Contents of /trunk/kernel-alx/patches-5.4/0215-5.4.116-all-fixes.patch
Parent Directory | Revision Log
Revision 3637 -
(show annotations)
(download)
Mon Oct 24 12:40:44 2022 UTC (20 months ago) by niro
File size: 19926 byte(s)
Mon Oct 24 12:40:44 2022 UTC (20 months ago) by niro
File size: 19926 byte(s)
-add missing
1 | diff --git a/Makefile b/Makefile |
2 | index f473f4fe5a0c3..cb1a446f832c0 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,7 +1,7 @@ |
6 | # SPDX-License-Identifier: GPL-2.0 |
7 | VERSION = 5 |
8 | PATCHLEVEL = 4 |
9 | -SUBLEVEL = 115 |
10 | +SUBLEVEL = 116 |
11 | EXTRAVERSION = |
12 | NAME = Kleptomaniac Octopus |
13 | |
14 | diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c |
15 | index ab2a4b7dfca57..bc439dcd438f1 100644 |
16 | --- a/kernel/bpf/verifier.c |
17 | +++ b/kernel/bpf/verifier.c |
18 | @@ -4263,40 +4263,51 @@ static struct bpf_insn_aux_data *cur_aux(struct bpf_verifier_env *env) |
19 | return &env->insn_aux_data[env->insn_idx]; |
20 | } |
21 | |
22 | +enum { |
23 | + REASON_BOUNDS = -1, |
24 | + REASON_TYPE = -2, |
25 | + REASON_PATHS = -3, |
26 | + REASON_LIMIT = -4, |
27 | + REASON_STACK = -5, |
28 | +}; |
29 | + |
30 | static int retrieve_ptr_limit(const struct bpf_reg_state *ptr_reg, |
31 | - u32 *ptr_limit, u8 opcode, bool off_is_neg) |
32 | + const struct bpf_reg_state *off_reg, |
33 | + u32 *alu_limit, u8 opcode) |
34 | { |
35 | + bool off_is_neg = off_reg->smin_value < 0; |
36 | bool mask_to_left = (opcode == BPF_ADD && off_is_neg) || |
37 | (opcode == BPF_SUB && !off_is_neg); |
38 | - u32 off, max; |
39 | + u32 max = 0, ptr_limit = 0; |
40 | + |
41 | + if (!tnum_is_const(off_reg->var_off) && |
42 | + (off_reg->smin_value < 0) != (off_reg->smax_value < 0)) |
43 | + return REASON_BOUNDS; |
44 | |
45 | switch (ptr_reg->type) { |
46 | case PTR_TO_STACK: |
47 | /* Offset 0 is out-of-bounds, but acceptable start for the |
48 | - * left direction, see BPF_REG_FP. |
49 | + * left direction, see BPF_REG_FP. Also, unknown scalar |
50 | + * offset where we would need to deal with min/max bounds is |
51 | + * currently prohibited for unprivileged. |
52 | */ |
53 | max = MAX_BPF_STACK + mask_to_left; |
54 | - /* Indirect variable offset stack access is prohibited in |
55 | - * unprivileged mode so it's not handled here. |
56 | - */ |
57 | - off = ptr_reg->off + ptr_reg->var_off.value; |
58 | - if (mask_to_left) |
59 | - *ptr_limit = MAX_BPF_STACK + off; |
60 | - else |
61 | - *ptr_limit = -off - 1; |
62 | - return *ptr_limit >= max ? -ERANGE : 0; |
63 | + ptr_limit = -(ptr_reg->var_off.value + ptr_reg->off); |
64 | + break; |
65 | case PTR_TO_MAP_VALUE: |
66 | max = ptr_reg->map_ptr->value_size; |
67 | - if (mask_to_left) { |
68 | - *ptr_limit = ptr_reg->umax_value + ptr_reg->off; |
69 | - } else { |
70 | - off = ptr_reg->smin_value + ptr_reg->off; |
71 | - *ptr_limit = ptr_reg->map_ptr->value_size - off - 1; |
72 | - } |
73 | - return *ptr_limit >= max ? -ERANGE : 0; |
74 | + ptr_limit = (mask_to_left ? |
75 | + ptr_reg->smin_value : |
76 | + ptr_reg->umax_value) + ptr_reg->off; |
77 | + break; |
78 | default: |
79 | - return -EINVAL; |
80 | + return REASON_TYPE; |
81 | } |
82 | + |
83 | + if (ptr_limit >= max) |
84 | + return REASON_LIMIT; |
85 | + *alu_limit = ptr_limit; |
86 | + return 0; |
87 | } |
88 | |
89 | static bool can_skip_alu_sanitation(const struct bpf_verifier_env *env, |
90 | @@ -4314,7 +4325,7 @@ static int update_alu_sanitation_state(struct bpf_insn_aux_data *aux, |
91 | if (aux->alu_state && |
92 | (aux->alu_state != alu_state || |
93 | aux->alu_limit != alu_limit)) |
94 | - return -EACCES; |
95 | + return REASON_PATHS; |
96 | |
97 | /* Corresponding fixup done in fixup_bpf_calls(). */ |
98 | aux->alu_state = alu_state; |
99 | @@ -4333,14 +4344,22 @@ static int sanitize_val_alu(struct bpf_verifier_env *env, |
100 | return update_alu_sanitation_state(aux, BPF_ALU_NON_POINTER, 0); |
101 | } |
102 | |
103 | +static bool sanitize_needed(u8 opcode) |
104 | +{ |
105 | + return opcode == BPF_ADD || opcode == BPF_SUB; |
106 | +} |
107 | + |
108 | static int sanitize_ptr_alu(struct bpf_verifier_env *env, |
109 | struct bpf_insn *insn, |
110 | const struct bpf_reg_state *ptr_reg, |
111 | + const struct bpf_reg_state *off_reg, |
112 | struct bpf_reg_state *dst_reg, |
113 | - bool off_is_neg) |
114 | + struct bpf_insn_aux_data *tmp_aux, |
115 | + const bool commit_window) |
116 | { |
117 | + struct bpf_insn_aux_data *aux = commit_window ? cur_aux(env) : tmp_aux; |
118 | struct bpf_verifier_state *vstate = env->cur_state; |
119 | - struct bpf_insn_aux_data *aux = cur_aux(env); |
120 | + bool off_is_neg = off_reg->smin_value < 0; |
121 | bool ptr_is_dst_reg = ptr_reg == dst_reg; |
122 | u8 opcode = BPF_OP(insn->code); |
123 | u32 alu_state, alu_limit; |
124 | @@ -4358,18 +4377,33 @@ static int sanitize_ptr_alu(struct bpf_verifier_env *env, |
125 | if (vstate->speculative) |
126 | goto do_sim; |
127 | |
128 | - alu_state = off_is_neg ? BPF_ALU_NEG_VALUE : 0; |
129 | - alu_state |= ptr_is_dst_reg ? |
130 | - BPF_ALU_SANITIZE_SRC : BPF_ALU_SANITIZE_DST; |
131 | - |
132 | - err = retrieve_ptr_limit(ptr_reg, &alu_limit, opcode, off_is_neg); |
133 | + err = retrieve_ptr_limit(ptr_reg, off_reg, &alu_limit, opcode); |
134 | if (err < 0) |
135 | return err; |
136 | |
137 | + if (commit_window) { |
138 | + /* In commit phase we narrow the masking window based on |
139 | + * the observed pointer move after the simulated operation. |
140 | + */ |
141 | + alu_state = tmp_aux->alu_state; |
142 | + alu_limit = abs(tmp_aux->alu_limit - alu_limit); |
143 | + } else { |
144 | + alu_state = off_is_neg ? BPF_ALU_NEG_VALUE : 0; |
145 | + alu_state |= ptr_is_dst_reg ? |
146 | + BPF_ALU_SANITIZE_SRC : BPF_ALU_SANITIZE_DST; |
147 | + } |
148 | + |
149 | err = update_alu_sanitation_state(aux, alu_state, alu_limit); |
150 | if (err < 0) |
151 | return err; |
152 | do_sim: |
153 | + /* If we're in commit phase, we're done here given we already |
154 | + * pushed the truncated dst_reg into the speculative verification |
155 | + * stack. |
156 | + */ |
157 | + if (commit_window) |
158 | + return 0; |
159 | + |
160 | /* Simulate and find potential out-of-bounds access under |
161 | * speculative execution from truncation as a result of |
162 | * masking when off was not within expected range. If off |
163 | @@ -4386,7 +4420,81 @@ do_sim: |
164 | ret = push_stack(env, env->insn_idx + 1, env->insn_idx, true); |
165 | if (!ptr_is_dst_reg && ret) |
166 | *dst_reg = tmp; |
167 | - return !ret ? -EFAULT : 0; |
168 | + return !ret ? REASON_STACK : 0; |
169 | +} |
170 | + |
171 | +static int sanitize_err(struct bpf_verifier_env *env, |
172 | + const struct bpf_insn *insn, int reason, |
173 | + const struct bpf_reg_state *off_reg, |
174 | + const struct bpf_reg_state *dst_reg) |
175 | +{ |
176 | + static const char *err = "pointer arithmetic with it prohibited for !root"; |
177 | + const char *op = BPF_OP(insn->code) == BPF_ADD ? "add" : "sub"; |
178 | + u32 dst = insn->dst_reg, src = insn->src_reg; |
179 | + |
180 | + switch (reason) { |
181 | + case REASON_BOUNDS: |
182 | + verbose(env, "R%d has unknown scalar with mixed signed bounds, %s\n", |
183 | + off_reg == dst_reg ? dst : src, err); |
184 | + break; |
185 | + case REASON_TYPE: |
186 | + verbose(env, "R%d has pointer with unsupported alu operation, %s\n", |
187 | + off_reg == dst_reg ? src : dst, err); |
188 | + break; |
189 | + case REASON_PATHS: |
190 | + verbose(env, "R%d tried to %s from different maps, paths or scalars, %s\n", |
191 | + dst, op, err); |
192 | + break; |
193 | + case REASON_LIMIT: |
194 | + verbose(env, "R%d tried to %s beyond pointer bounds, %s\n", |
195 | + dst, op, err); |
196 | + break; |
197 | + case REASON_STACK: |
198 | + verbose(env, "R%d could not be pushed for speculative verification, %s\n", |
199 | + dst, err); |
200 | + break; |
201 | + default: |
202 | + verbose(env, "verifier internal error: unknown reason (%d)\n", |
203 | + reason); |
204 | + break; |
205 | + } |
206 | + |
207 | + return -EACCES; |
208 | +} |
209 | + |
210 | +static int sanitize_check_bounds(struct bpf_verifier_env *env, |
211 | + const struct bpf_insn *insn, |
212 | + const struct bpf_reg_state *dst_reg) |
213 | +{ |
214 | + u32 dst = insn->dst_reg; |
215 | + |
216 | + /* For unprivileged we require that resulting offset must be in bounds |
217 | + * in order to be able to sanitize access later on. |
218 | + */ |
219 | + if (env->allow_ptr_leaks) |
220 | + return 0; |
221 | + |
222 | + switch (dst_reg->type) { |
223 | + case PTR_TO_STACK: |
224 | + if (check_stack_access(env, dst_reg, dst_reg->off + |
225 | + dst_reg->var_off.value, 1)) { |
226 | + verbose(env, "R%d stack pointer arithmetic goes out of range, " |
227 | + "prohibited for !root\n", dst); |
228 | + return -EACCES; |
229 | + } |
230 | + break; |
231 | + case PTR_TO_MAP_VALUE: |
232 | + if (check_map_access(env, dst, dst_reg->off, 1, false)) { |
233 | + verbose(env, "R%d pointer arithmetic of map value goes out of range, " |
234 | + "prohibited for !root\n", dst); |
235 | + return -EACCES; |
236 | + } |
237 | + break; |
238 | + default: |
239 | + break; |
240 | + } |
241 | + |
242 | + return 0; |
243 | } |
244 | |
245 | /* Handles arithmetic on a pointer and a scalar: computes new min/max and var_off. |
246 | @@ -4407,8 +4515,9 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, |
247 | smin_ptr = ptr_reg->smin_value, smax_ptr = ptr_reg->smax_value; |
248 | u64 umin_val = off_reg->umin_value, umax_val = off_reg->umax_value, |
249 | umin_ptr = ptr_reg->umin_value, umax_ptr = ptr_reg->umax_value; |
250 | - u32 dst = insn->dst_reg, src = insn->src_reg; |
251 | + struct bpf_insn_aux_data tmp_aux = {}; |
252 | u8 opcode = BPF_OP(insn->code); |
253 | + u32 dst = insn->dst_reg; |
254 | int ret; |
255 | |
256 | dst_reg = ®s[dst]; |
257 | @@ -4451,13 +4560,6 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, |
258 | verbose(env, "R%d pointer arithmetic on %s prohibited\n", |
259 | dst, reg_type_str[ptr_reg->type]); |
260 | return -EACCES; |
261 | - case PTR_TO_MAP_VALUE: |
262 | - if (!env->allow_ptr_leaks && !known && (smin_val < 0) != (smax_val < 0)) { |
263 | - verbose(env, "R%d has unknown scalar with mixed signed bounds, pointer arithmetic with it prohibited for !root\n", |
264 | - off_reg == dst_reg ? dst : src); |
265 | - return -EACCES; |
266 | - } |
267 | - /* fall-through */ |
268 | default: |
269 | break; |
270 | } |
271 | @@ -4472,13 +4574,15 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, |
272 | !check_reg_sane_offset(env, ptr_reg, ptr_reg->type)) |
273 | return -EINVAL; |
274 | |
275 | + if (sanitize_needed(opcode)) { |
276 | + ret = sanitize_ptr_alu(env, insn, ptr_reg, off_reg, dst_reg, |
277 | + &tmp_aux, false); |
278 | + if (ret < 0) |
279 | + return sanitize_err(env, insn, ret, off_reg, dst_reg); |
280 | + } |
281 | + |
282 | switch (opcode) { |
283 | case BPF_ADD: |
284 | - ret = sanitize_ptr_alu(env, insn, ptr_reg, dst_reg, smin_val < 0); |
285 | - if (ret < 0) { |
286 | - verbose(env, "R%d tried to add from different maps, paths, or prohibited types\n", dst); |
287 | - return ret; |
288 | - } |
289 | /* We can take a fixed offset as long as it doesn't overflow |
290 | * the s32 'off' field |
291 | */ |
292 | @@ -4529,11 +4633,6 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, |
293 | } |
294 | break; |
295 | case BPF_SUB: |
296 | - ret = sanitize_ptr_alu(env, insn, ptr_reg, dst_reg, smin_val < 0); |
297 | - if (ret < 0) { |
298 | - verbose(env, "R%d tried to sub from different maps, paths, or prohibited types\n", dst); |
299 | - return ret; |
300 | - } |
301 | if (dst_reg == off_reg) { |
302 | /* scalar -= pointer. Creates an unknown scalar */ |
303 | verbose(env, "R%d tried to subtract pointer from scalar\n", |
304 | @@ -4614,22 +4713,13 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, |
305 | __reg_deduce_bounds(dst_reg); |
306 | __reg_bound_offset(dst_reg); |
307 | |
308 | - /* For unprivileged we require that resulting offset must be in bounds |
309 | - * in order to be able to sanitize access later on. |
310 | - */ |
311 | - if (!env->allow_ptr_leaks) { |
312 | - if (dst_reg->type == PTR_TO_MAP_VALUE && |
313 | - check_map_access(env, dst, dst_reg->off, 1, false)) { |
314 | - verbose(env, "R%d pointer arithmetic of map value goes out of range, " |
315 | - "prohibited for !root\n", dst); |
316 | - return -EACCES; |
317 | - } else if (dst_reg->type == PTR_TO_STACK && |
318 | - check_stack_access(env, dst_reg, dst_reg->off + |
319 | - dst_reg->var_off.value, 1)) { |
320 | - verbose(env, "R%d stack pointer arithmetic goes out of range, " |
321 | - "prohibited for !root\n", dst); |
322 | - return -EACCES; |
323 | - } |
324 | + if (sanitize_check_bounds(env, insn, dst_reg) < 0) |
325 | + return -EACCES; |
326 | + if (sanitize_needed(opcode)) { |
327 | + ret = sanitize_ptr_alu(env, insn, dst_reg, off_reg, dst_reg, |
328 | + &tmp_aux, true); |
329 | + if (ret < 0) |
330 | + return sanitize_err(env, insn, ret, off_reg, dst_reg); |
331 | } |
332 | |
333 | return 0; |
334 | @@ -4650,7 +4740,6 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, |
335 | s64 smin_val, smax_val; |
336 | u64 umin_val, umax_val; |
337 | u64 insn_bitness = (BPF_CLASS(insn->code) == BPF_ALU64) ? 64 : 32; |
338 | - u32 dst = insn->dst_reg; |
339 | int ret; |
340 | |
341 | if (insn_bitness == 32) { |
342 | @@ -4684,13 +4773,14 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, |
343 | return 0; |
344 | } |
345 | |
346 | + if (sanitize_needed(opcode)) { |
347 | + ret = sanitize_val_alu(env, insn); |
348 | + if (ret < 0) |
349 | + return sanitize_err(env, insn, ret, NULL, NULL); |
350 | + } |
351 | + |
352 | switch (opcode) { |
353 | case BPF_ADD: |
354 | - ret = sanitize_val_alu(env, insn); |
355 | - if (ret < 0) { |
356 | - verbose(env, "R%d tried to add from different pointers or scalars\n", dst); |
357 | - return ret; |
358 | - } |
359 | if (signed_add_overflows(dst_reg->smin_value, smin_val) || |
360 | signed_add_overflows(dst_reg->smax_value, smax_val)) { |
361 | dst_reg->smin_value = S64_MIN; |
362 | @@ -4710,11 +4800,6 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env, |
363 | dst_reg->var_off = tnum_add(dst_reg->var_off, src_reg.var_off); |
364 | break; |
365 | case BPF_SUB: |
366 | - ret = sanitize_val_alu(env, insn); |
367 | - if (ret < 0) { |
368 | - verbose(env, "R%d tried to sub from different pointers or scalars\n", dst); |
369 | - return ret; |
370 | - } |
371 | if (signed_sub_overflows(dst_reg->smin_value, smax_val) || |
372 | signed_sub_overflows(dst_reg->smax_value, smin_val)) { |
373 | /* Overflow possible, we know nothing */ |
374 | diff --git a/tools/testing/selftests/bpf/verifier/bounds_deduction.c b/tools/testing/selftests/bpf/verifier/bounds_deduction.c |
375 | index c162498a64fc6..91869aea6d641 100644 |
376 | --- a/tools/testing/selftests/bpf/verifier/bounds_deduction.c |
377 | +++ b/tools/testing/selftests/bpf/verifier/bounds_deduction.c |
378 | @@ -6,7 +6,7 @@ |
379 | BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), |
380 | BPF_EXIT_INSN(), |
381 | }, |
382 | - .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", |
383 | + .errstr_unpriv = "R1 has pointer with unsupported alu operation", |
384 | .errstr = "R0 tried to subtract pointer from scalar", |
385 | .result = REJECT, |
386 | }, |
387 | @@ -21,7 +21,7 @@ |
388 | BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0), |
389 | BPF_EXIT_INSN(), |
390 | }, |
391 | - .errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types", |
392 | + .errstr_unpriv = "R1 has pointer with unsupported alu operation", |
393 | .result_unpriv = REJECT, |
394 | .result = ACCEPT, |
395 | .retval = 1, |
396 | @@ -34,22 +34,23 @@ |
397 | BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), |
398 | BPF_EXIT_INSN(), |
399 | }, |
400 | - .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", |
401 | + .errstr_unpriv = "R1 has pointer with unsupported alu operation", |
402 | .errstr = "R0 tried to subtract pointer from scalar", |
403 | .result = REJECT, |
404 | }, |
405 | { |
406 | "check deducing bounds from const, 4", |
407 | .insns = { |
408 | + BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), |
409 | BPF_MOV64_IMM(BPF_REG_0, 0), |
410 | BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 1), |
411 | BPF_EXIT_INSN(), |
412 | BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1), |
413 | BPF_EXIT_INSN(), |
414 | - BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0), |
415 | + BPF_ALU64_REG(BPF_SUB, BPF_REG_6, BPF_REG_0), |
416 | BPF_EXIT_INSN(), |
417 | }, |
418 | - .errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types", |
419 | + .errstr_unpriv = "R6 has pointer with unsupported alu operation", |
420 | .result_unpriv = REJECT, |
421 | .result = ACCEPT, |
422 | }, |
423 | @@ -61,7 +62,7 @@ |
424 | BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), |
425 | BPF_EXIT_INSN(), |
426 | }, |
427 | - .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", |
428 | + .errstr_unpriv = "R1 has pointer with unsupported alu operation", |
429 | .errstr = "R0 tried to subtract pointer from scalar", |
430 | .result = REJECT, |
431 | }, |
432 | @@ -74,7 +75,7 @@ |
433 | BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), |
434 | BPF_EXIT_INSN(), |
435 | }, |
436 | - .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", |
437 | + .errstr_unpriv = "R1 has pointer with unsupported alu operation", |
438 | .errstr = "R0 tried to subtract pointer from scalar", |
439 | .result = REJECT, |
440 | }, |
441 | @@ -88,7 +89,7 @@ |
442 | offsetof(struct __sk_buff, mark)), |
443 | BPF_EXIT_INSN(), |
444 | }, |
445 | - .errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types", |
446 | + .errstr_unpriv = "R1 has pointer with unsupported alu operation", |
447 | .errstr = "dereference of modified ctx ptr", |
448 | .result = REJECT, |
449 | .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, |
450 | @@ -103,7 +104,7 @@ |
451 | offsetof(struct __sk_buff, mark)), |
452 | BPF_EXIT_INSN(), |
453 | }, |
454 | - .errstr_unpriv = "R1 tried to add from different maps, paths, or prohibited types", |
455 | + .errstr_unpriv = "R1 has pointer with unsupported alu operation", |
456 | .errstr = "dereference of modified ctx ptr", |
457 | .result = REJECT, |
458 | .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, |
459 | @@ -116,7 +117,7 @@ |
460 | BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), |
461 | BPF_EXIT_INSN(), |
462 | }, |
463 | - .errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types", |
464 | + .errstr_unpriv = "R1 has pointer with unsupported alu operation", |
465 | .errstr = "R0 tried to subtract pointer from scalar", |
466 | .result = REJECT, |
467 | }, |
468 | diff --git a/tools/testing/selftests/bpf/verifier/bounds_mix_sign_unsign.c b/tools/testing/selftests/bpf/verifier/bounds_mix_sign_unsign.c |
469 | index 9baca7a75c42a..c2aa6f26738b4 100644 |
470 | --- a/tools/testing/selftests/bpf/verifier/bounds_mix_sign_unsign.c |
471 | +++ b/tools/testing/selftests/bpf/verifier/bounds_mix_sign_unsign.c |
472 | @@ -19,7 +19,6 @@ |
473 | }, |
474 | .fixup_map_hash_8b = { 3 }, |
475 | .errstr = "unbounded min value", |
476 | - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", |
477 | .result = REJECT, |
478 | }, |
479 | { |
480 | @@ -43,7 +42,6 @@ |
481 | }, |
482 | .fixup_map_hash_8b = { 3 }, |
483 | .errstr = "unbounded min value", |
484 | - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", |
485 | .result = REJECT, |
486 | }, |
487 | { |
488 | @@ -69,7 +67,6 @@ |
489 | }, |
490 | .fixup_map_hash_8b = { 3 }, |
491 | .errstr = "unbounded min value", |
492 | - .errstr_unpriv = "R8 has unknown scalar with mixed signed bounds", |
493 | .result = REJECT, |
494 | }, |
495 | { |
496 | @@ -94,7 +91,6 @@ |
497 | }, |
498 | .fixup_map_hash_8b = { 3 }, |
499 | .errstr = "unbounded min value", |
500 | - .errstr_unpriv = "R8 has unknown scalar with mixed signed bounds", |
501 | .result = REJECT, |
502 | }, |
503 | { |
504 | @@ -141,7 +137,6 @@ |
505 | }, |
506 | .fixup_map_hash_8b = { 3 }, |
507 | .errstr = "unbounded min value", |
508 | - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", |
509 | .result = REJECT, |
510 | }, |
511 | { |
512 | @@ -210,7 +205,6 @@ |
513 | }, |
514 | .fixup_map_hash_8b = { 3 }, |
515 | .errstr = "unbounded min value", |
516 | - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", |
517 | .result = REJECT, |
518 | }, |
519 | { |
520 | @@ -260,7 +254,6 @@ |
521 | }, |
522 | .fixup_map_hash_8b = { 3 }, |
523 | .errstr = "unbounded min value", |
524 | - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", |
525 | .result = REJECT, |
526 | }, |
527 | { |
528 | @@ -287,7 +280,6 @@ |
529 | }, |
530 | .fixup_map_hash_8b = { 3 }, |
531 | .errstr = "unbounded min value", |
532 | - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", |
533 | .result = REJECT, |
534 | }, |
535 | { |
536 | @@ -313,7 +305,6 @@ |
537 | }, |
538 | .fixup_map_hash_8b = { 3 }, |
539 | .errstr = "unbounded min value", |
540 | - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", |
541 | .result = REJECT, |
542 | }, |
543 | { |
544 | @@ -342,7 +333,6 @@ |
545 | }, |
546 | .fixup_map_hash_8b = { 3 }, |
547 | .errstr = "unbounded min value", |
548 | - .errstr_unpriv = "R7 has unknown scalar with mixed signed bounds", |
549 | .result = REJECT, |
550 | }, |
551 | { |
552 | @@ -372,7 +362,6 @@ |
553 | }, |
554 | .fixup_map_hash_8b = { 4 }, |
555 | .errstr = "unbounded min value", |
556 | - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", |
557 | .result = REJECT, |
558 | }, |
559 | { |
560 | @@ -400,7 +389,5 @@ |
561 | }, |
562 | .fixup_map_hash_8b = { 3 }, |
563 | .errstr = "unbounded min value", |
564 | - .errstr_unpriv = "R1 has unknown scalar with mixed signed bounds", |
565 | .result = REJECT, |
566 | - .result_unpriv = REJECT, |
567 | }, |
568 | diff --git a/tools/testing/selftests/bpf/verifier/unpriv.c b/tools/testing/selftests/bpf/verifier/unpriv.c |
569 | index 0d621c841db14..c3f6f650deb76 100644 |
570 | --- a/tools/testing/selftests/bpf/verifier/unpriv.c |
571 | +++ b/tools/testing/selftests/bpf/verifier/unpriv.c |
572 | @@ -503,7 +503,7 @@ |
573 | BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, -8), |
574 | BPF_EXIT_INSN(), |
575 | }, |
576 | - .errstr_unpriv = "R1 tried to add from different maps, paths, or prohibited types", |
577 | + .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", |
578 | .result_unpriv = REJECT, |
579 | .result = ACCEPT, |
580 | }, |
581 | diff --git a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c |
582 | index 00b59d5d7a7f0..28d44e6aa0b7e 100644 |
583 | --- a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c |
584 | +++ b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c |
585 | @@ -21,8 +21,6 @@ |
586 | .fixup_map_hash_16b = { 5 }, |
587 | .fixup_map_array_48b = { 8 }, |
588 | .result = ACCEPT, |
589 | - .result_unpriv = REJECT, |
590 | - .errstr_unpriv = "R1 tried to add from different maps", |
591 | .retval = 1, |
592 | }, |
593 | { |
594 | @@ -122,7 +120,7 @@ |
595 | .fixup_map_array_48b = { 1 }, |
596 | .result = ACCEPT, |
597 | .result_unpriv = REJECT, |
598 | - .errstr_unpriv = "R2 tried to add from different pointers or scalars", |
599 | + .errstr_unpriv = "R2 tried to add from different maps, paths or scalars", |
600 | .retval = 0, |
601 | }, |
602 | { |
603 | @@ -169,7 +167,7 @@ |
604 | .fixup_map_array_48b = { 1 }, |
605 | .result = ACCEPT, |
606 | .result_unpriv = REJECT, |
607 | - .errstr_unpriv = "R2 tried to add from different maps, paths, or prohibited types", |
608 | + .errstr_unpriv = "R2 tried to add from different maps, paths or scalars", |
609 | .retval = 0, |
610 | }, |
611 | { |