c     |  4 +-
 3 files changed, 46 insertions(+), 4 deletions(-)


base-commit: 7d0d673627e20cfa3b21a829a896ce03b58a4f1c