Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2491046pxj; Mon, 10 May 2021 04:22:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwFpuMqznjF7loVlTxwc2mVkzW5EPpF6oYlGeCnIYZyRffWFpWf3t/6Ly+sT2g2/4OhuxKm X-Received: by 2002:a17:907:3398:: with SMTP id zj24mr22388994ejb.354.1620645773762; Mon, 10 May 2021 04:22:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620645773; cv=none; d=google.com; s=arc-20160816; b=TrVMGNO5v72V9WZR0uZlqxpA3/rj/V3SY6fTqu/dO+6k8MuycjxNf8LFaSneuesJr9 jBXn8GCD1ahj5BcSdGcuk+XRg6jSdTmC9oJ4KdZ2MmXBgf2psC2Taqev9k+1GwB/pUtG JD8IlwnnHyBL6i2eAvt+a0WGsbf3cQQYLx+WQbWGZWqdHJyXaumrCq2B/hivvqwVeJPe /OsIMJlpCjdGTFHl9OIyK8gT2AcEf6Cfygct8hWciGe4xEyHj38nq7sCIEM+aaIi0tLC Y+DmSGZvJ2JSSXuR1TO2PBfuRTuEyCfUjaNwtm1637kUoNRMsEtX6pbXncUZSaCQ7CWe IUTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=LkBeJbzqdEeoCA1r2ewDOthizjAGAOXK6kg2Y2F3zKI=; b=qxt3oTr7y3dre2ku5Br5DwW9Vsb6sUJsjxvsTsTql3R9rzzG7QIVsBiuEfo7smCNqG IXKd5w/iBab1G11wLhGdpRdZIxYMxjXoCDDDxsZvm6VY9k2p4BNShnvgJ2b0Jmj3Y7IC d0+wJ/824esjZNJrVXzZQNR8ojZ9vosiePzuGtrm5TwKlwhj2Fz2hV0WKAz29u4GWgWT GZ9gIpMrmf9L2UJZYFLN23G8UfuSFNbRsK0S+a+OsXxQBZSZB4u1Rs97G7CMJvcGhKv7 LJA1xin6Fwi3aBrnyxIIaX3bi8JMUYRWXb3G5QkqP32utBiWrhcnOHRV66R6dj9DR4cw 9jvA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aTTQRNNR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cw16si13606060ejb.337.2021.05.10.04.22.30; Mon, 10 May 2021 04:22:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aTTQRNNR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233831AbhEJLVk (ORCPT + 99 others); Mon, 10 May 2021 07:21:40 -0400 Received: from mail.kernel.org ([198.145.29.99]:52744 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234149AbhEJKz7 (ORCPT ); Mon, 10 May 2021 06:55:59 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id BAA9F61090; Mon, 10 May 2021 10:44:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620643456; bh=OIG8iDHZQYt5/XvM2OIwQwaHViY9KNUCyqdEwXHsQLc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aTTQRNNRwGy2Rf18jus5YqrHMrddcJwdAXtwPfEZrQdxwc8dZtqQxzETOTlD2EwMz +xLqkIocVx2EO8SlPKnBFTZqFHs2B9GDPXDbtAzfdE7gccaXLzbGB0Yx0AVZ/ah+Lk esmxwOzvP5jek6867cad4SWy39+sgmCi46aPdnEY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Heiko Carstens , Vasily Gorbik Subject: [PATCH 5.11 008/342] s390/disassembler: increase ebpf disasm buffer size Date: Mon, 10 May 2021 12:16:38 +0200 Message-Id: <20210510102010.380306522@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510102010.096403571@linuxfoundation.org> References: <20210510102010.096403571@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Vasily Gorbik commit 6f3353c2d2b3eb4de52e9704cb962712033db181 upstream. Current ebpf disassembly buffer size of 64 is too small. E.g. this line takes 65 bytes: 01fffff8005822e: ec8100ed8065\tclgrj\t%r8,%r1,8,001fffff80058408\n\0 Double the buffer size like it is done for the kernel disassembly buffer. Fixes the following KASAN finding: UG: KASAN: stack-out-of-bounds in print_fn_code+0x34c/0x380 Write of size 1 at addr 001fff800ad5f970 by task test_progs/853 CPU: 53 PID: 853 Comm: test_progs Not tainted 5.12.0-rc7-23786-g23457d86b1f0-dirty #19 Hardware name: IBM 3906 M04 704 (LPAR) Call Trace: [<0000000cd8e0538a>] show_stack+0x17a/0x1668 [<0000000cd8e2a5d8>] dump_stack+0x140/0x1b8 [<0000000cd8e16e74>] print_address_description.constprop.0+0x54/0x260 [<0000000cd75a8698>] kasan_report+0xc8/0x130 [<0000000cd6e26da4>] print_fn_code+0x34c/0x380 [<0000000cd6ea0f4e>] bpf_int_jit_compile+0xe3e/0xe58 [<0000000cd72c4c88>] bpf_prog_select_runtime+0x5b8/0x9c0 [<0000000cd72d1bf8>] bpf_prog_load+0xa78/0x19c0 [<0000000cd72d7ad6>] __do_sys_bpf.part.0+0x18e/0x768 [<0000000cd6e0f392>] do_syscall+0x12a/0x220 [<0000000cd8e333f8>] __do_syscall+0x98/0xc8 [<0000000cd8e54834>] system_call+0x6c/0x94 1 lock held by test_progs/853: #0: 0000000cd9bf7460 (report_lock){....}-{2:2}, at: kasan_report+0x96/0x130 addr 001fff800ad5f970 is located in stack of task test_progs/853 at offset 96 in frame: print_fn_code+0x0/0x380 this frame has 1 object: [32, 96) 'buffer' Memory state around the buggy address: 001fff800ad5f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 001fff800ad5f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >001fff800ad5f900: 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 f3 f3 ^ 001fff800ad5f980: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 001fff800ad5fa00: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 Cc: Reviewed-by: Heiko Carstens Signed-off-by: Vasily Gorbik Signed-off-by: Heiko Carstens Signed-off-by: Greg Kroah-Hartman --- arch/s390/kernel/dis.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/s390/kernel/dis.c +++ b/arch/s390/kernel/dis.c @@ -563,7 +563,7 @@ void show_code(struct pt_regs *regs) void print_fn_code(unsigned char *code, unsigned long len) { - char buffer[64], *ptr; + char buffer[128], *ptr; int opsize, i; while (len) {