patches for DPDK stable branches
 help / color / Atom feed
From: Kevin Traynor <ktraynor@redhat.com>
To: Konstantin Ananyev <konstantin.ananyev@intel.com>
Cc: Michel Machado <michel@digirati.com.br>, dpdk stable <stable@dpdk.org>
Subject: [dpdk-stable] patch 'bpf: fix validate for function return value' has been queued to LTS release 18.11.3
Date: Fri, 23 Aug 2019 10:43:28 +0100
Message-ID: <20190823094336.12078-38-ktraynor@redhat.com> (raw)
In-Reply-To: <20190823094336.12078-1-ktraynor@redhat.com>

Hi,

FYI, your patch has been queued to LTS release 18.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 08/28/19. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/68d2a7f08c1b355a9295ba22a31f9aeb26da2c83

Thanks.

Kevin Traynor

---
From 68d2a7f08c1b355a9295ba22a31f9aeb26da2c83 Mon Sep 17 00:00:00 2001
From: Konstantin Ananyev <konstantin.ananyev@intel.com>
Date: Wed, 3 Jul 2019 14:40:34 +0100
Subject: [PATCH] bpf: fix validate for function return value

[ upstream commit 4715bb162368cf75c5e8db62f54b5071b70d68f3 ]

eval_call() blindly calls eval_max_bound() for external function
return value for all return types.
That causes wrong estimation for returned pointer min and max boundaries.
So any attempt to dereference that pointer value causes verifier to fail
with error message: "memory boundary violation at pc: ...".
To fix - estimate min/max boundaries based on the return value type.

Bugzilla ID: 298

Fixes: 8021917293d0 ("bpf: add extra validation for input BPF program")

Reported-by: Michel Machado <michel@digirati.com.br>
Suggested-by: Michel Machado <michel@digirati.com.br>
Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
 lib/librte_bpf/bpf_validate.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/librte_bpf/bpf_validate.c b/lib/librte_bpf/bpf_validate.c
index d0e683b5b..0cf41fa27 100644
--- a/lib/librte_bpf/bpf_validate.c
+++ b/lib/librte_bpf/bpf_validate.c
@@ -926,5 +926,4 @@ static const char *
 eval_call(struct bpf_verifier *bvf, const struct ebpf_insn *ins)
 {
-	uint64_t msk;
 	uint32_t i, idx;
 	struct bpf_reg_val *rv;
@@ -959,8 +958,9 @@ eval_call(struct bpf_verifier *bvf, const struct ebpf_insn *ins)
 	rv = bvf->evst->rv + EBPF_REG_0;
 	rv->v = xsym->func.ret;
-	msk = (rv->v.type == RTE_BPF_ARG_RAW) ?
-		RTE_LEN2MASK(rv->v.size * CHAR_BIT, uint64_t) : UINTPTR_MAX;
-	eval_max_bound(rv, msk);
-	rv->mask = msk;
+	if (rv->v.type == RTE_BPF_ARG_RAW)
+		eval_fill_max_bound(rv,
+			RTE_LEN2MASK(rv->v.size * CHAR_BIT, uint64_t));
+	else if (RTE_BPF_ARG_PTR_TYPE(rv->v.type) != 0)
+		eval_fill_imm64(rv, UINTPTR_MAX, 0);
 
 	return err;
-- 
2.20.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2019-08-22 19:38:22.921956273 +0100
+++ 0038-bpf-fix-validate-for-function-return-value.patch	2019-08-22 19:38:20.469026117 +0100
@@ -1 +1 @@
-From 4715bb162368cf75c5e8db62f54b5071b70d68f3 Mon Sep 17 00:00:00 2001
+From 68d2a7f08c1b355a9295ba22a31f9aeb26da2c83 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit 4715bb162368cf75c5e8db62f54b5071b70d68f3 ]
+
@@ -16 +17,0 @@
-Cc: stable@dpdk.org

  parent reply index

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-23  9:42 [dpdk-stable] patch 'net/bnx2x: fix warnings from invalid assert' " Kevin Traynor
2019-08-23  9:42 ` [dpdk-stable] patch 'net/qede: " Kevin Traynor
2019-08-23  9:42 ` [dpdk-stable] patch 'eal: correct log for alarm error' " Kevin Traynor
2019-08-23  9:42 ` [dpdk-stable] patch 'eal/linux: fix return after alarm registration failure' " Kevin Traynor
2019-08-23  9:42 ` [dpdk-stable] patch 'kernel/freebsd: fix module build on latest head' " Kevin Traynor
2019-08-23  9:42 ` [dpdk-stable] patch 'kernel/linux: fix modules install path' " Kevin Traynor
2019-08-23 10:04   ` Igor Ryzhov
2019-08-23  9:42 ` [dpdk-stable] patch 'ip_frag: fix IPv6 fragment size calculation' " Kevin Traynor
2019-08-23  9:42 ` [dpdk-stable] patch 'test/hash: fix off-by-one check on core count' " Kevin Traynor
2019-08-23  9:42 ` [dpdk-stable] patch 'test/hash: rectify slave id to point to valid cores' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'bus/vmbus: skip non-network devices' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'bpf: fix check array size' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'eal: hide internal hotplug function' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'vfio: remove incorrect experimental tag' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'mem: remove incorrect experimental tag on static symbol' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'telemetry: add missing header include' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'eal: fix positive error codes from probe/remove' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'net/bnx2x: fix invalid free on unplug' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'drivers/net: fix double free on init failure' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'net: fix encapsulation markers for inner L3 offset' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'net/mlx5: fix 32-bit build' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'net/netvsc: fix RSS offload settings' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'net/netvsc: fix xstats id' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'net/netvsc: fix xstats for VF device' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'doc: fix typos in flow API guide' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'net: fix how L4 checksum choice is tested' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'eal/freebsd: fix init completion' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'raw/skeleton: fix test of attribute set/get' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'examples/l3fwd-vf: remove unused Rx/Tx configuration' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'doc: remove useless Rx configuration in l2fwd guide' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'test: add rawdev autotest to meson' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'event/dpaa2: fix timeout ticks' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'eventdev: fix doxygen comment' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'app/eventdev: fix order test port creation' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'test/eventdev: fix producer core validity checks' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'net/mvneta: fix ierror statistics' " Kevin Traynor
2019-08-25 11:41   ` [dpdk-stable] [EXT] " Liron Himi
2019-08-23  9:43 ` [dpdk-stable] patch 'net: fix definition of IPv6 traffic class mask' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'examples: fix pkg-config detection with older make' " Kevin Traynor
2019-08-23  9:43 ` Kevin Traynor [this message]
2019-08-23  9:43 ` [dpdk-stable] patch 'raw/ifpga/base: fix use of untrusted scalar value' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'raw/ifpga/base: fix physical address info' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'usertools: fix refresh binding infos' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'doc: add a note for multi-process in mempool guide' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'table: fix crash in LPM IPv6' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'test: fix autotest crash' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'telemetry: fix build' " Kevin Traynor
2019-08-23  9:43 ` [dpdk-stable] patch 'app/testpmd: fix offloads config' " Kevin Traynor
2019-08-23  9:59   ` Kevin Traynor
2019-09-04 17:44     ` Kevin Traynor
2019-09-05  2:14       ` Zhao1, Wei
2019-09-11 14:46         ` Kevin Traynor
2019-09-13  9:27           ` Iremonger, Bernard

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190823094336.12078-38-ktraynor@redhat.com \
    --to=ktraynor@redhat.com \
    --cc=konstantin.ananyev@intel.com \
    --cc=michel@digirati.com.br \
    --cc=stable@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

patches for DPDK stable branches

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ http://inbox.dpdk.org/stable \
		stable@dpdk.org
	public-inbox-index stable


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.stable


AGPL code for this site: git clone https://public-inbox.org/ public-inbox