From: Daniel Borkmann daniel@iogearbox.net
mainline inclusion from mainline-v6.12-rc1 commit b073b82d4d3cee703d17e099c7e739082f15bd2e category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYQOP CVE: CVE-2024-49861
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Given we got rid of ARG_PTR_TO_LONG, change the test case description to avoid potential confusion:
# ./vmtest.sh -- ./test_progs -t verifier_int_ptr [...] ./test_progs -t verifier_int_ptr [ 1.610563] bpf_testmod: loading out-of-tree module taints kernel. [ 1.611049] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel #489/1 verifier_int_ptr/arg pointer to long uninitialized:OK #489/2 verifier_int_ptr/arg pointer to long half-uninitialized:OK #489/3 verifier_int_ptr/arg pointer to long misaligned:OK #489/4 verifier_int_ptr/arg pointer to long size < sizeof(long):OK #489/5 verifier_int_ptr/arg pointer to long initialized:OK #489 verifier_int_ptr:OK Summary: 1/5 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Daniel Borkmann daniel@iogearbox.net Link: https://lore.kernel.org/r/20240913191754.13290-7-daniel@iogearbox.net Signed-off-by: Alexei Starovoitov ast@kernel.org Conflicts: tools/testing/selftests/bpf/verifier/int_ptr.c tools/testing/selftests/bpf/progs/verifier_int_ptr.c [The conflicts were due to test files changed] Signed-off-by: Xiaomeng Zhang zhangxiaomeng13@huawei.com --- tools/testing/selftests/bpf/verifier/int_ptr.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/bpf/verifier/int_ptr.c b/tools/testing/selftests/bpf/verifier/int_ptr.c index fd7bf5d4a35b..cd881ec2688f 100644 --- a/tools/testing/selftests/bpf/verifier/int_ptr.c +++ b/tools/testing/selftests/bpf/verifier/int_ptr.c @@ -1,5 +1,5 @@ { - "ARG_PTR_TO_LONG uninitialized", + "arg pointer to long uninitialized", .insns = { /* bpf_strtoul arg1 (buf) */ BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), @@ -29,7 +29,7 @@ .retval = POINTER_VALUE, }, { - "ARG_PTR_TO_LONG half-uninitialized", + "arg pointer to long half-uninitialized", .insns = { /* bpf_strtoul arg1 (buf) */ BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), @@ -59,7 +59,7 @@ .result = ACCEPT, }, { - "ARG_PTR_TO_LONG misaligned", + "arg pointer to long misaligned", .insns = { /* bpf_strtoul arg1 (buf) */ BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), @@ -93,7 +93,7 @@ .errstr = "misaligned stack access off (0x0; 0x0)+-20+0 size 8", }, { - "ARG_PTR_TO_LONG size < sizeof(long)", + "arg pointer to long size < sizeof(long)", .insns = { /* bpf_strtoul arg1 (buf) */ BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), @@ -125,7 +125,7 @@ .errstr = "invalid indirect access to stack R4 off=-4 size=8", }, { - "ARG_PTR_TO_LONG initialized", + "arg pointer to long initialized", .insns = { /* bpf_strtoul arg1 (buf) */ BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),