| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f99a31f62c19262fcad7debf10ede0bb0b970af4.camel@gmail.com>
Date: Fri, 13 Dec 2024 15:14:12 -0800
From: Eduard Zingerman <eddyz87@...il.com>
To: Kumar Kartikeya Dwivedi <memxor@...il.com>, Daniel Xu <dxu@...uu.xyz>
Cc: andrii@...nel.org, ast@...nel.org, shuah@...nel.org,
daniel@...earbox.net, john.fastabend@...il.com, martin.lau@...ux.dev,
song@...nel.org, yonghong.song@...ux.dev, kpsingh@...nel.org,
sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org, mykolal@...com,
bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH bpf-next v5 4/5] bpf: verifier: Support eliding map
lookup nullness
On Sat, 2024-12-14 at 00:10 +0100, Kumar Kartikeya Dwivedi wrote:
[...]
> > @@ -11199,10 +11266,17 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
> > "kernel subsystem misconfigured verifier\n");
> > return -EINVAL;
> > }
> > +
> > + if (func_id == BPF_FUNC_map_lookup_elem &&
> > + can_elide_value_nullness(meta.map_ptr->map_type) &&
> > + meta.const_map_key >= 0 &&
> > + meta.const_map_key < meta.map_ptr->max_entries)
> > + ret_flag &= ~PTR_MAYBE_NULL;
>
> I think we probably need mark_chain_precision applied on the constant
> key since its concrete value is made use of here to prevent pruning on
> it. If it's already happening and I missed it, I think we should
> atleast add a comment.
>
> For context of a similar case with tail calls, see commit
> cc52d9140aa9 ("bpf: Fix record_func_key to perform backtracking on r3")
> for what happens when it is missed.
Great point, I'm sure this does not happen.
[...]
Powered by blists - more mailing lists