git.kernel.dk Git - linux-block.git/commit

author	Kumar Kartikeya Dwivedi <memxor@gmail.com>
	Sun, 24 Apr 2022 21:48:57 +0000 (03:18 +0530)
committer	Alexei Starovoitov <ast@kernel.org>
	Tue, 26 Apr 2022 03:26:44 +0000 (20:26 -0700)
commit	2ab3b3808eb17f729edfd69e061667ca0a427195
tree	1e7fd6aee6c31285b92415a5ccd4e269cbedcebd	tree \| snapshot
parent	a1ef195996526da45bbc9710849254023df75aea	commit \| diff

bpf: Make BTF type match stricter for release arguments

The current of behavior of btf_struct_ids_match for release arguments is
that when type match fails, it retries with first member type again
(recursively). Since the offset is already 0, this is akin to just
casting the pointer in normal C, since if type matches it was just
embedded inside parent sturct as an object. However, we want to reject
cases for release function type matching, be it kfunc or BPF helpers.

An example is the following:

struct foo {
struct bar b;
};

struct foo *v = acq_foo();
rel_bar(&v->b); // btf_struct_ids_match fails btf_types_are_same, then
// retries with first member type and succeeds, while
// it should fail.

Hence, don't walk the struct and only rely on btf_types_are_same for
strict mode. All users of strict mode must be dealing with zero offset
anyway, since otherwise they would want the struct to be walked.

Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220424214901.2743946-10-memxor@gmail.com

include/linux/bpf.h		diff \| blob \| blame \| history
kernel/bpf/btf.c		diff \| blob \| blame \| history
kernel/bpf/verifier.c		diff \| blob \| blame \| history