diff options
author | Martin KaFai Lau <martin.lau@kernel.org> | 2024-03-27 11:28:27 -0700 |
---|---|---|
committer | Martin KaFai Lau <martin.lau@kernel.org> | 2024-03-27 11:28:27 -0700 |
commit | d8889e866be3ae58313beae3567f00f0b1dc3363 (patch) | |
tree | 329ddbec9f64c27b220e7aa086ef11e4a83dd4a7 | |
parent | 45a683b2d815c4d775b77e8c8f0ac9e9b65f3f12 (diff) | |
download | bpf-next-interpreter.kmsan.tar.gz |
bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter modeinterpreter.kmsan
syzbot reported uninit memory usages during map_{lookup,delete}_elem.
It is due to the "void *key" passed to the helper. bpf allows uninit
stack memory access for bpf prog with the right privileges. This patch
uses kmsan_unpoison_memory() to mark the stack as initialized.
Reported-by: syzbot+603bcd9b0bf1d94dbb9b@syzkaller.appspotmail.com
Reported-by: syzbot+eb02dc7f03dce0ef39f3@syzkaller.appspotmail.com
Reported-by: syzbot+1a3cf6f08d68868f9db3@syzkaller.appspotmail.com
Reported-by: syzbot+b4e65ca24fd4d0c734c3@syzkaller.appspotmail.com
Reported-by: syzbot+d2b113dc9fea5e1d2848@syzkaller.appspotmail.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
-rw-r--r-- | kernel/bpf/core.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 5aacb1d3c4cc7..ab400cdd7d7ae 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -2218,6 +2218,7 @@ static unsigned int PROG_NAME(stack_size)(const void *ctx, const struct bpf_insn u64 stack[stack_size / sizeof(u64)]; \ u64 regs[MAX_BPF_EXT_REG] = {}; \ \ + kmsan_unpoison_memory(stack, sizeof(stack)); \ FP = (u64) (unsigned long) &stack[ARRAY_SIZE(stack)]; \ ARG1 = (u64) (unsigned long) ctx; \ return ___bpf_prog_run(regs, insn); \ @@ -2231,6 +2232,7 @@ static u64 PROG_NAME_ARGS(stack_size)(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5, \ u64 stack[stack_size / sizeof(u64)]; \ u64 regs[MAX_BPF_EXT_REG]; \ \ + kmsan_unpoison_memory(stack, sizeof(stack)); \ FP = (u64) (unsigned long) &stack[ARRAY_SIZE(stack)]; \ BPF_R1 = r1; \ BPF_R2 = r2; \ |