Received: by 2002:a05:6a10:a852:0:0:0:0 with SMTP id d18csp379054pxy; Fri, 30 Apr 2021 07:23:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxptA093uigTeJmW7dDNuyLwYkqBS4VKe2uBZGZb9+ajHbkDUjFA6kEfvDRvbyo1Xl1jfE5 X-Received: by 2002:aa7:85d6:0:b029:27f:df55:25fd with SMTP id z22-20020aa785d60000b029027fdf5525fdmr4963067pfn.34.1619792581369; Fri, 30 Apr 2021 07:23:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619792581; cv=none; d=google.com; s=arc-20160816; b=jhOJ4SZ0xvxDb2C7Cgwzf10s4PfZWHL4V55V7kTUITSLDWDCAYlM7gqFp64xrCUhcs 4+dKmGLQ9OvjKlwLGPRzrK4L2jll7Pc8BCAavUB0LyGe6X2zT1Zk1j6kQuhKSwpUM4DI tY2rH7Xg5dOOD0NQN8AUjwvruBE1Q8ybTnHx/cL4nU3gdOrOPDf8v97aTaW4a/a0+hcc 7TPrzqJso3XXrSKyHCCgSYVBlzkbZX5HS+k4d+66jmHFsYWMmQuh/RFClESk/gAUZGIb XZFV67QPwG+0glK4NZAdagseQmUGs72ETC//EtQdWisDqsr7wXywHtDSmEOOuFmF13o0 uKtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=tuyLVO/3tg536nMkLTYIoFtdNBg8dKB8PrR3MtoK10g=; b=fwVF+Q6oe7TTKm1JopOzVH97fNSTt4i38NN19xTwBiOH70724GAQOAn1Apu0JdeN1d LpJtlfJg/j8XTA8webo77AI8f4ZVlxOx5cs54FbsKuEsr6vEFKwH/jfNHAlUTLtKMJMZ w/DVoWL89MeFMVctL5d5bIQjjiS7pbZvIylIrjiLsEzYzXQNYuJf1NjrqUnJFRwIRZEs GUVWkid3y0O99O9ijx3Bhv93zET81x49CiK4bxUSPj0rGvNOzPLkpHyrhR4XnhWQGQpm cxx/7QYGZhVSmj3NhriRBDVLmrrVbliCbCOALB37ejy00JDkxQM7CmC5/ZRIU/am61dZ ZLFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PuQCRvzC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r19si4884674pgj.144.2021.04.30.07.22.36; Fri, 30 Apr 2021 07:23:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=PuQCRvzC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232793AbhD3OVZ (ORCPT + 99 others); Fri, 30 Apr 2021 10:21:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:57496 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232733AbhD3OVY (ORCPT ); Fri, 30 Apr 2021 10:21:24 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 332CE61474; Fri, 30 Apr 2021 14:20:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1619792435; bh=chSn0igrfso4Dcmj3/WZkR8AP/DG4nT04Qmc3P60n/k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PuQCRvzCJ4qwWNL78CplGmrKBs6xcxT0YB/callabMa0ldbqMv2KpR6JRJdSDX0pK l2Hlw+ifwEEIIzbbVK+TNtca+iJ9PYQC26CAh6vLqubDp9nARgEvxg0GIyEbVmzF1+ RS1Y9xkr6J7nCJQg2Vt7bxw8Mj+XFR+Xa6/8i17s= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Greg Kroah-Hartman , bpf@vger.kernel.org, Daniel Borkmann , John Fastabend , Alexei Starovoitov Subject: [PATCH 5.4 3/8] bpf: Rework ptr_limit into alu_limit and add common error path Date: Fri, 30 Apr 2021 16:20:17 +0200 Message-Id: <20210430141911.256507736@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210430141911.137473863@linuxfoundation.org> References: <20210430141911.137473863@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Daniel Borkmann commit b658bbb844e28f1862867f37e8ca11a8e2aa94a3 upstream. Small refactor with no semantic changes in order to consolidate the max ptr_limit boundary check. Signed-off-by: Daniel Borkmann Reviewed-by: John Fastabend Acked-by: Alexei Starovoitov Signed-off-by: Greg Kroah-Hartman --- kernel/bpf/verifier.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -4265,12 +4265,12 @@ static struct bpf_insn_aux_data *cur_aux static int retrieve_ptr_limit(const struct bpf_reg_state *ptr_reg, const struct bpf_reg_state *off_reg, - u32 *ptr_limit, u8 opcode) + u32 *alu_limit, u8 opcode) { bool off_is_neg = off_reg->smin_value < 0; bool mask_to_left = (opcode == BPF_ADD && off_is_neg) || (opcode == BPF_SUB && !off_is_neg); - u32 off, max; + u32 off, max = 0, ptr_limit = 0; if (!tnum_is_const(off_reg->var_off) && (off_reg->smin_value < 0) != (off_reg->smax_value < 0)) @@ -4287,22 +4287,27 @@ static int retrieve_ptr_limit(const stru */ off = ptr_reg->off + ptr_reg->var_off.value; if (mask_to_left) - *ptr_limit = MAX_BPF_STACK + off; + ptr_limit = MAX_BPF_STACK + off; else - *ptr_limit = -off - 1; - return *ptr_limit >= max ? -ERANGE : 0; + ptr_limit = -off - 1; + break; case PTR_TO_MAP_VALUE: max = ptr_reg->map_ptr->value_size; if (mask_to_left) { - *ptr_limit = ptr_reg->umax_value + ptr_reg->off; + ptr_limit = ptr_reg->umax_value + ptr_reg->off; } else { off = ptr_reg->smin_value + ptr_reg->off; - *ptr_limit = ptr_reg->map_ptr->value_size - off - 1; + ptr_limit = ptr_reg->map_ptr->value_size - off - 1; } - return *ptr_limit >= max ? -ERANGE : 0; + break; default: return -EINVAL; } + + if (ptr_limit >= max) + return -ERANGE; + *alu_limit = ptr_limit; + return 0; } static bool can_skip_alu_sanitation(const struct bpf_verifier_env *env,