github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
ecdd4fd8a5
linux/kernel/bpf
History
Eduard Zingerman ecdd4fd8a5 bpf: fix arg tracking for imprecise/multi-offset BPF_ST/STX 
BPF_STX through ARG_IMPRECISE dst should be recognized as a local
spill and join at_stack with the written value. For example,
consider the following situation:

   // r1 = ARG_IMPRECISE{mask=BIT(0)|BIT(1)}
   *(u64 *)(r1 + 0) = r8

Here the analysis should produce an equivalent of

  at_stack[*] = join(old, r8)

BPF_ST through multi-offset or imprecise dst should join at_stack with
none instead of overwriting the slots. For example, consider the
following situation:

   // r1 = ARG_IMPRECISE{mask=BIT(0)|BIT(1)}
   *(u64 *)(r1 + 0) = 0

Here the analysis should produce an equivalent of

  at_stack[*r1] = join(old, none).

Move the definition of the clear_overlapping_stack_slots() in order to
have __arg_track_join() visible. Remove the OFF_IMPRECISE constant to
avoid having two ways to express imprecise offset.
Only 'offset-imprecise {frame=N, cnt=0}' remains.

Fixes: bf0c571f7f ("bpf: introduce forward arg-tracking dataflow analysis")
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20260413-stacklive-fixes-v2-1-398e126e5cf3@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-15 08:40:47 -07:00
..
preload umd: Remove usermode driver framework 2025-07-26 21:03:04 +02:00
arena.c bpf: Lose const-ness of map in map_check_btf() 2026-02-27 15:39:00 -08:00
arraymap.c bpf: Fix RCU stall in bpf_fd_array_map_clear() 2026-04-10 12:10:06 -07:00
backtrack.c bpf: Move backtracking logic to backtrack.c 2026-04-12 12:36:58 -07:00
bloom_filter.c bpf: Lose const-ness of map in map_check_btf() 2026-02-27 15:39:00 -08:00
bpf_cgrp_storage.c bpf: Remove gfp_flags plumbing from bpf_local_storage_update() 2026-04-10 21:22:32 -07:00
bpf_inode_storage.c bpf: Remove gfp_flags plumbing from bpf_local_storage_update() 2026-04-10 21:22:32 -07:00
bpf_insn_array.c bpf: Lose const-ness of map in map_check_btf() 2026-02-27 15:39:00 -08:00
bpf_iter.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
bpf_local_storage.c bpf: Remove gfp_flags plumbing from bpf_local_storage_update() 2026-04-10 21:22:32 -07:00
bpf_lru_list.c bpf: Replace get_next_cpu() with cpumask_next_wrap() 2025-08-18 15:11:02 +02:00
bpf_lru_list.h
bpf_lsm_proto.c bpf: annotate file argument as __nullable in bpf_lsm_mmap_file 2025-12-21 10:56:33 -08:00
bpf_lsm.c bpf: Drop task_to_inode and inet_conn_established from lsm sleepable hooks 2026-04-07 07:57:07 -07:00
bpf_struct_ops.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
bpf_task_storage.c bpf: Remove gfp_flags plumbing from bpf_local_storage_update() 2026-04-10 21:22:32 -07:00
btf_iter.c
btf_relocate.c
btf.c btf: Support kernel parsing of BTF with layout info 2026-03-26 13:53:56 -07:00
cfg.c bpf: Move check_cfg() into cfg.c 2026-04-12 12:36:45 -07:00
cgroup_iter.c bpf: add new BPF_CGROUP_ITER_CHILDREN control option 2026-01-27 09:05:54 -08:00
cgroup.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
check_btf.c bpf: Move BTF checking logic into check_btf.c 2026-04-12 12:37:04 -07:00
const_fold.c bpf: Add bpf_compute_const_regs() and bpf_prune_dead_branches() passes 2026-04-03 08:34:36 -07:00
core.c bpf: Make find_linfo widely available 2026-04-08 18:09:56 -07:00
cpumap.c bpf: Add missing XDP_ABORTED handling in cpumap 2026-03-03 08:37:21 -08:00
cpumask.c bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs 2026-01-02 12:04:28 -08:00
crypto.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
devmap.c bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path 2026-03-24 15:17:20 -07:00
disasm.c bpf: disasm: add support for BPF_JMP|BPF_JA|BPF_X 2025-11-05 17:53:23 -08:00
disasm.h
dispatcher.c
dmabuf_iter.c bpf: Fix truncated dmabuf iterator reads 2025-12-09 23:48:34 -08:00
fixups.c bpf: Move fixup/post-processing logic from verifier.c into fixups.c 2026-04-12 12:35:54 -07:00
hashtab.c Merge patch series "bpf: Fix OOB in pcpu_init_value and add a test" 2026-04-12 13:36:55 -07:00
helpers.c bpf: Retire rcu_trace_implies_rcu_gp() 2026-04-07 12:24:49 -07:00
inode.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
Kconfig bpf: Update the bpf_prog_calc_tag to use SHA256 2025-09-18 19:10:20 -07:00
kmem_cache_iter.c
link_iter.c bpf: Clean up individual BTF_ID code 2025-07-16 18:34:42 -07:00
liveness.c bpf: fix arg tracking for imprecise/multi-offset BPF_ST/STX 2026-04-15 08:40:47 -07:00
local_storage.c bpf: fix end-of-list detection in cgroup_storage_get_next_key() 2026-04-05 18:45:05 -07:00
log.c bpf: poison dead stack slots 2026-04-10 15:13:38 -07:00
lpm_trie.c bpf: Lose const-ness of map in map_check_btf() 2026-02-27 15:39:00 -08:00
Makefile bpf: Move BTF checking logic into check_btf.c 2026-04-12 12:37:04 -07:00
map_in_map.c
map_in_map.h
map_iter.c bpf: Remove redundant KF_TRUSTED_ARGS flag from all kfuncs 2026-01-02 12:04:28 -08:00
memalloc.c bpf: Retire rcu_trace_implies_rcu_gp() 2026-04-07 12:24:49 -07:00
mmap_unlock_work.h
mprog.c
net_namespace.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
offload.c bpf: Fix use-after-free in offloaded map/prog info fill 2026-04-09 13:24:32 -07:00
percpu_freelist.c
percpu_freelist.h
prog_iter.c bpf: Clean up individual BTF_ID code 2025-07-16 18:34:42 -07:00
queue_stack_maps.c
range_tree.c bpf: arena: Reintroduce memcg accounting 2026-01-02 14:31:59 -08:00
range_tree.h
relo_core.c
reuseport_array.c
ringbuf.c bpf: Add SPDX license identifiers to a few files 2026-01-16 14:50:00 -08:00
rqspinlock.c mm.git review status for linus..mm-nonmm-stable 2026-02-12 12:13:01 -08:00
rqspinlock.h
stackmap.c bpf-next-6.19 2025-12-03 16:54:54 -08:00
states.c bpf: Move state equivalence logic to states.c 2026-04-12 12:36:52 -07:00
stream.c bpf: Add bpf_stream_print_stack stack dumping kfunc 2026-02-03 10:41:16 -08:00
syscall.c bpf: Retire rcu_trace_implies_rcu_gp() 2026-04-07 12:24:49 -07:00
sysfs_btf.c Driver core changes for 6.17-rc1 2025-07-29 12:15:39 -07:00
task_iter.c bpf: return VMA snapshot from task_vma iterator 2026-04-10 12:05:16 -07:00
tcx.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
tnum.c bpf: Simplify tnum_step() 2026-03-24 08:45:29 -07:00
token.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
trampoline.c bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim 2026-03-03 15:13:51 -08:00
verifier.c bpf: Allow instructions with arena source and non-arena dest registers 2026-04-12 12:47:39 -07:00