| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220108022212.962-1-yichun@openresty.com>
Date: Fri, 7 Jan 2022 18:22:12 -0800
From: "Yichun Zhang (agentzh)" <yichun@...nresty.com>
To: yichun@...nresty.com
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
netdev@...r.kernel.org, bpf@...r.kernel.org,
linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Subject: [PATCH] bpf: btf: Fix a var size check in validator
The btf validator should croak when the variable size is larger than
its type size, not less. The LLVM optimizer may use smaller sizes for
the C type.
We ran into this issue with real-world BPF programs emitted by the
latest version of Clang/LLVM.
Fixes: 1dc92851849cc ("bpf: kernel side support for BTF Var and DataSec")
Signed-off-by: Yichun Zhang (agentzh) <yichun@...nresty.com>
---
kernel/bpf/btf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 9bdb03767db5..2a6967b13ce1 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -3696,7 +3696,7 @@ static int btf_datasec_resolve(struct btf_verifier_env *env,
return -EINVAL;
}
- if (vsi->size < type_size) {
+ if (vsi->size > type_size) {
btf_verifier_log_vsi(env, v->t, vsi, "Invalid size");
return -EINVAL;
}
--
2.17.2
Powered by blists - more mailing lists