Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3707603pxb; Mon, 24 Jan 2022 15:58:10 -0800 (PST) X-Google-Smtp-Source: ABdhPJwz7fS6IVwmGBivU+Jl2WqovjVmABv7JTms2xL0Ugfe/p3bXOVe+ma3aGB8+AFIoubZ/HdZ X-Received: by 2002:a17:90a:17c4:: with SMTP id q62mr638375pja.145.1643068690633; Mon, 24 Jan 2022 15:58:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643068690; cv=none; d=google.com; s=arc-20160816; b=XnVUaviFIYGypOgJ2YMp9F76sUK/gBXFs9c2Set/XD0v6mrbBqA3KdSpztXQLYzGDH XSxA40bT4UVnZBVUSb0uXkHPIxPBI0bBUmSHg1DmlYkicOzQpEf2pWJOt08t6K97XHUk h58haoNg7u0Ln4CLZUIJNTIm/Gy4E+y4Hs6GVClCq5Tu13LV7DB4p733BCIeABhY8HJv o2zVMqieWC46ePGBIw4gzyjztdZx3K1MPrSVyvebDTTq+3Kql6GtuwNJNk9KB3LxFyIT 6EvE4EcJi8g+YYaI9Kj3f4GeJ1KmA8xkkhI7sfXXhjOpE5AYsH8sNDDuwTbk+Gysh38z TU6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=5fmfX2ovbE1ZkLtFruKBEqvMRljosG091+Bs4QOQgXo=; b=JTmXnHU5xsCWZpbhaexliIu8wGzhgyf5iaE/Obx17yt35vMnd/zs4BgOsBAt16bjNR DFaBHztDXU7bhlfSqcGqftfgZQtTdx/McTVjM04ZEGSPlGxud1laRKjonlaH5yy4QbE4 IbugR24w3ACuejry0uAUSR021E+pvOZH3klG07JIdYWt8/8vlJQEmrvDcudy1Y9L5bP8 qP+8/n9YJEaEX73l8zWfs46LvLp2DW1uPz1K2id/ejma4L3rMgwHlKDXm4QnOTsDV+Cu 8B797bXQ1Majk9lFCVwSRweuZs9ML4OzSe1eP9pblZjlGF1yEZ4HV99VKKP+AcMiz5KW Nalw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HMdrdQHw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g10si3104084pfj.219.2022.01.24.15.57.59; Mon, 24 Jan 2022 15:58:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HMdrdQHw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2367031AbiAXXyC (ORCPT + 99 others); Mon, 24 Jan 2022 18:54:02 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42872 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1837936AbiAXWpj (ORCPT ); Mon, 24 Jan 2022 17:45:39 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9170DC0550D7; Mon, 24 Jan 2022 13:06:05 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 31AF961320; Mon, 24 Jan 2022 21:06:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0C610C340E5; Mon, 24 Jan 2022 21:06:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1643058364; bh=7wStGB7xxU3AA3sGqmsWeIoblbJjCxRP7FitXitWhZg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HMdrdQHw85vb4M/Erlj3HszYx8vCgq5Xt+laSZu5xpGjux330dJLsbUlzA051WSgz ZI8DGh61x6Buqc9dJQqX25zfCkGmwXT8dhQ8B1HV6IEpbJQ59v/lwqDD81M9agc7fv qoDISpUqu7eI6mqsMTAuggsybhg2f3oOb+D+5bkQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hou Tao , Alexei Starovoitov , Yonghong Song , Martin KaFai Lau , Sasha Levin Subject: [PATCH 5.16 0233/1039] bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) Date: Mon, 24 Jan 2022 19:33:42 +0100 Message-Id: <20220124184133.145073433@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124184125.121143506@linuxfoundation.org> References: <20220124184125.121143506@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Hou Tao [ Upstream commit 866de407444398bc8140ea70de1dba5f91cc34ac ] BPF_LOG_KERNEL is only used internally, so disallow bpf_btf_load() to set log level as BPF_LOG_KERNEL. The same checking has already been done in bpf_check(), so factor out a helper to check the validity of log attributes and use it in both places. Fixes: 8580ac9404f6 ("bpf: Process in-kernel BTF") Signed-off-by: Hou Tao Signed-off-by: Alexei Starovoitov Acked-by: Yonghong Song Acked-by: Martin KaFai Lau Link: https://lore.kernel.org/bpf/20211203053001.740945-1-houtao1@huawei.com Signed-off-by: Sasha Levin --- include/linux/bpf_verifier.h | 7 +++++++ kernel/bpf/btf.c | 3 +-- kernel/bpf/verifier.c | 6 +++--- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index c8a78e830fcab..182b16a910849 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -396,6 +396,13 @@ static inline bool bpf_verifier_log_needed(const struct bpf_verifier_log *log) log->level == BPF_LOG_KERNEL); } +static inline bool +bpf_verifier_log_attr_valid(const struct bpf_verifier_log *log) +{ + return log->len_total >= 128 && log->len_total <= UINT_MAX >> 2 && + log->level && log->ubuf && !(log->level & ~BPF_LOG_MASK); +} + #define BPF_MAX_SUBPROGS 256 struct bpf_subprog_info { diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index 0cb1ceb91ca96..5e037070cb656 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -4460,8 +4460,7 @@ static struct btf *btf_parse(bpfptr_t btf_data, u32 btf_data_size, log->len_total = log_size; /* log attributes have to be sane */ - if (log->len_total < 128 || log->len_total > UINT_MAX >> 2 || - !log->level || !log->ubuf) { + if (!bpf_verifier_log_attr_valid(log)) { err = -EINVAL; goto errout; } diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 4e51bf3f9603a..8ebabae31a431 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -13960,11 +13960,11 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr) log->ubuf = (char __user *) (unsigned long) attr->log_buf; log->len_total = attr->log_size; - ret = -EINVAL; /* log attributes have to be sane */ - if (log->len_total < 128 || log->len_total > UINT_MAX >> 2 || - !log->level || !log->ubuf || log->level & ~BPF_LOG_MASK) + if (!bpf_verifier_log_attr_valid(log)) { + ret = -EINVAL; goto err_unlock; + } } if (IS_ERR(btf_vmlinux)) { -- 2.34.1