diff options
| author | Alexei Starovoitov <[email protected]> | 2023-07-05 19:14:54 -0700 |
|---|---|---|
| committer | Alexei Starovoitov <[email protected]> | 2023-07-05 19:15:01 -0700 |
| commit | 496720b7cfb6574a8f6f4d434f23e3d1e6cfaeb9 (patch) | |
| tree | 3404326742151691048ad7399fff6bc35dcaa728 | |
| parent | 6843306689aff3aea608e4d2630b2a5a0137f827 (diff) | |
| parent | 906bd22a44c7c381ae92996129b075ea7beba8f6 (diff) | |
Merge branch 'Fix for check_max_stack_depth'
Kumar Kartikeya Dwivedi says:
====================
Fix for a bug in check_max_stack_depth which allows bypassing the
512-byte stack limit.
====================
Signed-off-by: Alexei Starovoitov <[email protected]>
| -rw-r--r-- | kernel/bpf/verifier.c | 5 | ||||
| -rw-r--r-- | tools/testing/selftests/bpf/prog_tests/async_stack_depth.c | 9 | ||||
| -rw-r--r-- | tools/testing/selftests/bpf/progs/async_stack_depth.c | 40 |
3 files changed, 52 insertions, 2 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 11e54dd8b6dd..930b5555cfd3 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5642,8 +5642,9 @@ continue_func: verbose(env, "verifier bug. subprog has tail_call and async cb\n"); return -EFAULT; } - /* async callbacks don't increase bpf prog stack size */ - continue; + /* async callbacks don't increase bpf prog stack size unless called directly */ + if (!bpf_pseudo_call(insn + i)) + continue; } i = next_insn; diff --git a/tools/testing/selftests/bpf/prog_tests/async_stack_depth.c b/tools/testing/selftests/bpf/prog_tests/async_stack_depth.c new file mode 100644 index 000000000000..118abc29b236 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/async_stack_depth.c @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <test_progs.h> + +#include "async_stack_depth.skel.h" + +void test_async_stack_depth(void) +{ + RUN_TESTS(async_stack_depth); +} diff --git a/tools/testing/selftests/bpf/progs/async_stack_depth.c b/tools/testing/selftests/bpf/progs/async_stack_depth.c new file mode 100644 index 000000000000..477ba950bb43 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/async_stack_depth.c @@ -0,0 +1,40 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <vmlinux.h> +#include <bpf/bpf_helpers.h> + +#include "bpf_misc.h" + +struct hmap_elem { + struct bpf_timer timer; +}; + +struct { + __uint(type, BPF_MAP_TYPE_HASH); + __uint(max_entries, 64); + __type(key, int); + __type(value, struct hmap_elem); +} hmap SEC(".maps"); + +__attribute__((noinline)) +static int timer_cb(void *map, int *key, struct bpf_timer *timer) +{ + volatile char buf[256] = {}; + return buf[69]; +} + +SEC("tc") +__failure __msg("combined stack size of 2 calls") +int prog(struct __sk_buff *ctx) +{ + struct hmap_elem *elem; + volatile char buf[256] = {}; + + elem = bpf_map_lookup_elem(&hmap, &(int){0}); + if (!elem) + return 0; + + timer_cb(NULL, NULL, NULL); + return bpf_timer_set_callback(&elem->timer, timer_cb) + buf[0]; +} + +char _license[] SEC("license") = "GPL"; |