[PATCH 0/3] Fix truncation bug in coerce_reg_to_size_sx and extend selftests.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch series addresses a truncation bug in the eBPF verifier function
coerce_reg_to_size_sx(). The issue was caused by the incorrect ordering
of assignments between 32-bit and 64-bit min/max values, leading to
improper truncation when updating the register state. This issue has been
reported previously by Zac Ecob[1] , but was not followed up on.

The first patch fixes the assignment order in coerce_reg_to_size_sx()
to ensure correct truncation. The subsequent patches add selftests for
coerce_{reg,subreg}_to_size_sx.

[1] (https://lore.kernel.org/bpf/h3qKLDEO6m9nhif0eAQX4fVrqdO0D_OPb0y5HfMK9jBePEKK33wQ3K-bqSVnr0hiZdFZtSJOsbNkcEQGpv_yJk61PAAiO8fUkgMRSO-lB50=@protonmail.com/)

Dimitar Kanaliev (3):
  bpf: Fix truncation bug in coerce_reg_to_size_sx()
  selftests/bpf: Add test for truncation after sign extension in
    coerce_reg_to_size_sx()
  selftests/bpf: Add test for sign extension in
    coerce_subreg_to_size_sx()

 kernel/bpf/verifier.c                         |  8 ++--
 .../selftests/bpf/progs/verifier_movsx.c      | 40 +++++++++++++++++++
 2 files changed, 44 insertions(+), 4 deletions(-)

-- 
2.43.0





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux