Re: [PATCH bpf-next v1 2/7] bpf: Propagate errors from process_* checks in check_func_arg

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Nov 14, 2022 at 4:01 PM Kumar Kartikeya Dwivedi
<memxor@xxxxxxxxx> wrote:
>
> Currently, we simply ignore the errors in process_spin_lock,
> process_timer_func, process_kptr_func, process_dynptr_func.
> Instead, bubble up storing and checking err variable.
>
> Signed-off-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>

Acked-by: Joanne Koong <joannelkoong@xxxxxxxxx>

> ---
>  kernel/bpf/verifier.c | 25 +++++++++++++++----------
>  1 file changed, 15 insertions(+), 10 deletions(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 56f48ab9827f..41ef7e4b73e4 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -6220,19 +6220,22 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,
>                 break;
>         case ARG_PTR_TO_SPIN_LOCK:
>                 if (meta->func_id == BPF_FUNC_spin_lock) {
> -                       if (process_spin_lock(env, regno, true))
> -                               return -EACCES;
> +                       err = process_spin_lock(env, regno, true);
> +                       if (err)
> +                               return err;
>                 } else if (meta->func_id == BPF_FUNC_spin_unlock) {
> -                       if (process_spin_lock(env, regno, false))
> -                               return -EACCES;
> +                       err = process_spin_lock(env, regno, false);
> +                       if (err)
> +                               return err;
>                 } else {
>                         verbose(env, "verifier internal error\n");
>                         return -EFAULT;
>                 }
>                 break;
>         case ARG_PTR_TO_TIMER:
> -               if (process_timer_func(env, regno, meta))
> -                       return -EACCES;
> +               err = process_timer_func(env, regno, meta);
> +               if (err)
> +                       return err;
>                 break;
>         case ARG_PTR_TO_FUNC:
>                 meta->subprogno = reg->subprogno;
> @@ -6255,8 +6258,9 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,
>                 err = check_mem_size_reg(env, reg, regno, true, meta);
>                 break;
>         case ARG_PTR_TO_DYNPTR:
> -               if (process_dynptr_func(env, regno, arg_type, meta))
> -                       return -EACCES;
> +               err = process_dynptr_func(env, regno, arg_type, meta);
> +               if (err)
> +                       return err;
>                 break;
>         case ARG_CONST_ALLOC_SIZE_OR_ZERO:
>                 if (!tnum_is_const(reg->var_off)) {
> @@ -6323,8 +6327,9 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,
>                 break;
>         }
>         case ARG_PTR_TO_KPTR:
> -               if (process_kptr_func(env, regno, meta))
> -                       return -EACCES;
> +               err = process_kptr_func(env, regno, meta);
> +               if (err)
> +                       return err;
>                 break;
>         }
>
> --
> 2.38.1
>
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux