| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e186cbd5-4c22-8069-717d-35bb8f8e4fff@fb.com>
Date: Fri, 29 Jul 2022 10:15:21 -0700
From: Yonghong Song <yhs@...com>
To: Zeng Jingxiang <zengjx95@...il.com>, ast@...nel.org,
daniel@...earbox.net, john.fastabend@...il.com, andrii@...nel.org,
martin.lau@...ux.dev, song@...nel.org, kpsingh@...nel.org,
sdf@...gle.com, haoluo@...gle.com, jolsa@...nel.org
Cc: bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
Zeng Jingxiang <linuszeng@...cent.com>
Subject: Re: [PATCH] bpf/verifier: fix control flow issues in
__reg64_bound_u32()
On 7/28/22 10:49 PM, Zeng Jingxiang wrote:
> From: Zeng Jingxiang <linuszeng@...cent.com>
>
> This greater-than-or-equal-to-zero comparison of an unsigned value
> is always true. "a >= U32_MIN".
> 1632 return a >= U32_MIN && a <= U32_MAX;
>
> Fixes: b9979db83401 ("bpf: Fix propagation of bounds from 64-bit min/max into 32-bit and var_off.")
> Signed-off-by: Zeng Jingxiang <linuszeng@...cent.com>
> ---
> kernel/bpf/verifier.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 0efbac0fd126..dd67108fb1d7 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -1629,7 +1629,7 @@ static bool __reg64_bound_s32(s64 a)
>
> static bool __reg64_bound_u32(u64 a)
> {
> - return a >= U32_MIN && a <= U32_MAX;
> + return a <= U32_MAX;
> }
I cannot find the related link. But IIRC, Alexei commented that
the code is written this way to express the intention (within
32bit bounds) so this patch is unnecessary...
>
> static void __reg_combine_64_into_32(struct bpf_reg_state *reg)
Powered by blists - more mailing lists