| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <12ff965a-12d7-e7f4-a577-5e645d4ff6c0@meta.com>
Date: Sun, 18 Jun 2023 15:52:11 -0700
From: Yonghong Song <yhs@...a.com>
To: menglong8.dong@...il.com, alexei.starovoitov@...il.com
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, song@...nel.org, yhs@...com,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...gle.com,
haoluo@...gle.com, jolsa@...nel.org, benbjiang@...cent.com,
bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
Menglong Dong <imagedong@...cent.com>
Subject: Re: [PATCH bpf-next v5 1/3] bpf, x86: clean garbage values when store
args from regs into stack
On 6/12/23 7:52 PM, menglong8.dong@...il.com wrote:
> From: Menglong Dong <imagedong@...cent.com>
>
> There are garbage values in upper bytes when we store the arguments
> into stack in save_regs() if the size of the argument less then 8.
>
> As we already reserve 8 byte for the arguments in regs and stack,
> it is ok to store/restore the regs in BPF_DW size. Then, the garbage
> values in upper bytes will be cleaned.
Please make it clear that there are no bugs in the existing code
since for each argument, a type case will happen like
(parameter_type)ctx[stack_slot]
where ctx[] is an u64 type array. The compiler will generate
correct code to do type casting so garbage value will not impact
the final result. But indeed, uniformly
do save/restore with BPF_DW size can simplify code.
>
> Signed-off-by: Menglong Dong <imagedong@...cent.com>
Acked-by: Yonghong Song <yhs@...com>
> ---
> arch/x86/net/bpf_jit_comp.c | 35 ++++++-----------------------------
> 1 file changed, 6 insertions(+), 29 deletions(-)
>
> diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
> index 1056bbf55b17..a407fbbffecd 100644
> --- a/arch/x86/net/bpf_jit_comp.c
> +++ b/arch/x86/net/bpf_jit_comp.c
> @@ -1860,57 +1860,34 @@ st: if (is_imm8(insn->off))
> static void save_regs(const struct btf_func_model *m, u8 **prog, int nr_regs,
> int stack_size)
> {
> - int i, j, arg_size;
> - bool next_same_struct = false;
> + int i;
>
> /* Store function arguments to stack.
> * For a function that accepts two pointers the sequence will be:
> * mov QWORD PTR [rbp-0x10],rdi
> * mov QWORD PTR [rbp-0x8],rsi
> */
> - for (i = 0, j = 0; i < min(nr_regs, 6); i++) {
> - /* The arg_size is at most 16 bytes, enforced by the verifier. */
> - arg_size = m->arg_size[j];
> - if (arg_size > 8) {
> - arg_size = 8;
> - next_same_struct = !next_same_struct;
> - }
> -
> - emit_stx(prog, bytes_to_bpf_size(arg_size),
> - BPF_REG_FP,
> + for (i = 0; i < min(nr_regs, 6); i++)
> + emit_stx(prog, BPF_DW, BPF_REG_FP,
> i == 5 ? X86_REG_R9 : BPF_REG_1 + i,
> -(stack_size - i * 8));
> -
> - j = next_same_struct ? j : j + 1;
> - }
> }
>
[...]
Powered by blists - more mailing lists