Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp2469869pxb; Mon, 19 Apr 2021 06:32:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxMR2TG5pqZW8CZJDrZCODykHpuGUHErJlgl5G6NPe/zPi/7W26snmB5jDd4qthWBfO3Xdp X-Received: by 2002:a17:906:8293:: with SMTP id h19mr22031543ejx.217.1618839138924; Mon, 19 Apr 2021 06:32:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618839138; cv=none; d=google.com; s=arc-20160816; b=EXpJ65aCRoxi0I9bqXZ7Zet/d2YNvrsoosIn/OEMfYTdxbDVcORjZjNTSMFiqnGn96 Lnbh3hzHfRg1OXYzvLDLwWGIZ2wgPyFUok5XH/YPacniZiMYaRKT1bLf2Yhujzq9ky87 YBfKRklOWDs5r3QQ1e37xKl50HfK98kmNkpySiArwvh/Wmw3ITOY2QHrH6w664+1BQmx hrRwIoH9U3O84EA9O6+3Wc4Yy4R+vBjrBTxEoDKAvgf0uMRFmItLboJSBg737SsQG2iM aE4ohnZln6Shkcod9LMv9WF6bNEUADv5o0Qgf7m19WpGEWBg2gbQ7A6YPs/9WmjSF93t gD0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=S/3ToucTtC6+nGPRZ0yhF4zpJkP36MndPTjoaAqU0Jg=; b=SO7CRs8bL5ekKqRSNPsrnjFkwA/51TF8X8FkI17Ijtpo63PfGTNwHT6nHsGaG39Fvc klAqdpiYpWkwX42KKExbFQWN5oeTpiDuq898jo+DzeQ62vspQaI5jcbAEW97L4BzMSnn 49fqaA9zp8vx2d/fwBOeLjYBAmWH7qleUUiD93cooq+ck8FEVhGXlOcFvJA/g1YDtmIi g9Gjhp2tQ8FB2f53AQmigpXg0W9OhWUzpW52laF6Zv055A+8AoE/3OzMSKxPyyGuHaxs FI7ifN8aOVVioHEXxfXn/hp6hoG3kBQa1PSpoM/LxWTbVdUn6JuocSPkRGQ/Gann8Q8W QAlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="riwu4sp/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v5si12959134edi.582.2021.04.19.06.31.55; Mon, 19 Apr 2021 06:32:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="riwu4sp/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242970AbhDSNaX (ORCPT + 99 others); Mon, 19 Apr 2021 09:30:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:54752 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240551AbhDSNVG (ORCPT ); Mon, 19 Apr 2021 09:21:06 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A7D7F61402; Mon, 19 Apr 2021 13:17:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1618838264; bh=BbvvEDkuJkx6lBz2MRZk27LZ40AkMZBpSawVksNP/gE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=riwu4sp/QVfO+hyB2rilbtGEnigiyOV5Csy6i9mDkH9i3aCHg1rc7JKQ8ZYHRAg2z 6rOlUi9e0vvLR9ovsqhzCnMN5qFdUCG6hXYVFgV50xb6rykt2DXCI1GkGqd++KuMyx Jcv7lHmgOzqm8fmRTi8vbbcmoivrqoNyqIU4+UpY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Borkmann , John Fastabend , Alexei Starovoitov Subject: [PATCH 5.10 101/103] bpf: Rework ptr_limit into alu_limit and add common error path Date: Mon, 19 Apr 2021 15:06:52 +0200 Message-Id: <20210419130531.249552898@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210419130527.791982064@linuxfoundation.org> References: <20210419130527.791982064@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Daniel Borkmann commit b658bbb844e28f1862867f37e8ca11a8e2aa94a3 upstream. Small refactor with no semantic changes in order to consolidate the max ptr_limit boundary check. Signed-off-by: Daniel Borkmann Reviewed-by: John Fastabend Acked-by: Alexei Starovoitov Signed-off-by: Greg Kroah-Hartman --- kernel/bpf/verifier.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5330,12 +5330,12 @@ static struct bpf_insn_aux_data *cur_aux static int retrieve_ptr_limit(const struct bpf_reg_state *ptr_reg, const struct bpf_reg_state *off_reg, - u32 *ptr_limit, u8 opcode) + u32 *alu_limit, u8 opcode) { bool off_is_neg = off_reg->smin_value < 0; bool mask_to_left = (opcode == BPF_ADD && off_is_neg) || (opcode == BPF_SUB && !off_is_neg); - u32 off, max; + u32 off, max = 0, ptr_limit = 0; if (!tnum_is_const(off_reg->var_off) && (off_reg->smin_value < 0) != (off_reg->smax_value < 0)) @@ -5352,22 +5352,27 @@ static int retrieve_ptr_limit(const stru */ off = ptr_reg->off + ptr_reg->var_off.value; if (mask_to_left) - *ptr_limit = MAX_BPF_STACK + off; + ptr_limit = MAX_BPF_STACK + off; else - *ptr_limit = -off - 1; - return *ptr_limit >= max ? -ERANGE : 0; + ptr_limit = -off - 1; + break; case PTR_TO_MAP_VALUE: max = ptr_reg->map_ptr->value_size; if (mask_to_left) { - *ptr_limit = ptr_reg->umax_value + ptr_reg->off; + ptr_limit = ptr_reg->umax_value + ptr_reg->off; } else { off = ptr_reg->smin_value + ptr_reg->off; - *ptr_limit = ptr_reg->map_ptr->value_size - off - 1; + ptr_limit = ptr_reg->map_ptr->value_size - off - 1; } - return *ptr_limit >= max ? -ERANGE : 0; + break; default: return -EINVAL; } + + if (ptr_limit >= max) + return -ERANGE; + *alu_limit = ptr_limit; + return 0; } static bool can_skip_alu_sanitation(const struct bpf_verifier_env *env,