[bpf] bpf: Fix modifier skipping logic

Message ID	20200201000314.261392-1-ast@kernel.org
State	Accepted
Delegated to:	BPF Maintainers
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Smtp-Origin-Hostprefix: devbig From: Alexei Starovoitov <ast@kernel.org> Smtp-Origin-Hostname: devbig007.ftw2.facebook.com To: <davem@davemloft.net> CC: <daniel@iogearbox.net>, <netdev@vger.kernel.org>, <bpf@vger.kernel.org>, <kernel-team@fb.com> Smtp-Origin-Cluster: ftw2c04 Subject: [PATCH bpf] bpf: Fix modifier skipping logic Date: Fri, 31 Jan 2020 16:03:14 -0800 Message-ID: <20200201000314.261392-1-ast@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT Content-Type: text/plain Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	[bpf] bpf: Fix modifier skipping logic \| expand [bpf] bpf: Fix modifier skipping logic

Message ID

20200201000314.261392-1-ast@kernel.org

State

Accepted

Delegated to:

BPF Maintainers

Headers

Smtp-Origin-Hostprefix: devbig
From: Alexei Starovoitov <ast@kernel.org>
Smtp-Origin-Hostname: devbig007.ftw2.facebook.com
To: <davem@davemloft.net>
CC: <daniel@iogearbox.net>, <netdev@vger.kernel.org>,
	<bpf@vger.kernel.org>, <kernel-team@fb.com>
Smtp-Origin-Cluster: ftw2c04
Subject: [PATCH bpf] bpf: Fix modifier skipping logic
Date: Fri, 31 Jan 2020 16:03:14 -0800
Message-ID: <20200201000314.261392-1-ast@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8BIT
Content-Type: text/plain
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

[bpf] bpf: Fix modifier skipping logic | expand

Commit Message

Alexei Starovoitov Feb. 1, 2020, 12:03 a.m. UTC

Fix the way modifiers are skipped while walking pointers. Otherwise second
level dereferences of 'const struct foo *' will be rejected by the verifier.

Fixes: 9e15db66136a ("bpf: Implement accurate raw_tp context access via BTF")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
---
 kernel/bpf/btf.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

Comments

Yonghong Song Feb. 1, 2020, 12:46 a.m. UTC | #1

On 1/31/20 4:03 PM, Alexei Starovoitov wrote:
> Fix the way modifiers are skipped while walking pointers. Otherwise second
> level dereferences of 'const struct foo *' will be rejected by the verifier.
> 
> Fixes: 9e15db66136a ("bpf: Implement accurate raw_tp context access via BTF")
> Signed-off-by: Alexei Starovoitov <ast@kernel.org>

Acked-by: Yonghong Song <yhs@fb.com>

Daniel Borkmann Feb. 3, 2020, 11:10 p.m. UTC | #2

On 2/1/20 1:03 AM, Alexei Starovoitov wrote:
> Fix the way modifiers are skipped while walking pointers. Otherwise second
> level dereferences of 'const struct foo *' will be rejected by the verifier.
> 
> Fixes: 9e15db66136a ("bpf: Implement accurate raw_tp context access via BTF")
> Signed-off-by: Alexei Starovoitov <ast@kernel.org>

Applied, thanks!

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index b7c1660fb594..a289f2915ba8 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -3931,6 +3931,7 @@  int btf_struct_access(struct bpf_verifier_log *log,
 
 		if (btf_type_is_ptr(mtype)) {
 			const struct btf_type *stype;
+			u32 id;
 
 			if (msize != size || off != moff) {
 				bpf_log(log,
@@ -3939,12 +3940,9 @@  int btf_struct_access(struct bpf_verifier_log *log,
 				return -EACCES;
 			}
 
-			stype = btf_type_by_id(btf_vmlinux, mtype->type);
-			/* skip modifiers */
-			while (btf_type_is_modifier(stype))
-				stype = btf_type_by_id(btf_vmlinux, stype->type);
+			stype = btf_type_skip_modifiers(btf_vmlinux, mtype->type, &id);
 			if (btf_type_is_struct(stype)) {
-				*next_btf_id = mtype->type;
+				*next_btf_id = id;
 				return PTR_TO_BTF_ID;
 			}
 		}

[bpf] bpf: Fix modifier skipping logic

Commit Message

Comments

Patch