| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <65ff9c62d0d2c355121468b04c0701081d3275fd.camel@gmail.com>
Date: Fri, 21 Mar 2025 15:24:04 -0700
From: Eduard Zingerman <eddyz87@...il.com>
To: Kohei Enju <enjuk@...zon.com>, bpf@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann
<daniel@...earbox.net>, John Fastabend <john.fastabend@...il.com>, Andrii
Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>,
Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, KP
Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo
<haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Peilin Ye
<yepeilin@...gle.com>, Ilya Leoshkevich <iii@...ux.ibm.com>, Kuniyuki
Iwashima <kuniyu@...zon.com>, kohei.enju@...il.com
Subject: Re: [PATCH v2 bpf-next 2/2] selftests/bpf: Add selftests for
load-acquire/store-release when register number is invalid
On Fri, 2025-03-21 at 19:59 +0900, Kohei Enju wrote:
Hi Kohei,
Thank you for adding these tests.
[...]
> +SEC("socket")
> +__description("load-acquire with invalid register R11")
> +__failure __failure_unpriv __msg("R11 is invalid")
> +__naked void load_acquire_with_invalid_reg(void)
> +{
> + asm volatile (
> + ".8byte %[load_acquire_insn];" // r0 = load_acquire((u64 *)(r11 + 0));
> + "exit;"
> + :
> + : __imm_insn(load_acquire_insn,
> + BPF_ATOMIC_OP(BPF_DW, BPF_LOAD_ACQ, BPF_REG_0, 11 /* invalid reg */, 0))
> + : __clobber_all);
> +}
> +
> #else /* CAN_USE_LOAD_ACQ_STORE_REL */
>
> SEC("socket")
> diff --git a/tools/testing/selftests/bpf/progs/verifier_store_release.c b/tools/testing/selftests/bpf/progs/verifier_store_release.c
> index cd6f1e5f378b..2dc1d713b4a6 100644
> --- a/tools/testing/selftests/bpf/progs/verifier_store_release.c
> +++ b/tools/testing/selftests/bpf/progs/verifier_store_release.c
> @@ -257,6 +257,20 @@ __naked void store_release_leak_pointer_to_map(void)
> : __clobber_all);
> }
>
> +SEC("socket")
> +__description("store-release with invalid register R11")
> +__failure __failure_unpriv __msg("R11 is invalid")
> +__naked void store_release_with_invalid_reg(void)
> +{
> + asm volatile (
> + ".8byte %[store_release_insn];" // store_release((u64 *)(r11 + 0), r1);
> + "exit;"
> + :
> + : __imm_insn(store_release_insn,
> + BPF_ATOMIC_OP(BPF_DW, BPF_STORE_REL, 11 /* invalid reg */, BPF_REG_1, 0))
On my machine / config, the value of 11 was too small to trigger the
KASAN warning. Value of 12 was sufficient.
Curious if it is my config, did you see KASAN warning locally when running this test
before applying the fix?
Maybe set the value to 15 here and above to maximize probability of KASAN warning?
> + : __clobber_all);
> +}
> +
> #else
>
> SEC("socket")
Powered by blists - more mailing lists