Re: [PATCH 1/3] bpf: verifier: Accept dynptr mem as mem in helpers
From: Andrii Nakryiko
Date: Thu Apr 06 2023 - 16:55:41 EST
On Wed, Apr 5, 2023 at 5:40 PM Daniel Rosenberg <drosen@xxxxxxxxxx> wrote:
>
> This allows using memory retrieved from dynptrs with helper functions
> that accept ARG_PTR_TO_MEM. For instance, results from bpf_dynptr_data
> can be passed along to bpf_strncmp.
>
> Signed-off-by: Daniel Rosenberg <drosen@xxxxxxxxxx>
> ---
I think patches like this should be targeted against bpf-next, so for
next revision please send them against bpf-next tree.
> kernel/bpf/verifier.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 56f569811f70..20beab52812a 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -7164,12 +7164,16 @@ static int check_reg_type(struct bpf_verifier_env *env, u32 regno,
> * ARG_PTR_TO_MEM + MAYBE_NULL is compatible with PTR_TO_MEM and PTR_TO_MEM + MAYBE_NULL,
> * but ARG_PTR_TO_MEM is compatible only with PTR_TO_MEM but NOT with PTR_TO_MEM + MAYBE_NULL
> *
> + * ARG_PTR_TO_MEM is compatible with PTR_TO_MEM that is tagged with a dynptr type.
> + *
> * Therefore we fold these flags depending on the arg_type before comparison.
> */
> if (arg_type & MEM_RDONLY)
> type &= ~MEM_RDONLY;
> if (arg_type & PTR_MAYBE_NULL)
> type &= ~PTR_MAYBE_NULL;
> + if (base_type(arg_type) == ARG_PTR_TO_MEM)
> + type &= ~DYNPTR_TYPE_FLAG_MASK;
Something feels off here. Can you paste a bit of verifier log for the
failure you were getting. And let's have a selftest for this situation
as well.
ARG_PTR_TO_MEM shouldn't be qualified with the DYNPTR_TYPE flag, it's
just memory, there is no need to know what type of dynptr it was
derived from. So if that happens, the problem is somewhere else. Let's
root cause and fix that. Having a selftest that demonstrates the
problem will help with that.
>
> if (meta->func_id == BPF_FUNC_kptr_xchg && type & MEM_ALLOC)
> type &= ~MEM_ALLOC;
> --
> 2.40.0.577.gac1e443424-goog
>