| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Dec 2020 07:03:15 +0800
From: kernel test robot <lkp@...el.com>
To: Hao Luo <haoluo@...gle.com>
Cc: kbuild-all@...ts.01.org, clang-built-linux@...glegroups.com,
linux-kernel@...r.kernel.org, Alexei Starovoitov <ast@...nel.org>
Subject: kernel/bpf/verifier.c:9689:12: warning: stack frame size of 1080
bytes in function 'resolve_pseudo_ldimm64'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: ca4bbdaf171604841f77648a2877e2e43db69b71
commit: eaa6bcb71ef6ed3dc18fc525ee7e293b06b4882b bpf: Introduce bpf_per_cpu_ptr()
date: 10 weeks ago
config: mips-randconfig-r026-20201209 (attached as .config)
compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project 1968804ac726e7674d5de22bc2204b45857da344)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install mips cross compiling tool for clang build
# apt-get install binutils-mips-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eaa6bcb71ef6ed3dc18fc525ee7e293b06b4882b
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout eaa6bcb71ef6ed3dc18fc525ee7e293b06b4882b
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
All warnings (new ones prefixed by >>):
>> kernel/bpf/verifier.c:9689:12: warning: stack frame size of 1080 bytes in function 'resolve_pseudo_ldimm64' [-Wframe-larger-than=]
static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env)
^
kernel/bpf/verifier.c:10747:12: warning: stack frame size of 1104 bytes in function 'fixup_bpf_calls' [-Wframe-larger-than=]
static int fixup_bpf_calls(struct bpf_verifier_env *env)
^
kernel/bpf/verifier.c:9163:12: warning: stack frame size of 3032 bytes in function 'do_check' [-Wframe-larger-than=]
static int do_check(struct bpf_verifier_env *env)
^
3 warnings generated.
vim +/resolve_pseudo_ldimm64 +9689 kernel/bpf/verifier.c
b741f1630346de Roman Gushchin 2018-09-28 9681
4976b718c3551f Hao Luo 2020-09-29 9682 /* find and rewrite pseudo imm in ld_imm64 instructions:
4976b718c3551f Hao Luo 2020-09-29 9683 *
4976b718c3551f Hao Luo 2020-09-29 9684 * 1. if it accesses map FD, replace it with actual map pointer.
4976b718c3551f Hao Luo 2020-09-29 9685 * 2. if it accesses btf_id of a VAR, replace it with pointer to the var.
4976b718c3551f Hao Luo 2020-09-29 9686 *
4976b718c3551f Hao Luo 2020-09-29 9687 * NOTE: btf_vmlinux is required for converting pseudo btf_id.
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9688 */
4976b718c3551f Hao Luo 2020-09-29 @9689 static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env)
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9690 {
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9691 struct bpf_insn *insn = env->prog->insnsi;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9692 int insn_cnt = env->prog->len;
fdc15d388d600d Alexei Starovoitov 2016-09-01 9693 int i, j, err;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9694
f1f7714ea51c56 Daniel Borkmann 2017-01-13 9695 err = bpf_prog_calc_tag(env->prog);
aafe6ae9cee32d Daniel Borkmann 2016-12-18 9696 if (err)
aafe6ae9cee32d Daniel Borkmann 2016-12-18 9697 return err;
aafe6ae9cee32d Daniel Borkmann 2016-12-18 9698
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9699 for (i = 0; i < insn_cnt; i++, insn++) {
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9700 if (BPF_CLASS(insn->code) == BPF_LDX &&
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9701 (BPF_MODE(insn->code) != BPF_MEM || insn->imm != 0)) {
61bd5218eef349 Jakub Kicinski 2017-10-09 9702 verbose(env, "BPF_LDX uses reserved fields\n");
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9703 return -EINVAL;
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9704 }
9bac3d6d548e5c Alexei Starovoitov 2015-03-13 9705
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9706 if (BPF_CLASS(insn->code) == BPF_STX &&
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9707 ((BPF_MODE(insn->code) != BPF_MEM &&
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9708 BPF_MODE(insn->code) != BPF_XADD) || insn->imm != 0)) {
61bd5218eef349 Jakub Kicinski 2017-10-09 9709 verbose(env, "BPF_STX uses reserved fields\n");
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9710 return -EINVAL;
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9711 }
d691f9e8d4405c Alexei Starovoitov 2015-06-04 9712
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9713 if (insn[0].code == (BPF_LD | BPF_IMM | BPF_DW)) {
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9714 struct bpf_insn_aux_data *aux;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9715 struct bpf_map *map;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9716 struct fd f;
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9717 u64 addr;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9718
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9719 if (i == insn_cnt - 1 || insn[1].code != 0 ||
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9720 insn[1].dst_reg != 0 || insn[1].src_reg != 0 ||
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9721 insn[1].off != 0) {
61bd5218eef349 Jakub Kicinski 2017-10-09 9722 verbose(env, "invalid bpf_ld_imm64 insn\n");
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9723 return -EINVAL;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9724 }
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9725
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9726 if (insn[0].src_reg == 0)
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9727 /* valid generic load 64-bit imm */
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9728 goto next_insn;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9729
4976b718c3551f Hao Luo 2020-09-29 9730 if (insn[0].src_reg == BPF_PSEUDO_BTF_ID) {
4976b718c3551f Hao Luo 2020-09-29 9731 aux = &env->insn_aux_data[i];
4976b718c3551f Hao Luo 2020-09-29 9732 err = check_pseudo_btf_id(env, insn, aux);
4976b718c3551f Hao Luo 2020-09-29 9733 if (err)
4976b718c3551f Hao Luo 2020-09-29 9734 return err;
4976b718c3551f Hao Luo 2020-09-29 9735 goto next_insn;
4976b718c3551f Hao Luo 2020-09-29 9736 }
4976b718c3551f Hao Luo 2020-09-29 9737
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9738 /* In final convert_pseudo_ld_imm64() step, this is
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9739 * converted into regular 64-bit imm load insn.
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9740 */
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9741 if ((insn[0].src_reg != BPF_PSEUDO_MAP_FD &&
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9742 insn[0].src_reg != BPF_PSEUDO_MAP_VALUE) ||
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9743 (insn[0].src_reg == BPF_PSEUDO_MAP_FD &&
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9744 insn[1].imm != 0)) {
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9745 verbose(env,
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9746 "unrecognized bpf_ld_imm64 insn\n");
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9747 return -EINVAL;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9748 }
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9749
20182390c41344 Daniel Borkmann 2019-03-04 9750 f = fdget(insn[0].imm);
c210129760a010 Daniel Borkmann 2015-10-29 9751 map = __bpf_map_get(f);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9752 if (IS_ERR(map)) {
61bd5218eef349 Jakub Kicinski 2017-10-09 9753 verbose(env, "fd %d is not pointing to valid bpf_map\n",
20182390c41344 Daniel Borkmann 2019-03-04 9754 insn[0].imm);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9755 return PTR_ERR(map);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9756 }
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9757
61bd5218eef349 Jakub Kicinski 2017-10-09 9758 err = check_map_prog_compatibility(env, map, env->prog);
fdc15d388d600d Alexei Starovoitov 2016-09-01 9759 if (err) {
fdc15d388d600d Alexei Starovoitov 2016-09-01 9760 fdput(f);
fdc15d388d600d Alexei Starovoitov 2016-09-01 9761 return err;
fdc15d388d600d Alexei Starovoitov 2016-09-01 9762 }
fdc15d388d600d Alexei Starovoitov 2016-09-01 9763
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9764 aux = &env->insn_aux_data[i];
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9765 if (insn->src_reg == BPF_PSEUDO_MAP_FD) {
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9766 addr = (unsigned long)map;
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9767 } else {
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9768 u32 off = insn[1].imm;
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9769
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9770 if (off >= BPF_MAX_VAR_OFF) {
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9771 verbose(env, "direct value offset of %u is not allowed\n", off);
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9772 fdput(f);
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9773 return -EINVAL;
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9774 }
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9775
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9776 if (!map->ops->map_direct_value_addr) {
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9777 verbose(env, "no direct value access support for this map type\n");
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9778 fdput(f);
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9779 return -EINVAL;
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9780 }
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9781
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9782 err = map->ops->map_direct_value_addr(map, &addr, off);
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9783 if (err) {
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9784 verbose(env, "invalid access to map value pointer, value_size=%u off=%u\n",
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9785 map->value_size, off);
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9786 fdput(f);
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9787 return err;
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9788 }
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9789
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9790 aux->map_off = off;
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9791 addr += off;
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9792 }
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9793
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9794 insn[0].imm = (u32)addr;
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9795 insn[1].imm = addr >> 32;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9796
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9797 /* check whether we recorded this map already */
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9798 for (j = 0; j < env->used_map_cnt; j++) {
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9799 if (env->used_maps[j] == map) {
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9800 aux->map_index = j;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9801 fdput(f);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9802 goto next_insn;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9803 }
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9804 }
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9805
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9806 if (env->used_map_cnt >= MAX_USED_MAPS) {
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9807 fdput(f);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9808 return -E2BIG;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9809 }
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9810
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9811 /* hold the map. If the program is rejected by verifier,
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9812 * the map will be released by release_maps() or it
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9813 * will be used by the valid program until it's unloaded
ab7f5bf0928be2 Jakub Kicinski 2018-05-03 9814 * and all maps are released in free_used_maps()
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9815 */
1e0bd5a091e5d9 Andrii Nakryiko 2019-11-17 9816 bpf_map_inc(map);
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9817
d8eca5bbb2be9b Daniel Borkmann 2019-04-09 9818 aux->map_index = env->used_map_cnt;
92117d8443bc5a Alexei Starovoitov 2016-04-27 9819 env->used_maps[env->used_map_cnt++] = map;
92117d8443bc5a Alexei Starovoitov 2016-04-27 9820
b741f1630346de Roman Gushchin 2018-09-28 9821 if (bpf_map_is_cgroup_storage(map) &&
e47304232b3733 Daniel Borkmann 2019-12-17 9822 bpf_cgroup_storage_assign(env->prog->aux, map)) {
b741f1630346de Roman Gushchin 2018-09-28 9823 verbose(env, "only one cgroup storage of each type is allowed\n");
de9cbbaadba5ad Roman Gushchin 2018-08-02 9824 fdput(f);
de9cbbaadba5ad Roman Gushchin 2018-08-02 9825 return -EBUSY;
de9cbbaadba5ad Roman Gushchin 2018-08-02 9826 }
de9cbbaadba5ad Roman Gushchin 2018-08-02 9827
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9828 fdput(f);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9829 next_insn:
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9830 insn++;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9831 i++;
5e581dad4fec0e Daniel Borkmann 2018-01-26 9832 continue;
5e581dad4fec0e Daniel Borkmann 2018-01-26 9833 }
5e581dad4fec0e Daniel Borkmann 2018-01-26 9834
5e581dad4fec0e Daniel Borkmann 2018-01-26 9835 /* Basic sanity check before we invest more work here. */
5e581dad4fec0e Daniel Borkmann 2018-01-26 9836 if (!bpf_opcode_in_insntable(insn->code)) {
5e581dad4fec0e Daniel Borkmann 2018-01-26 9837 verbose(env, "unknown opcode %02x\n", insn->code);
5e581dad4fec0e Daniel Borkmann 2018-01-26 9838 return -EINVAL;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9839 }
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9840 }
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9841
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9842 /* now all pseudo BPF_LD_IMM64 instructions load valid
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9843 * 'struct bpf_map *' into a register instead of user map_fd.
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9844 * These pointers will be used later by verifier to validate map access.
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9845 */
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9846 return 0;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9847 }
0246e64d9a5fcd Alexei Starovoitov 2014-09-26 9848
:::::: The code at line 9689 was first introduced by commit
:::::: 4976b718c3551faba2c0616ef55ebeb74db1c5ca bpf: Introduce pseudo_btf_id
:::::: TO: Hao Luo <haoluo@...gle.com>
:::::: CC: Alexei Starovoitov <ast@...nel.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (26622 bytes)
Powered by blists - more mailing lists