Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/kernel
History
Hao Sun 1ad328d2ed bpf: Fix check_stack_write_fixed_off() to correctly spill imm 
commit 811c363645b33e6e22658634329e95f383dfc705 upstream.

In check_stack_write_fixed_off(), imm value is cast to u32 before being
spilled to the stack. Therefore, the sign information is lost, and the
range information is incorrect when load from the stack again.

For the following prog:
0: r2 = r10
1: *(u64*)(r2 -40) = -44
2: r0 = *(u64*)(r2 - 40)
3: if r0 s<= 0xa goto +2
4: r0 = 1
5: exit
6: r0  = 0
7: exit

The verifier gives:
func#0 @0
0: R1=ctx(off=0,imm=0) R10=fp0
0: (bf) r2 = r10                      ; R2_w=fp0 R10=fp0
1: (7a) *(u64 *)(r2 -40) = -44        ; R2_w=fp0 fp-40_w=4294967252
2: (79) r0 = *(u64 *)(r2 -40)         ; R0_w=4294967252 R2_w=fp0
fp-40_w=4294967252
3: (c5) if r0 s< 0xa goto pc+2
mark_precise: frame0: last_idx 3 first_idx 0 subseq_idx -1
mark_precise: frame0: regs=r0 stack= before 2: (79) r0 = *(u64 *)(r2 -40)
3: R0_w=4294967252
4: (b7) r0 = 1                        ; R0_w=1
5: (95) exit
verification time 7971 usec
stack depth 40
processed 6 insns (limit 1000000) max_states_per_insn 0 total_states 0
peak_states 0 mark_read 0

So remove the incorrect cast, since imm field is declared as s32, and
__mark_reg_known() takes u64, so imm would be correctly sign extended
by compiler.

Fixes: ecdf985d7615 ("bpf: track immediate values written to stack by BPF_ST instruction")
Cc: stable@vger.kernel.org
Signed-off-by: Hao Sun <sunhao.th@gmail.com>
Acked-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20231101-fix-check-stack-write-v3-1-f05c2b1473d5@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-18 11:43:20 +01:00
..
bpf bpf: Fix check_stack_write_fixed_off() to correctly spill imm 2024-11-18 11:43:20 +01:00
cgroup cgroup: Remove duplicates in cgroup v1 tasks file 2024-11-08 11:25:51 +01:00
configs Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
debug kgdb: Flush console before entering kgdb on panic 2024-11-18 11:43:15 +01:00
dma Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
entry Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
events perf/core: Bail out early if the request AUX area is out of bound 2024-11-18 11:43:11 +01:00
futex futex: Don't include process MM in futex key on no-MMU 2024-11-18 11:42:47 +01:00
gcov Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
irq genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() 2024-11-18 11:42:47 +01:00
kcsan Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
livepatch livepatch: Fix missing newline character in klp_resolve_symbols() 2024-11-18 11:43:05 +01:00
locking locking/ww_mutex/test: Fix potential workqueue corruption 2024-11-18 11:43:11 +01:00
power Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
printk printk: Don't allow userspace to write to /dev/kmsg 2024-11-17 17:43:00 +01:00
rcu rcu_boost: always without delay 2024-11-17 17:37:56 +01:00
sched Revert "kernel: ems/ego: Allow CPU frequency changes to be amended before they're set" 2024-11-18 07:48:15 +01:00
time Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
trace tracing/kprobes: Fix the order of argument descriptions 2024-11-18 11:43:11 +01:00
acct.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
async.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
audit.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
audit.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
audit_fsnotify.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
audit_tree.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
audit_watch.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
auditfilter.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
auditsc.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
backtracetest.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
bounds.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
capability.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cfi.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
compat.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
configs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
context_tracking.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cpu.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cpu_pm.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
crash_core.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
crash_dump.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cred.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
delayacct.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dma.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
exec_domain.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
exit.c security: samsung: defex_lsm: nuke 2024-06-15 16:20:49 -03:00
extable.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fail_function.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
fork.c security: samsung: defex_lsm: nuke 2024-06-15 16:20:49 -03:00
freezer.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
gen_kheaders.sh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
groups.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
hung_task.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
iomem.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
irq_work.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
jump_label.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kallsyms.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kcmp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig.freezer Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig.hz Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig.locks Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig.preempt Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kcov.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kexec.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kexec_core.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kexec_elf.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kexec_file.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kexec_internal.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kheaders.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kmod.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kprobes.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ksysfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
kthread.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
latencytop.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile kernel: Use the stock defconfig for /proc/config.gz 2024-06-15 16:20:14 -03:00
module-internal.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
module.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
module_signature.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
module_signing.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
notifier.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nsproxy.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
padata.c crypto: pcrypt - Fix hungtask for PADATA_RESET 2024-11-18 11:43:13 +01:00
panic.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
params.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pid.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
pid_namespace.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
profile.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ptrace.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
range.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
reboot.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
regset.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
relay.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
resource.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
rseq.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
scftorture.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
scs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
seccomp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
signal.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
smp.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
smpboot.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
smpboot.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
softirq.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
stackleak.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
stacktrace.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
static_call.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
stop_machine.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sys.c f2fs: Add support for reporting a fake kernel version to fsck 2024-11-17 17:43:26 +01:00
sys_ni.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sysctl-test.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sysctl.c drivers: usb: add toggle for disabling newly added USB devices 2024-10-04 20:09:29 -03:00
task_work.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
taskstats.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
test_kprobes.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
torture.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tracepoint.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tsacct.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ucount.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uid16.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
uid16.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
umh.c security: samsung: defex_lsm: nuke 2024-06-15 16:20:49 -03:00
up.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
user-return-notifier.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
user.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
user_namespace.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
usermode_driver.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
utsname.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
utsname_sysctl.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
watch_queue.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
watchdog.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
watchdog_hld.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
workqueue.c kernel: workqueue.c: Fix -Werror,-Wimplicit-function-declaration 2024-11-17 19:41:51 +01:00
workqueue_internal.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00