linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 10:01:00 +00:00

No description

Find a file

Andrei Matei 6b4a64bafd bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory (ever since `6715df8d5`) but, before this patch, these accesses were permitted inconsistently. In particular, accesses were permitted above state->allocated_stack, but not below it. In other words, if the stack was already "large enough", the access was permitted, but otherwise the access was rejected instead of being allowed to "grow the stack". This undesired rejection was happening in two places: - in check_stack_slot_within_bounds() - in check_stack_range_initialized() This patch arranges for these accesses to be permitted. A bunch of tests that were relying on the old rejection had to change; all of them were changed to add also run unprivileged, in which case the old behavior persists. One tests couldn't be updated - global_func16 - because it can't run unprivileged for other reasons. This patch also fixes the tracking of the stack size for variable-offset reads. This second fix is bundled in the same commit as the first one because they're inter-related. Before this patch, writes to the stack using registers containing a variable offset (as opposed to registers with fixed, known values) were not properly contributing to the function's needed stack size. As a result, it was possible for a program to verify, but then to attempt to read out-of-bounds data at runtime because a too small stack had been allocated for it. Each function tracks the size of the stack it needs in bpf_subprog_info.stack_depth, which is maintained by update_stack_depth(). For regular memory accesses, check_mem_access() was calling update_state_depth() but it was passing in only the fixed part of the offset register, ignoring the variable offset. This was incorrect; the minimum possible value of that register should be used instead. This tracking is now fixed by centralizing the tracking of stack size in grow_stack_state(), and by lifting the calls to grow_stack_state() to check_stack_access_within_bounds() as suggested by Andrii. The code is now simpler and more convincingly tracks the correct maximum stack size. check_stack_range_initialized() can now rely on enough stack having been allocated for the access; this helps with the fix for the first issue. A few tests were changed to also check the stack depth computation. The one that fails without this patch is verifier_var_off:stack_write_priv_vs_unpriv. Fixes: `01f810ace9` ("bpf: Allow variable-offset stack access") Reported-by: Hao Sun <sunhao.th@gmail.com> Signed-off-by: Andrei Matei <andreimatei1@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20231208032519.260451-3-andreimatei1@gmail.com Closes: https://lore.kernel.org/bpf/CABWLsev9g8UP_c3a=1qbuZUi20tGoUXoU07FPf-5FLvhOKOY+Q@mail.gmail.com/		2023-12-08 14:19:00 -08:00
arch	x86, bpf: Use bpf_prog_pack for bpf trampoline	2023-12-06 17:17:21 -08:00
block	vfs-6.7-rc3.fixes	2023-11-24 09:45:40 -08:00
certs	This update includes the following changes:	2023-11-02 16:15:30 -10:00
crypto	This push fixes a regression in ahash and hides the Kconfig sub-options for the jitter RNG.	2023-11-09 17:04:58 -08:00
Documentation	xsk: Add missing SPDX to AF_XDP TX metadata documentation	2023-12-05 15:08:50 +01:00
drivers	bpf: take into account BPF token when fetching helper protos	2023-12-06 10:02:59 -08:00
fs	bpf, fsverity: Add kfunc bpf_get_fsverity_digest	2023-12-01 16:21:03 -08:00
include	bpf: Add some comments to stack representation	2023-12-08 14:19:00 -08:00
init	As usual, lots of singleton and doubleton patches all over the tree and	2023-11-02 20:53:31 -10:00
io_uring	io_uring: fix off-by one bvec index	2023-11-20 15:21:38 -07:00
ipc	Many singleton patches against the MM code. The patch series which are	2023-11-02 19:38:47 -10:00
kernel	bpf: Fix accesses to uninit stack slots	2023-12-08 14:19:00 -08:00
lib	bpf-next-for-netdev	2023-11-30 16:58:42 -08:00
LICENSES	LICENSES: Add the copyleft-next-0.3.1 license	2022-11-08 15:44:01 +01:00
mm	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2023-11-30 16:11:19 -08:00
net	bpf: Add helpers for trampoline image management	2023-12-06 17:17:20 -08:00
rust	Kbuild updates for v6.7	2023-11-04 08:07:19 -10:00
samples	Landlock updates for v6.7-rc1	2023-11-03 09:28:53 -10:00
scripts	scripts/checkstack.pl: match all stack sizes for s390	2023-11-22 15:06:23 +01:00
security	bpf,selinux: allocate bpf_security_struct per BPF token	2023-12-06 10:03:00 -08:00
sound	sound fixes for 6.7-rc2	2023-11-17 09:05:31 -05:00
tools	bpf: Fix accesses to uninit stack slots	2023-12-08 14:19:00 -08:00
usr	arch: Remove Itanium (IA-64) architecture	2023-09-11 08:13:17 +00:00
virt	ARM:	2023-09-07 13:52:20 -07:00
.clang-format	iommu: Add for_each_group_device()	2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore	get_maintainer: add Alan to .get_maintainer.ignore	2022-08-20 15:17:44 -07:00
.gitattributes	.gitattributes: set diff driver for Rust source code files	2023-05-31 17:48:25 +02:00
.gitignore	kbuild: rpm-pkg: generate kernel.spec in rpmbuild/SPECS/	2023-10-03 20:49:09 +09:00
.mailmap	As usual, lots of singleton and doubleton patches all over the tree and	2023-11-02 20:53:31 -10:00
.rustfmt.toml	rust: add `.rustfmt.toml`	2022-09-28 09:02:20 +02:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	USB: Remove Wireless USB and UWB documentation	2023-08-09 14:17:32 +02:00
Kbuild	Kbuild updates for v6.1	2022-10-10 12:00:45 -07:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2023-11-30 16:11:19 -08:00
Makefile	Linux 6.7-rc3	2023-11-26 19:59:33 -08:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.