MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-01-27 12:35:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,225,399 Commits 163 Branches 4,308 Tags 3.3 GiB
C 97.6%
Assembly 1.1%
Shell 0.5%
Makefile 0.3%
Python 0.2%
185dca8755
Go to file
Yonghong Song 185dca8755 bpf: Add missed var_off setting in set_sext32_default_val() 
[ Upstream commit 380d5f89a4 ]

Zac reported a verification failure and Alexei reproduced the issue
with a simple reproducer ([1]). The verification failure is due to missed
setting for var_off.

The following is the reproducer in [1]:
  0: R1=ctx() R10=fp0
  0: (71) r3 = *(u8 *)(r10 -387)        ;
     R3_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=255,var_off=(0x0; 0xff)) R10=fp0
  1: (bc) w7 = (s8)w3                   ;
     R3_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=255,var_off=(0x0; 0xff))
     R7_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=127,var_off=(0x0; 0x7f))
  2: (36) if w7 >= 0x2533823b goto pc-3
     mark_precise: frame0: last_idx 2 first_idx 0 subseq_idx -1
     mark_precise: frame0: regs=r7 stack= before 1: (bc) w7 = (s8)w3
     mark_precise: frame0: regs=r3 stack= before 0: (71) r3 = *(u8 *)(r10 -387)
  2: R7_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=127,var_off=(0x0; 0x7f))
  3: (b4) w0 = 0                        ; R0_w=0
  4: (95) exit

Note that after insn 1, the var_off for R7 is (0x0; 0x7f). This is not correct
since upper 24 bits of w7 could be 0 or 1. So correct var_off should be
(0x0; 0xffffffff). Missing var_off setting in set_sext32_default_val() caused later
incorrect analysis in zext_32_to_64(dst_reg) and reg_bounds_sync(dst_reg).

To fix the issue, set var_off correctly in set_sext32_default_val(). The correct
reg state after insn 1 becomes:
  1: (bc) w7 = (s8)w3                   ;
     R3_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=255,var_off=(0x0; 0xff))
     R7_w=scalar(smin=0,smax=umax=0xffffffff,smin32=-128,smax32=127,var_off=(0x0; 0xffffffff))
and at insn 2, the verifier correctly determines either branch is possible.

  [1] https://lore.kernel.org/bpf/CAADnVQLPU0Shz7dWV4bn2BgtGdxN3uFHPeobGBA72tpg5Xoykw@mail.gmail.com/

Fixes: 8100928c88 ("bpf: Support new sign-extension mov insns")
Reported-by: Zac Ecob <zacecob@protonmail.com>
Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20240615174626.3994813-1-yonghong.song@linux.dev
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-07-05 09:33:45 +02:00
arch MIPS: pci: lantiq: restore reset gpio polarity 2024-07-05 09:33:44 +02:00
block block/ioctl: prefer different overflow check 2024-06-27 13:49:01 +02:00
certs
crypto crypto: ecrdsa - Fix module auto-load on add_key 2024-06-16 13:47:39 +02:00
Documentation dt-bindings: i2c: google,cros-ec-i2c-tunnel: correct path to i2c-controller schema 2024-06-27 13:49:13 +02:00
drivers pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set 2024-07-05 09:33:44 +02:00
fs ocfs2: update inode fsync transaction id in ocfs2_unlink and ocfs2_link 2024-06-27 13:49:14 +02:00
include workqueue: Increase worker desc's length to 32 2024-07-05 09:33:45 +02:00
init smp: Provide 'setup_max_cpus' definition on UP too 2024-06-16 13:47:49 +02:00
io_uring io_uring/rsrc: fix incorrect assignment of iter->nr_segs in io_import_fixed 2024-06-27 13:49:10 +02:00
ipc Add x86 shadow stack support 2023-08-31 12:20:12 -07:00
kernel bpf: Add missed var_off setting in set_sext32_default_val() 2024-07-05 09:33:45 +02:00
lib lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure 2024-06-12 11:12:08 +02:00
LICENSES
mm mm/page_table_check: fix crash on ZONE_DEVICE 2024-06-27 13:49:13 +02:00
net net/sched: unregister lockdep keys in qdisc_create/qdisc_alloc error path 2024-06-27 13:49:15 +02:00
rust rust: kernel: require Send for Module implementations 2024-05-17 12:01:56 +02:00
samples work around gcc bugs with 'asm goto' with outputs 2024-02-23 09:24:47 +01:00
scripts locking/atomic: scripts: fix ${atomic}_sub_and_test() kerneldoc 2024-06-27 13:49:11 +02:00
security ima: Fix use-after-free on a dentry's dname.name 2024-06-21 14:38:48 +02:00
sound ASoC: q6apm-lpass-dai: close graph on prepare errors 2024-07-05 09:33:45 +02:00
tools selftests: mptcp: userspace_pm: fixed subtest names 2024-07-05 09:33:44 +02:00
usr
virt KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() 2024-06-27 13:49:11 +02:00
.clang-format
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap 20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues 2023-10-24 09:52:16 -10:00
.rustfmt.toml
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS pwm: Rename pwm_apply_state() to pwm_apply_might_sleep() 2024-06-12 11:12:24 +02:00
Makefile Linux 6.6.36 2024-06-27 13:49:15 +02:00
README

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.