tmakin/tegra-linux-noble
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bpf: Ensure reg is PTR_TO_STACK in process_iter_arg

Browse Source 
BugLink: https://bugs.launchpad.net/bugs/2102118

[ Upstream commit 12659d28615d606b36e382f4de2dd05550d202af ]

Currently, KF_ARG_PTR_TO_ITER handling missed checking the reg->type and
ensuring it is PTR_TO_STACK. Instead of enforcing this in the caller of
process_iter_arg, move the check into it instead so that all callers
will gain the check by default. This is similar to process_dynptr_func.

An existing selftest in verifier_bits_iter.c fails due to this change,
but it's because it was passing a NULL pointer into iter_next helper and
getting an error further down the checks, but probably meant to pass an
uninitialized iterator on the stack (as is done in the subsequent test
below it). We will gain coverage for non-PTR_TO_STACK arguments in later
patches hence just change the declaration to zero-ed stack object.

Fixes: 06accc8779 ("bpf: add support for open-coded iterator loops")
Suggested-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Tao Lyu <tao.lyu@epfl.ch>
[ Kartikeya: move check into process_iter_arg, rewrite commit log ]
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20241203000238.3602922-2-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[koichiroden: dropped changes for selftest code due to missing commit:
6ba7acdb93b4 ("selftests/bpf: Add selftest for bits iter"),
adjusted context due to missing commit:
baebe9aaba1e ("bpf: allow passing struct bpf_iter_<type> as kfunc arguments")]
Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
This commit is contained in:
Tao Lyu
2025-03-12 22:51:00 +09:00
committed by Stefan Bader
parent cc1f1ad1d1
commit 14bef7cf4e
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
kernel/bpf/verifier.c
+5
View File
@@ -7749,6 +7749,11 @@ static int process_iter_arg(struct bpf_verifier_env *env, int regno, int insn_id
int spi, err, i, nr_slots;
u32 btf_id;
if (reg->type != PTR_TO_STACK) {
verbose(env, "arg#%d expected pointer to an iterator on stack\n", regno - 1);
return -EINVAL;
}
/* btf_check_iter_kfuncs() ensures we don't need to validate anything here */
arg = &btf_params(meta->func_proto)[0];
t = btf_type_skip_modifiers(meta->btf, arg->type, NULL); /* PTR */