This set fixes a bug related to bad var_off being permitted for kfunc call in case of PTR_TO_BTF_ID, consolidates offset checks for all register types allowed as helper or kfunc arguments into a common shared helper, and introduces a couple of other checks to harden the kfunc release logic and prevent future bugs. Some selftests are also included that fail in absence of these fixes, serving as demonstration of the issues being fixed. Changelog: ---------- v1 -> v2: v1: https://lore.kernel.org/bpf/20220301065745.1634848-1-memxor@xxxxxxxxx * Put reg->off check for release kfunc inside check_func_arg_reg_off, make the check a bit more readable * Squash verifier selftests errstr update into patch 3 for bisect (Alexei) * Include fix from Nathan for clang warning about missing prototypes * Add unified __diag_ingore_all that works for both GCC/LLVM (Alexei) Older discussion: Link: https://lore.kernel.org/bpf/20220219113744.1852259-1-memxor@xxxxxxxxx Kumar Kartikeya Dwivedi (7): bpf: Add check_func_arg_reg_off function bpf: Fix PTR_TO_BTF_ID var_off check bpf: Disallow negative offset in check_ptr_off_reg bpf: Harden register offset checks for release helpers and kfuncs compiler_types.h: Add unified __diag_ignore_all for GCC/LLVM bpf: Replace __diag_ignore with unified __diag_ignore_all selftests/bpf: Add tests for kfunc register offset checks Nathan Chancellor (1): compiler-clang.h: Add __diag infrastructure for clang include/linux/bpf_verifier.h | 4 + include/linux/compiler-clang.h | 25 +++++ include/linux/compiler-gcc.h | 3 + include/linux/compiler_types.h | 4 + kernel/bpf/btf.c | 20 ++-- kernel/bpf/verifier.c | 94 +++++++++++++------ net/bpf/test_run.c | 15 ++- net/netfilter/nf_conntrack_bpf.c | 5 +- .../selftests/bpf/verifier/bounds_deduction.c | 2 +- tools/testing/selftests/bpf/verifier/calls.c | 83 ++++++++++++++++ tools/testing/selftests/bpf/verifier/ctx.c | 8 +- 11 files changed, 220 insertions(+), 43 deletions(-) -- 2.35.1
