Hello:
This series was applied to bpf/bpf.git (master)
by Andrii Nakryiko <andrii@xxxxxxxxxx>:
On Wed, 16 Oct 2024 15:49:11 +0200 you wrote:
> Nathaniel reported a bug in the linked scalar delta tracking, which can lead
> to accepting a program with OOB access. The specific code is related to the
> sync_linked_regs() function and the BPF_ADD_CONST flag, which signifies a
> constant offset between two scalar registers tracked by the same register id.
>
> The verifier attempts to track "similar" scalars in order to propagate bounds
> information learned about one scalar to others. For instance, if r1 and r2
> are known to contain the same value, then upon encountering 'if (r1 != 0x1234)
> goto xyz', not only does it know that r1 is equal to 0x1234 on the path where
> that conditional jump is not taken, it also knows that r2 is.
>
> [...]
Here is the summary with links:
- [bpf,1/3] bpf: Fix incorrect delta propagation between linked registers
https://git.kernel.org/bpf/bpf/c/3878ae04e9fc
- [bpf,2/3] bpf: Fix print_reg_state's constant scalar dump
https://git.kernel.org/bpf/bpf/c/3e9e708757ca
- [bpf,3/3] selftests/bpf: Add test case for delta propagation
https://git.kernel.org/bpf/bpf/c/db123e42304d
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
