OpenCloudOS-Kernel/include
David S. Miller d117441674 bpf: Track alignment of register values in the verifier.
Currently if we add only constant values to pointers we can fully
validate the alignment, and properly check if we need to reject the
program on !CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS architectures.

However, once an unknown value is introduced we only allow byte sized
memory accesses which is too restrictive.

Add logic to track the known minimum alignment of register values,
and propagate this state into registers containing pointers.

The most common paradigm that makes use of this new logic is computing
the transport header using the IP header length field.  For example:

	struct ethhdr *ep = skb->data;
	struct iphdr *iph = (struct iphdr *) (ep + 1);
	struct tcphdr *th;
 ...
	n = iph->ihl;
	th = ((void *)iph + (n * 4));
	port = th->dest;

The existing code will reject the load of th->dest because it cannot
validate that the alignment is at least 2 once "n * 4" is added the
the packet pointer.

In the new code, the register holding "n * 4" will have a reg->min_align
value of 4, because any value multiplied by 4 will be at least 4 byte
aligned.  (actually, the eBPF code emitted by the compiler in this case
is most likely to use a shift left by 2, but the end result is identical)

At the critical addition:

	th = ((void *)iph + (n * 4));

The register holding 'th' will start with reg->off value of 14.  The
pointer addition will transform that reg into something that looks like:

	reg->aux_off = 14
	reg->aux_off_align = 4

Next, the verifier will look at the th->dest load, and it will see
a load offset of 2, and first check:

	if (reg->aux_off_align % size)

which will pass because aux_off_align is 4.  reg_off will be computed:

	reg_off = reg->off;
 ...
		reg_off += reg->aux_off;

plus we have off==2, and it will thus check:

	if ((NET_IP_ALIGN + reg_off + off) % size != 0)

which evaluates to:

	if ((NET_IP_ALIGN + 14 + 2) % size != 0)

On strict alignment architectures, NET_IP_ALIGN is 2, thus:

	if ((2 + 14 + 2) % size != 0)

which passes.

These pointer transformations and checks work regardless of whether
the constant offset or the variable with known alignment is added
first to the pointer register.

Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
2017-05-11 14:19:00 -04:00
..
acpi IOMMU Updates for Linux v4.12 2017-05-09 15:15:47 -07:00
asm-generic IOMMU Updates for Linux v4.12 2017-05-09 15:15:47 -07:00
clocksource clocksource: arm_arch_timer: add structs to describe MMIO timer 2017-04-19 16:11:48 +01:00
crypto Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
drm mm, vmalloc: use __GFP_HIGHMEM implicitly 2017-05-08 17:15:13 -07:00
dt-bindings ARM: 64-bit DT updates 2017-05-09 10:07:33 -07:00
keys
kvm * ARM: HYP mode stub supports kexec/kdump on 32-bit; improved PMU 2017-05-08 12:37:56 -07:00
linux bpf: Track alignment of register values in the verifier. 2017-05-11 14:19:00 -04:00
math-emu
media [media] cec.h: merge cec-edid.h into cec.h 2017-04-19 06:53:18 -03:00
memory
misc
net Revert "ipv4: restore rt->fi for reference counting" 2017-05-08 22:35:32 -04:00
pcmcia
ras
rdma Updates #2 for 4.12 kernel merge window 2017-05-08 20:07:29 -07:00
rxrpc
scsi SCSI misc on 20170503 2017-05-04 12:19:44 -07:00
soc ARM: SoC driver updates 2017-05-09 10:01:15 -07:00
sound ASoC: Updates for v4.12 2017-05-02 08:25:25 +02:00
target
trace IOMMU Updates for Linux v4.12 2017-05-09 15:15:47 -07:00
uapi ARC updates for 4.12 2017-05-09 10:10:15 -07:00
video main drm pull request for 4.12 kernel 2017-05-03 11:44:24 -07:00
xen xen: Implement EFI reset_system callback 2017-05-02 12:06:50 +02:00
Kbuild