proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-12-25 23:55:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
25c76ed428
mirror_ubuntu-kernels/tools/lib/bpf
History
Ilya Leoshkevich 25c76ed428 libbpf: Fix unbounded memory access in bpf_usdt_arg() 
Loading programs that use bpf_usdt_arg() on s390x fails with:

    ; if (arg_num >= BPF_USDT_MAX_ARG_CNT || arg_num >= spec->arg_cnt)
    128: (79) r1 = *(u64 *)(r10 -24)      ; frame1: R1_w=scalar(umax=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
    129: (25) if r1 > 0xb goto pc+83      ; frame1: R1_w=scalar(umax=11,var_off=(0x0; 0xf))
    ...
    ; arg_spec = &spec->args[arg_num];
    135: (79) r1 = *(u64 *)(r10 -24)      ; frame1: R1_w=scalar(umax=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
    ...
    ; switch (arg_spec->arg_type) {
    139: (61) r1 = *(u32 *)(r2 +8)
    R2 unbounded memory access, make sure to bounds check any such access

The reason is that, even though the C code enforces that
arg_num < BPF_USDT_MAX_ARG_CNT, the verifier cannot propagate this
constraint to the arg_spec assignment yet. Help it by forcing r1 back
to stack after comparison.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Link: https://lore.kernel.org/r/20230128000650.1516334-23-iii@linux.ibm.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-01-28 12:45:14 -08:00
..
.gitignore libbpf: Make libbpf_version.h non-auto-generated 2021-09-13 15:36:47 -07:00
bpf_core_read.h libbpf: add bpf_core_type_matches() helper macro 2022-07-05 21:15:19 -07:00
bpf_endian.h libbpf: Make bpf_endian co-exist with vmlinux.h 2020-07-01 09:06:12 +02:00
bpf_gen_internal.h Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-12-10 15:56:13 -08:00
bpf_helpers.h libbpf: Simplify barrier_var() 2023-01-28 12:45:14 -08:00
bpf_prog_linfo.c libbpf: Streamline error reporting for high-level APIs 2021-05-25 17:32:35 -07:00
bpf_tracing.h libbpf: Clean up now not needed __PT_PARM{1-6}_SYSCALL_REG defaults 2023-01-23 20:53:01 +01:00
bpf.c libbpf: Introduce bpf_link_get_fd_by_id_opts() 2022-10-10 16:49:20 -07:00
bpf.h libbpf: Avoid enum forward-declarations in public API in C++ mode 2022-11-30 22:56:47 +01:00
btf_dump.c libbpf: Fix btf_dump's packed struct determination 2022-12-15 22:50:17 +01:00
btf.c libbpf: Return -ENODATA for missing btf section 2023-01-03 14:27:42 -08:00
btf.h libbpf: Don't require full struct enum64 in UAPI headers 2022-09-27 20:45:17 +02:00
Build libbpf: move xsk.{c,h} into selftests/bpf 2022-06-28 13:13:32 -07:00
gen_loader.c libbpf: fix an snprintf() overflow check 2022-07-19 10:47:31 -07:00
hashmap.c libbpf: Hashmap interface update to allow both long and void* keys/values 2022-11-09 20:45:14 -08:00
hashmap.h libbpf: Hashmap.h update to fix build issues using LLVM14 2022-11-11 10:24:23 -08:00
libbpf_common.h libbpf: cleanup LIBBPF_DEPRECATED_SINCE supporting macros for v0.x 2022-06-28 13:13:33 -07:00
libbpf_errno.c libbpf: Optimized return value in libbpf_strerror when errno is libbpf errno 2022-12-14 18:39:33 +01:00
libbpf_internal.h libbpf: Poison strlcpy() 2023-01-06 16:57:23 +01:00
libbpf_legacy.h libbpf: Clean up deprecated and legacy aliases 2022-08-17 22:42:56 +02:00
libbpf_probes.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-11-29 13:04:52 -08:00
libbpf_version.h libbpf: start v1.2 development cycle 2022-12-21 11:18:50 -08:00
libbpf.c libbpf: Support sleepable struct_ops.s section 2023-01-25 10:25:57 -08:00
libbpf.h libbpf: Add documentation to map pinning API functions 2023-01-27 23:03:19 +01:00
libbpf.map libbpf: start v1.2 development cycle 2022-12-21 11:18:50 -08:00
libbpf.pc.template libbpf: Add zlib as a dependency in pkg-config template 2019-12-16 14:55:29 -08:00
linker.c libbpf: Add enum64 support for bpf linking 2022-06-07 10:20:43 -07:00
Makefile Merge remote-tracking branch 'torvalds/master' into perf/core 2022-12-16 09:53:53 -03:00
netlink.c libbpf: Streamline bpf_attr and perf_event_attr initialization 2022-08-17 22:42:10 +02:00
nlattr.c libbpf: Fix overrun in netlink attribute iteration 2022-09-30 15:16:22 -07:00
nlattr.h libbpf: Switch to void * casting in netlink helpers 2021-06-22 17:04:02 +02:00
relo_core.c bpf: Correctly propagate errors up from bpf_core_composites_match 2022-07-08 15:31:43 -07:00
relo_core.h bpf, libbpf: Add type match support 2022-07-05 21:14:25 -07:00
ringbuf.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-11-29 13:04:52 -08:00
skel_internal.h libbpf: add map_get_fd_by_id and map_delete_elem in light skeleton 2022-08-25 18:52:29 -07:00
str_error.c libbpf: Poison kernel-only integer types 2020-01-10 10:38:00 -08:00
str_error.h libbpf: relicense libbpf as LGPL-2.1 OR BSD-2-Clause 2018-10-08 10:09:48 +02:00
strset.c libbpf: Hashmap interface update to allow both long and void* keys/values 2022-11-09 20:45:14 -08:00
strset.h libbpf: Extract internal set-of-strings datastructure APIs 2021-03-18 16:14:22 -07:00
usdt.bpf.h libbpf: Fix unbounded memory access in bpf_usdt_arg() 2023-01-28 12:45:14 -08:00
usdt.c libbpf: Parse usdt args without offset on x86 (e.g. 8@(%rsp)) 2022-12-06 16:16:50 -08:00