Patch "bpf: take into account liveness when propagating precision" has been added to the 5.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    bpf: take into account liveness when propagating precision

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bpf-take-into-account-liveness-when-propagating-prec.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 11c74b4e4d66a405e6da9efb53e1b29c7a3e4b72
Author: Andrii Nakryiko <andrii@xxxxxxxxxx>
Date:   Thu Mar 9 14:41:31 2023 -0800

    bpf: take into account liveness when propagating precision
    
    [ Upstream commit 52c2b005a3c18c565fc70cfd0ca49375f301e952 ]
    
    When doing state comparison, if old state has register that is not
    marked as REG_LIVE_READ, then we just skip comparison, regardless what's
    the state of corresponing register in current state. This is because not
    REG_LIVE_READ register is irrelevant for further program execution and
    correctness. All good here.
    
    But when we get to precision propagation, after two states were declared
    equivalent, we don't take into account old register's liveness, and thus
    attempt to propagate precision for register in current state even if
    that register in old state was not REG_LIVE_READ anymore. This is bad,
    because register in current state could be anything at all and this
    could cause -EFAULT due to internal logic bugs.
    
    Fix by taking into account REG_LIVE_READ liveness mark to keep the logic
    in state comparison in sync with precision propagation.
    
    Fixes: a3ce685dd01a ("bpf: fix precision tracking")
    Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20230309224131.57449-1-andrii@xxxxxxxxxx
    Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 5a96a9dd51e4c..e2488a00efc5a 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -9550,7 +9550,8 @@ static int propagate_precision(struct bpf_verifier_env *env,
 		state_reg = state->regs;
 		for (i = 0; i < BPF_REG_FP; i++, state_reg++) {
 			if (state_reg->type != SCALAR_VALUE ||
-			    !state_reg->precise)
+			    !state_reg->precise ||
+			    !(state_reg->live & REG_LIVE_READ))
 				continue;
 			if (env->log.level & BPF_LOG_LEVEL2)
 				verbose(env, "frame %d: propagating r%d\n", i, fr);
@@ -9564,7 +9565,8 @@ static int propagate_precision(struct bpf_verifier_env *env,
 				continue;
 			state_reg = &state->stack[i].spilled_ptr;
 			if (state_reg->type != SCALAR_VALUE ||
-			    !state_reg->precise)
+			    !state_reg->precise ||
+			    !(state_reg->live & REG_LIVE_READ))
 				continue;
 			if (env->log.level & BPF_LOG_LEVEL2)
 				verbose(env, "frame %d: propagating fp%d\n",



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux