AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
932,928 Commits 7 Branches 0 Tags 1.9 GiB
C 98%
Assembly 1.1%
Shell 0.3%
Makefile 0.3%
Python 0.1%
Other 0.1%
01c66c48d4
Go to file
Yonghong Song 01c66c48d4 bpf: Fix an incorrect branch elimination by verifier 
Wenbo reported an issue in [1] where a checking of null
pointer is evaluated as always false. In this particular
case, the program type is tp_btf and the pointer to
compare is a PTR_TO_BTF_ID.

The current verifier considers PTR_TO_BTF_ID always
reprents a non-null pointer, hence all PTR_TO_BTF_ID compares
to 0 will be evaluated as always not-equal, which resulted
in the branch elimination.

For example,
 struct bpf_fentry_test_t {
     struct bpf_fentry_test_t *a;
 };
 int BPF_PROG(test7, struct bpf_fentry_test_t *arg)
 {
     if (arg == 0)
         test7_result = 1;
     return 0;
 }
 int BPF_PROG(test8, struct bpf_fentry_test_t *arg)
 {
     if (arg->a == 0)
         test8_result = 1;
     return 0;
 }

In above bpf programs, both branch arg == 0 and arg->a == 0
are removed. This may not be what developer expected.

The bug is introduced by Commit cac616db39 ("bpf: Verifier
track null pointer branch_taken with JNE and JEQ"),
where PTR_TO_BTF_ID is considered to be non-null when evaluting
pointer vs. scalar comparison. This may be added
considering we have PTR_TO_BTF_ID_OR_NULL in the verifier
as well.

PTR_TO_BTF_ID_OR_NULL is added to explicitly requires
a non-NULL testing in selective cases. The current generic
pointer tracing framework in verifier always
assigns PTR_TO_BTF_ID so users does not need to
check NULL pointer at every pointer level like a->b->c->d.

We may not want to assign every PTR_TO_BTF_ID as
PTR_TO_BTF_ID_OR_NULL as this will require a null test
before pointer dereference which may cause inconvenience
for developers. But we could avoid branch elimination
to preserve original code intention.

This patch simply removed PTR_TO_BTD_ID from reg_type_not_null()
in verifier, which prevented the above branches from being eliminated.

 [1]: https://lore.kernel.org/bpf/79dbb7c0-449d-83eb-5f4f-7af0cc269168@fb.com/T/

Fixes: cac616db39 ("bpf: Verifier track null pointer branch_taken with JNE and JEQ")
Reported-by: Wenbo Zhang <ethercflow@gmail.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/20200630171240.2523722-1-yhs@fb.com
2020-06-30 22:21:05 +02:00
arch flexible-array member conversion patches for 5.8-rc2 2020-06-16 17:23:57 -07:00
block block: Replace zero-length array with flexible-array 2020-06-15 23:08:32 -05:00
certs .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
crypto Merge branch 'rwonce/rework' of git://git.kernel.org/pub/scm/linux/kernel/git/will/linux 2020-06-10 14:46:54 -07:00
Documentation dma-mapping: Add a new dma_need_sync API 2020-06-30 15:44:03 +02:00
drivers r8169: fix firmware not resetting tp->ocp_base 2020-06-20 17:31:26 -07:00
fs AFS fixes 2020-06-16 17:40:51 -07:00
include bpf: sockmap: Require attach_bpf_fd when detaching a program 2020-06-30 10:46:39 -07:00
init Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
ipc mmap locking API: use coccinelle to convert mmap_sem rwsem call sites 2020-06-09 09:39:14 -07:00
kernel bpf: Fix an incorrect branch elimination by verifier 2020-06-30 22:21:05 +02:00
lib test_objagg: Fix potential memory leak in error handling 2020-06-15 13:32:11 -07:00
LICENSES
mm Kbuild updates for v5.8 (2nd) 2020-06-13 13:29:16 -07:00
net bpf: sockmap: Require attach_bpf_fd when detaching a program 2020-06-30 10:46:39 -07:00
samples Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 2020-06-17 13:26:55 -07:00
scripts scripts/decode_stacktrace: warn when modpath is needed but is unset 2020-06-15 15:37:24 -07:00
security ima: Replace zero-length array with flexible-array 2020-06-15 23:08:32 -05:00
sound ASoC: SOF: Replace zero-length array with flexible-array 2020-06-15 23:08:32 -05:00
tools selftests: bpf: Pass program to bpf_prog_detach in flow_dissector 2020-06-30 10:46:39 -07:00
usr bpfilter: match bit size of bpfilter_umh to that of the kernel 2020-05-17 18:52:01 +09:00
virt MIPS: 2020-06-12 11:05:52 -07:00
.clang-format block: add bio_for_each_bvec_all() 2020-05-25 11:25:24 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore modpost: generate vmlinux.symvers and reuse it for the second modpost 2020-06-06 23:38:12 +09:00
.mailmap A fair amount of stuff this time around, dominated by yet another massive 2020-06-01 15:45:27 -07:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS mailmap: change email for Ricardo Ribalda 2020-05-25 18:59:59 -06:00
Kbuild
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: update email address for Felix Fietkau 2020-06-22 12:57:11 -07:00
Makefile Linux 5.8-rc1 2020-06-14 12:45:04 -07:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.