lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202012100704.8UVeIwk8-lkp@intel.com>
Date:   Thu, 10 Dec 2020 07:03:15 +0800
From:   kernel test robot <lkp@...el.com>
To:     Hao Luo <haoluo@...gle.com>
Cc:     kbuild-all@...ts.01.org, clang-built-linux@...glegroups.com,
        linux-kernel@...r.kernel.org, Alexei Starovoitov <ast@...nel.org>
Subject: kernel/bpf/verifier.c:9689:12: warning: stack frame size of 1080
 bytes in function 'resolve_pseudo_ldimm64'

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   ca4bbdaf171604841f77648a2877e2e43db69b71
commit: eaa6bcb71ef6ed3dc18fc525ee7e293b06b4882b bpf: Introduce bpf_per_cpu_ptr()
date:   10 weeks ago
config: mips-randconfig-r026-20201209 (attached as .config)
compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project 1968804ac726e7674d5de22bc2204b45857da344)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install mips cross compiling tool for clang build
        # apt-get install binutils-mips-linux-gnu
        # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eaa6bcb71ef6ed3dc18fc525ee7e293b06b4882b
        git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
        git fetch --no-tags linus master
        git checkout eaa6bcb71ef6ed3dc18fc525ee7e293b06b4882b
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

All warnings (new ones prefixed by >>):

>> kernel/bpf/verifier.c:9689:12: warning: stack frame size of 1080 bytes in function 'resolve_pseudo_ldimm64' [-Wframe-larger-than=]
   static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env)
              ^
   kernel/bpf/verifier.c:10747:12: warning: stack frame size of 1104 bytes in function 'fixup_bpf_calls' [-Wframe-larger-than=]
   static int fixup_bpf_calls(struct bpf_verifier_env *env)
              ^
   kernel/bpf/verifier.c:9163:12: warning: stack frame size of 3032 bytes in function 'do_check' [-Wframe-larger-than=]
   static int do_check(struct bpf_verifier_env *env)
              ^
   3 warnings generated.

vim +/resolve_pseudo_ldimm64 +9689 kernel/bpf/verifier.c

b741f1630346de Roman Gushchin     2018-09-28  9681  
4976b718c3551f Hao Luo            2020-09-29  9682  /* find and rewrite pseudo imm in ld_imm64 instructions:
4976b718c3551f Hao Luo            2020-09-29  9683   *
4976b718c3551f Hao Luo            2020-09-29  9684   * 1. if it accesses map FD, replace it with actual map pointer.
4976b718c3551f Hao Luo            2020-09-29  9685   * 2. if it accesses btf_id of a VAR, replace it with pointer to the var.
4976b718c3551f Hao Luo            2020-09-29  9686   *
4976b718c3551f Hao Luo            2020-09-29  9687   * NOTE: btf_vmlinux is required for converting pseudo btf_id.
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9688   */
4976b718c3551f Hao Luo            2020-09-29 @9689  static int resolve_pseudo_ldimm64(struct bpf_verifier_env *env)
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9690  {
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9691  	struct bpf_insn *insn = env->prog->insnsi;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9692  	int insn_cnt = env->prog->len;
fdc15d388d600d Alexei Starovoitov 2016-09-01  9693  	int i, j, err;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9694  
f1f7714ea51c56 Daniel Borkmann    2017-01-13  9695  	err = bpf_prog_calc_tag(env->prog);
aafe6ae9cee32d Daniel Borkmann    2016-12-18  9696  	if (err)
aafe6ae9cee32d Daniel Borkmann    2016-12-18  9697  		return err;
aafe6ae9cee32d Daniel Borkmann    2016-12-18  9698  
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9699  	for (i = 0; i < insn_cnt; i++, insn++) {
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9700  		if (BPF_CLASS(insn->code) == BPF_LDX &&
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9701  		    (BPF_MODE(insn->code) != BPF_MEM || insn->imm != 0)) {
61bd5218eef349 Jakub Kicinski     2017-10-09  9702  			verbose(env, "BPF_LDX uses reserved fields\n");
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9703  			return -EINVAL;
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9704  		}
9bac3d6d548e5c Alexei Starovoitov 2015-03-13  9705  
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9706  		if (BPF_CLASS(insn->code) == BPF_STX &&
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9707  		    ((BPF_MODE(insn->code) != BPF_MEM &&
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9708  		      BPF_MODE(insn->code) != BPF_XADD) || insn->imm != 0)) {
61bd5218eef349 Jakub Kicinski     2017-10-09  9709  			verbose(env, "BPF_STX uses reserved fields\n");
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9710  			return -EINVAL;
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9711  		}
d691f9e8d4405c Alexei Starovoitov 2015-06-04  9712  
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9713  		if (insn[0].code == (BPF_LD | BPF_IMM | BPF_DW)) {
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9714  			struct bpf_insn_aux_data *aux;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9715  			struct bpf_map *map;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9716  			struct fd f;
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9717  			u64 addr;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9718  
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9719  			if (i == insn_cnt - 1 || insn[1].code != 0 ||
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9720  			    insn[1].dst_reg != 0 || insn[1].src_reg != 0 ||
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9721  			    insn[1].off != 0) {
61bd5218eef349 Jakub Kicinski     2017-10-09  9722  				verbose(env, "invalid bpf_ld_imm64 insn\n");
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9723  				return -EINVAL;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9724  			}
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9725  
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9726  			if (insn[0].src_reg == 0)
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9727  				/* valid generic load 64-bit imm */
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9728  				goto next_insn;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9729  
4976b718c3551f Hao Luo            2020-09-29  9730  			if (insn[0].src_reg == BPF_PSEUDO_BTF_ID) {
4976b718c3551f Hao Luo            2020-09-29  9731  				aux = &env->insn_aux_data[i];
4976b718c3551f Hao Luo            2020-09-29  9732  				err = check_pseudo_btf_id(env, insn, aux);
4976b718c3551f Hao Luo            2020-09-29  9733  				if (err)
4976b718c3551f Hao Luo            2020-09-29  9734  					return err;
4976b718c3551f Hao Luo            2020-09-29  9735  				goto next_insn;
4976b718c3551f Hao Luo            2020-09-29  9736  			}
4976b718c3551f Hao Luo            2020-09-29  9737  
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9738  			/* In final convert_pseudo_ld_imm64() step, this is
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9739  			 * converted into regular 64-bit imm load insn.
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9740  			 */
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9741  			if ((insn[0].src_reg != BPF_PSEUDO_MAP_FD &&
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9742  			     insn[0].src_reg != BPF_PSEUDO_MAP_VALUE) ||
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9743  			    (insn[0].src_reg == BPF_PSEUDO_MAP_FD &&
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9744  			     insn[1].imm != 0)) {
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9745  				verbose(env,
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9746  					"unrecognized bpf_ld_imm64 insn\n");
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9747  				return -EINVAL;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9748  			}
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9749  
20182390c41344 Daniel Borkmann    2019-03-04  9750  			f = fdget(insn[0].imm);
c210129760a010 Daniel Borkmann    2015-10-29  9751  			map = __bpf_map_get(f);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9752  			if (IS_ERR(map)) {
61bd5218eef349 Jakub Kicinski     2017-10-09  9753  				verbose(env, "fd %d is not pointing to valid bpf_map\n",
20182390c41344 Daniel Borkmann    2019-03-04  9754  					insn[0].imm);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9755  				return PTR_ERR(map);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9756  			}
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9757  
61bd5218eef349 Jakub Kicinski     2017-10-09  9758  			err = check_map_prog_compatibility(env, map, env->prog);
fdc15d388d600d Alexei Starovoitov 2016-09-01  9759  			if (err) {
fdc15d388d600d Alexei Starovoitov 2016-09-01  9760  				fdput(f);
fdc15d388d600d Alexei Starovoitov 2016-09-01  9761  				return err;
fdc15d388d600d Alexei Starovoitov 2016-09-01  9762  			}
fdc15d388d600d Alexei Starovoitov 2016-09-01  9763  
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9764  			aux = &env->insn_aux_data[i];
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9765  			if (insn->src_reg == BPF_PSEUDO_MAP_FD) {
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9766  				addr = (unsigned long)map;
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9767  			} else {
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9768  				u32 off = insn[1].imm;
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9769  
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9770  				if (off >= BPF_MAX_VAR_OFF) {
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9771  					verbose(env, "direct value offset of %u is not allowed\n", off);
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9772  					fdput(f);
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9773  					return -EINVAL;
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9774  				}
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9775  
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9776  				if (!map->ops->map_direct_value_addr) {
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9777  					verbose(env, "no direct value access support for this map type\n");
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9778  					fdput(f);
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9779  					return -EINVAL;
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9780  				}
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9781  
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9782  				err = map->ops->map_direct_value_addr(map, &addr, off);
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9783  				if (err) {
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9784  					verbose(env, "invalid access to map value pointer, value_size=%u off=%u\n",
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9785  						map->value_size, off);
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9786  					fdput(f);
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9787  					return err;
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9788  				}
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9789  
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9790  				aux->map_off = off;
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9791  				addr += off;
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9792  			}
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9793  
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9794  			insn[0].imm = (u32)addr;
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9795  			insn[1].imm = addr >> 32;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9796  
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9797  			/* check whether we recorded this map already */
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9798  			for (j = 0; j < env->used_map_cnt; j++) {
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9799  				if (env->used_maps[j] == map) {
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9800  					aux->map_index = j;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9801  					fdput(f);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9802  					goto next_insn;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9803  				}
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9804  			}
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9805  
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9806  			if (env->used_map_cnt >= MAX_USED_MAPS) {
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9807  				fdput(f);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9808  				return -E2BIG;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9809  			}
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9810  
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9811  			/* hold the map. If the program is rejected by verifier,
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9812  			 * the map will be released by release_maps() or it
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9813  			 * will be used by the valid program until it's unloaded
ab7f5bf0928be2 Jakub Kicinski     2018-05-03  9814  			 * and all maps are released in free_used_maps()
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9815  			 */
1e0bd5a091e5d9 Andrii Nakryiko    2019-11-17  9816  			bpf_map_inc(map);
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9817  
d8eca5bbb2be9b Daniel Borkmann    2019-04-09  9818  			aux->map_index = env->used_map_cnt;
92117d8443bc5a Alexei Starovoitov 2016-04-27  9819  			env->used_maps[env->used_map_cnt++] = map;
92117d8443bc5a Alexei Starovoitov 2016-04-27  9820  
b741f1630346de Roman Gushchin     2018-09-28  9821  			if (bpf_map_is_cgroup_storage(map) &&
e47304232b3733 Daniel Borkmann    2019-12-17  9822  			    bpf_cgroup_storage_assign(env->prog->aux, map)) {
b741f1630346de Roman Gushchin     2018-09-28  9823  				verbose(env, "only one cgroup storage of each type is allowed\n");
de9cbbaadba5ad Roman Gushchin     2018-08-02  9824  				fdput(f);
de9cbbaadba5ad Roman Gushchin     2018-08-02  9825  				return -EBUSY;
de9cbbaadba5ad Roman Gushchin     2018-08-02  9826  			}
de9cbbaadba5ad Roman Gushchin     2018-08-02  9827  
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9828  			fdput(f);
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9829  next_insn:
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9830  			insn++;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9831  			i++;
5e581dad4fec0e Daniel Borkmann    2018-01-26  9832  			continue;
5e581dad4fec0e Daniel Borkmann    2018-01-26  9833  		}
5e581dad4fec0e Daniel Borkmann    2018-01-26  9834  
5e581dad4fec0e Daniel Borkmann    2018-01-26  9835  		/* Basic sanity check before we invest more work here. */
5e581dad4fec0e Daniel Borkmann    2018-01-26  9836  		if (!bpf_opcode_in_insntable(insn->code)) {
5e581dad4fec0e Daniel Borkmann    2018-01-26  9837  			verbose(env, "unknown opcode %02x\n", insn->code);
5e581dad4fec0e Daniel Borkmann    2018-01-26  9838  			return -EINVAL;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9839  		}
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9840  	}
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9841  
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9842  	/* now all pseudo BPF_LD_IMM64 instructions load valid
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9843  	 * 'struct bpf_map *' into a register instead of user map_fd.
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9844  	 * These pointers will be used later by verifier to validate map access.
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9845  	 */
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9846  	return 0;
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9847  }
0246e64d9a5fcd Alexei Starovoitov 2014-09-26  9848  

:::::: The code at line 9689 was first introduced by commit
:::::: 4976b718c3551faba2c0616ef55ebeb74db1c5ca bpf: Introduce pseudo_btf_id

:::::: TO: Hao Luo <haoluo@...gle.com>
:::::: CC: Alexei Starovoitov <ast@...nel.org>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (26622 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ