在 2021/7/31 11:14, Yu Changchun 写道:
From: Daniel Borkmann <daniel(a)iogearbox.net>
stable inclusion
from linux-4.19.193
commit d1e281d6cb8841122c4677b47fcebdc6f410bd74
category: bugfix
issue: #I42H19
CVE: NA
--------------------------------
[ no upstream commit ]
Switch the comparison, so that is_branch_taken() will recognize that below
branch is never taken:
[...]
17: [...] R1_w=inv0 [...]
R8_w=inv(id=0,smin_value=-2147483648,smax_value=-1,umin_value=18446744071562067968,var_off=(0xffffffff80000000;
0x7fffffff)) [...]
17: (67) r8 <<= 32
18: [...]
R8_w=inv(id=0,smax_value=-4294967296,umin_value=9223372036854775808,umax_value=18446744069414584320,var_off=(0x8000000000000000;
0x7fffffff00000000)) [...]
18: (c7) r8 s>>= 32
19: [...]
R8_w=inv(id=0,smin_value=-2147483648,smax_value=-1,umin_value=18446744071562067968,var_off=(0xffffffff80000000;
0x7fffffff)) [...]
19: (6d) if r1 s> r8 goto pc+16
[...] R1_w=inv0 [...]
R8_w=inv(id=0,smin_value=-2147483648,smax_value=-1,umin_value=18446744071562067968,var_off=(0xffffffff80000000;
0x7fffffff)) [...]
[...]
Currently we check for is_branch_taken() only if either K is source, or source
is a scalar value that is const. For upstream it would be good to extend this
properly to check whether dst is const and src not.
For the sake of the test_verifier, it is probably not needed here:
# ./test_verifier 101
#101/p bpf_get_stack return R0 within range OK
Summary: 1 PASSED, 0 SKIPPED, 0 FAILED
I haven't seen this issue in test_progs* though, they are passing fine:
# ./test_progs-no_alu32 -t get_stack
Switching to flavor 'no_alu32' subdirectory...
#20 get_stack_raw_tp:OK
Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED
# ./test_progs -t get_stack
#20 get_stack_raw_tp:OK
Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net>
Acked-by: Alexei Starovoitov <ast(a)kernel.org>
Acked-by: John Fastabend <john.fastabend(a)gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
[OP: backport to 4.19]
Signed-off-by: Ovidiu Panait <ovidiu.panait(a)windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com>
Signed-off-by: Yu Changchun <yuchangchun1(a)huawei.com>
Looks good to me