Re: [PATCH] bpf: btf: Fix a var size check in validator

From: Yonghong Song
Date: Sat Jan 08 2022 - 13:54:27 EST

Next message: David Heidelberg: "Re: [PATCH] dt-bindings: mfd: syscon: Add Qualcomm TCSR registers"
Previous message: David Heidelberg: "[PATCH v3] dt-bindings: iommu: Convert msm,iommu-v0 to yaml"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/7/22 6:22 PM, Yichun Zhang (agentzh) wrote:

The btf validator should croak when the variable size is larger than
its type size, not less. The LLVM optimizer may use smaller sizes for
the C type.

We ran into this issue with real-world BPF programs emitted by the
latest version of Clang/LLVM.

Could you give an example to show we have variable size is less than type_size?

Fixes: 1dc92851849cc ("bpf: kernel side support for BTF Var and DataSec")
Signed-off-by: Yichun Zhang (agentzh) <yichun@xxxxxxxxxxxxx>
---
kernel/bpf/btf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 9bdb03767db5..2a6967b13ce1 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -3696,7 +3696,7 @@ static int btf_datasec_resolve(struct btf_verifier_env *env,
return -EINVAL;
}
- if (vsi->size < type_size) {
+ if (vsi->size > type_size) {
btf_verifier_log_vsi(env, v->t, vsi, "Invalid size");
return -EINVAL;
}

The fix is incorrect. We do have cases where variable size greater than type_size. For example,

$ cat t.c
struct t {
int g;
char a[];
} v = {1, {'a', 'b', 'c', 0}};

The type (struct t) size is 4, but the variable size is 8.

Next message: David Heidelberg: "Re: [PATCH] dt-bindings: mfd: syscon: Add Qualcomm TCSR registers"
Previous message: David Heidelberg: "[PATCH v3] dt-bindings: iommu: Convert msm,iommu-v0 to yaml"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]