www.infradead.org Git - users/dwmw2/linux.git/commit

author	Kumar Kartikeya Dwivedi <memxor@gmail.com>
	Sat, 19 Mar 2022 08:08:23 +0000 (13:38 +0530)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 6 Jun 2022 06:49:00 +0000 (08:49 +0200)
commit	4caf12e7c81d96acfa268c8e44c721a8f036f52c
tree	069c6c959a2022d7eb61b9cc98c59039f8c7be29	tree
parent	717c39718dbc4f7ebcbb7b625fb11851cd9007fe	commit \| diff

bpf: Do write access check for kfunc and global func

commit be77354a3d7ebd4897ee18eca26dca6df9224c76 upstream.

When passing pointer to some map value to kfunc or global func, in
verifier we are passing meta as NULL to various functions, which uses
meta->raw_mode to check whether memory is being written to. Since some
kfunc or global funcs may also write to memory pointers they receive as
arguments, we must check for write access to memory. E.g. in some case
map may be read only and this will be missed by current checks.

However meta->raw_mode allows for uninitialized memory (e.g. on stack),
since there is not enough info available through BTF, we must perform
one call for read access (raw_mode = false), and one for write access
(raw_mode = true).

Fixes: e5069b9c23b3 ("bpf: Support pointers in global func args")
Fixes: d583691c47dc ("bpf: Introduce mem, size argument pair support for kfunc")
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20220319080827.73251-2-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>