Skip to content

Commit bc6bddd

Browse files
linsykinglinsyking
committed
fix: msan
1 parent 5015f7c commit bc6bddd

3 files changed

Lines changed: 22 additions & 18 deletions

File tree

kernel/bpf/ir/kernpass/masking_dupload.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,6 @@ static bool check_run(int err)
8686
return err >= BPF_VERIFIER_ERR_41 && err <= BPF_VERIFIER_ERR_44;
8787
}
8888

89-
const struct custom_pass_cfg bpf_ir_kern_masking_pass =
89+
const struct custom_pass_cfg bpf_ir_kern_masking_pass_dup1 =
9090
DEF_CUSTOM_PASS(DEF_FUNC_PASS(masking_pass, "masking_dupload", false),
9191
check_run, NULL, NULL);

kernel/bpf/ir_kern.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -220,7 +220,7 @@ int bpf_ir_kern_run(struct bpf_prog **prog_ptr, union bpf_attr *attr,
220220
}
221221

222222
// Run the verifier the last time to check if the program is valid
223-
err = bpf_check(prog_ptr, attr, uattr, uattr_size, NULL);
223+
err = bpf_check(prog_ptr, attr, uattr, uattr_size, env);
224224

225225
if (err) {
226226
// Not pass the verifier, abort

kernel/bpf/verifier.c

Lines changed: 20 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -2134,7 +2134,8 @@ static struct bpf_verifier_state *push_stack(struct bpf_verifier_env *env,
21342134
if (err)
21352135
goto err;
21362136
elem->st.speculative |= speculative;
2137-
if (env->stack_size > BPF_COMPLEXITY_LIMIT_JMP_SEQ && !bpf_ir_builtin_pass_enabled(env->ir_env, "jmp_counter")) {
2137+
if (env->stack_size > BPF_COMPLEXITY_LIMIT_JMP_SEQ &&
2138+
!bpf_ir_builtin_pass_enabled(env->ir_env, "jmp_counter")) {
21382139
verbose(env, "The sequence of %d jumps is too complex.\n",
21392140
env->stack_size);
21402141
goto err;
@@ -2673,7 +2674,8 @@ static struct bpf_verifier_state *push_async_cb(struct bpf_verifier_env *env,
26732674
elem->log_pos = env->log.end_pos;
26742675
env->head = elem;
26752676
env->stack_size++;
2676-
if (env->stack_size > BPF_COMPLEXITY_LIMIT_JMP_SEQ && !bpf_ir_builtin_pass_enabled(env->ir_env, "jmp_counter")) {
2677+
if (env->stack_size > BPF_COMPLEXITY_LIMIT_JMP_SEQ &&
2678+
!bpf_ir_builtin_pass_enabled(env->ir_env, "jmp_counter")) {
26772679
verbose(env,
26782680
"The sequence of %d jumps is too complex for async cb.\n",
26792681
env->stack_size);
@@ -5964,7 +5966,7 @@ static int check_generic_ptr_alignment(struct bpf_verifier_env *env,
59645966
return 0;
59655967

59665968
reg_off = tnum_add(reg->var_off, tnum_const(reg->off + off));
5967-
if (!tnum_is_aligned(reg_off, size)) {
5969+
if (!tnum_is_aligned(reg_off, size) && !bpf_ir_builtin_pass_enabled(env->ir_env, "msan")) {
59685970
char tn_buf[48];
59695971

59705972
tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
@@ -6869,10 +6871,6 @@ static int check_stack_access_within_bounds(struct bpf_verifier_env *env,
68696871
enum bpf_access_src src,
68706872
enum bpf_access_type type)
68716873
{
6872-
if(bpf_ir_builtin_pass_enabled(env->ir_env, "msan")){
6873-
// Do not check bound for our trusted program
6874-
return 0;
6875-
}
68766874
struct bpf_reg_state *regs = cur_regs(env);
68776875
struct bpf_reg_state *reg = regs + regno;
68786876
struct bpf_func_state *state = func(env, reg);
@@ -6892,16 +6890,22 @@ static int check_stack_access_within_bounds(struct bpf_verifier_env *env,
68926890
min_off = (s64)reg->var_off.value + off;
68936891
max_off = min_off + access_size;
68946892
} else {
6895-
if (reg->smax_value >= BPF_MAX_VAR_OFF ||
6896-
reg->smin_value <= -BPF_MAX_VAR_OFF) {
6897-
verbose_err(
6898-
86, env,
6899-
"invalid unbounded variable-offset%s stack R%d\n",
6900-
err_extra, regno);
6901-
return -EACCES;
6893+
if (bpf_ir_builtin_pass_enabled(env->ir_env, "msan")) {
6894+
// Do not check bound for our trusted program
6895+
min_off = off;
6896+
max_off = off + access_size;
6897+
} else {
6898+
if (reg->smax_value >= BPF_MAX_VAR_OFF ||
6899+
reg->smin_value <= -BPF_MAX_VAR_OFF) {
6900+
verbose_err(
6901+
86, env,
6902+
"invalid unbounded variable-offset%s stack R%d\n",
6903+
err_extra, regno);
6904+
return -EACCES;
6905+
}
6906+
min_off = reg->smin_value + off;
6907+
max_off = reg->smax_value + off + access_size;
69026908
}
6903-
min_off = reg->smin_value + off;
6904-
max_off = reg->smax_value + off + access_size;
69056909
}
69066910

69076911
err = check_stack_slot_within_bounds(env, min_off, state, type);

0 commit comments

Comments
 (0)