Commit 634233ba authored Dec 02, 2024 by Daniel Borkmann Committed by Xiaomeng Zhang Dec 02, 2024

selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test

mainline inclusion
from mainline-v6.12-rc1
commit b8e188f023e07a733b47d5865311ade51878fe40
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYQOP
CVE: CVE-2024-49861

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b8e188f023e0



--------------------------------

The assumption of 'in privileged mode reads from uninitialized stack locations
are permitted' is not quite correct since the verifier was probing for read
access rather than write access. Both tests need to be annotated as __success
for privileged and unprivileged.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20240913191754.13290-6-daniel@iogearbox.net


Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Conflicts:
	tools/testing/selftests/bpf/verifier/int_ptr.c
	tools/testing/selftests/bpf/progs/verifier_int_ptr.c
[The conflicts were due to test files changed]
Signed-off-by: Xiaomeng Zhang <zhangxiaomeng13@huawei.com>

parent 720f0587

tools/testing/selftests/bpf/verifier/int_ptr.c

+1 −6

Original line number	Diff line number	Diff line
		{
		"ARG_PTR_TO_LONG uninitialized",
		"ARG_PTR_TO_LONG uninitialized"
		.insns = {
		/* bpf_strtoul arg1 (buf) */
		BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
		@@ -27,8 +27,6 @@
		},
		.result = ACCEPT,
		.retval = POINTER_VALUE,
		.errstr_unpriv = "invalid indirect read from stack R4 off -16+0 size 8",
		.result_unpriv = REJECT,
		},
		{
		"ARG_PTR_TO_LONG half-uninitialized",
		@@ -58,9 +56,6 @@
		BPF_MOV64_IMM(BPF_REG_0, 0),
		BPF_EXIT_INSN(),
		},
		.result_unpriv = REJECT,
		.errstr_unpriv = "invalid indirect read from stack R4 off -16+4 size 8",
		/* in privileged mode reads from uninitialized stack locations are permitted */
		.result = ACCEPT,
		},
		{