!1337 [sync] PR-1335: bpf: Fix incorrect verifier pruning due to missing register precision taints

Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/1335 PR sync from: Pu Lehui <pulehui@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/U3JJGUSJTF5PH22SUDWUTPBSGUN6AUFJ/ Link:https://gitee.com/openeuler/kernel/pulls/1337 Reviewed-by: Xu Kuohai <xukuohai@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

!1337 [sync] PR-1335: bpf: Fix incorrect verifier pruning due to missing register precision taints
Merge Pull Request from: @openeuler-sync-bot Origin pull request: https://gitee.com/openeuler/kernel/pulls/1335 PR sync from: Pu Lehui <pulehui@huawei.com> https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/U3JJGUSJTF5PH22SUDWUTPBSGUN6AUFJ/ Link:https://gitee.com/openeuler/kernel/pulls/1337 Reviewed-by: Xu Kuohai <xukuohai@huawei.com> Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>
c47d45df · openeuler-ci-bot · Gitee · 10c9fe8d · a1b310b4 · c47d45df
隐藏空白更改
内联并排

Showing with 15 addition and 0 deletion

kernel/bpf/verifier.c kernel/bpf/verifier.c +15 -0

未找到文件。
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1922,6 +1922,21 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx,
 			}
 		} else if (opcode == BPF_EXIT) {
 			return -ENOTSUPP;
+		} else if (BPF_SRC(insn->code) == BPF_X) {
+			if (!(*reg_mask & (dreg | sreg)))
+				return 0;
+			/* dreg <cond> sreg
+			 * Both dreg and sreg need precision before
+			 * this insn. If only sreg was marked precise
+			 * before it would be equally necessary to
+			 * propagate it to dreg.
+			 */
+			*reg_mask |= (sreg | dreg);
+			 /* else dreg <cond> K
+			  * Only dreg still needs precision before
+			  * this insn, so for the K-based conditional
+			  * there is nothing new to be marked.
+			  */
 		}
 	} else if (class == BPF_LD) {
 		if (!(*reg_mask & dreg))