patches/old/bpf-kmsan-initialize-bpf-registers-with-zeroes.patch - pub/scm/linux/kernel/git/akpm/25-new - Git at Google

 From: Alexander Potapenko <glider@google.com>
 Subject: bpf: kmsan: initialize BPF registers with zeroes
 Date: Thu, 15 Sep 2022 17:04:15 +0200

 When executing BPF programs, certain registers may get passed
 uninitialized to helper functions.  E.g.  when performing a JMP_CALL,
 registers BPF_R1-BPF_R5 are always passed to the helper, no matter how
 many of them are actually used.

 Passing uninitialized values as function parameters is technically
 undefined behavior, so we work around it by always initializing the
 registers.

 Link: https://lkml.kernel.org/r/20220915150417.722975-42-glider@google.com
 Signed-off-by: Alexander Potapenko <glider@google.com>
 Cc: Alexander Viro <viro@zeniv.linux.org.uk>
 Cc: Alexei Starovoitov <ast@kernel.org>
 Cc: Andrey Konovalov <andreyknvl@gmail.com>
 Cc: Andrey Konovalov <andreyknvl@google.com>
 Cc: Andy Lutomirski <luto@kernel.org>
 Cc: Arnd Bergmann <arnd@arndb.de>
 Cc: Borislav Petkov <bp@alien8.de>
 Cc: Christoph Hellwig <hch@lst.de>
 Cc: Christoph Lameter <cl@linux.com>
 Cc: David Rientjes <rientjes@google.com>
 Cc: Dmitry Vyukov <dvyukov@google.com>
 Cc: Eric Biggers <ebiggers@google.com>
 Cc: Eric Biggers <ebiggers@kernel.org>
 Cc: Eric Dumazet <edumazet@google.com>
 Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 Cc: Herbert Xu <herbert@gondor.apana.org.au>
 Cc: Ilya Leoshkevich <iii@linux.ibm.com>
 Cc: Ingo Molnar <mingo@redhat.com>
 Cc: Jens Axboe <axboe@kernel.dk>
 Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
 Cc: Kees Cook <keescook@chromium.org>
 Cc: Marco Elver <elver@google.com>
 Cc: Mark Rutland <mark.rutland@arm.com>
 Cc: Matthew Wilcox <willy@infradead.org>
 Cc: Michael S. Tsirkin <mst@redhat.com>
 Cc: Pekka Enberg <penberg@kernel.org>
 Cc: Peter Zijlstra <peterz@infradead.org>
 Cc: Petr Mladek <pmladek@suse.com>
 Cc: Stephen Rothwell <sfr@canb.auug.org.au>
 Cc: Steven Rostedt <rostedt@goodmis.org>
 Cc: Thomas Gleixner <tglx@linutronix.de>
 Cc: Vasily Gorbik <gor@linux.ibm.com>
 Cc: Vegard Nossum <vegard.nossum@oracle.com>
 Cc: Vlastimil Babka <vbabka@suse.cz>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 ---

  kernel/bpf/core.c |    2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 --- a/kernel/bpf/core.c~bpf-kmsan-initialize-bpf-registers-with-zeroes
 +++ a/kernel/bpf/core.c
 @@ -2002,7 +2002,7 @@ out:
  static unsigned int PROG_NAME(stack_size)(const void *ctx, const struct bpf_insn *insn) \
  { \
  	u64 stack[stack_size / sizeof(u64)]; \
 -	u64 regs[MAX_BPF_EXT_REG]; \
 +	u64 regs[MAX_BPF_EXT_REG] = {}; \
  \
  	FP = (u64) (unsigned long) &stack[ARRAY_SIZE(stack)]; \
  	ARG1 = (u64) (unsigned long) ctx; \
 _
	From: Alexander Potapenko <glider@google.com>
	Subject: bpf: kmsan: initialize BPF registers with zeroes
	Date: Thu, 15 Sep 2022 17:04:15 +0200

	When executing BPF programs, certain registers may get passed
	uninitialized to helper functions. E.g. when performing a JMP_CALL,
	registers BPF_R1-BPF_R5 are always passed to the helper, no matter how
	many of them are actually used.

	Passing uninitialized values as function parameters is technically
	undefined behavior, so we work around it by always initializing the
	registers.

	Link: https://lkml.kernel.org/r/20220915150417.722975-42-glider@google.com
	Signed-off-by: Alexander Potapenko <glider@google.com>
	Cc: Alexander Viro <viro@zeniv.linux.org.uk>
	Cc: Alexei Starovoitov <ast@kernel.org>
	Cc: Andrey Konovalov <andreyknvl@gmail.com>
	Cc: Andrey Konovalov <andreyknvl@google.com>
	Cc: Andy Lutomirski <luto@kernel.org>
	Cc: Arnd Bergmann <arnd@arndb.de>
	Cc: Borislav Petkov <bp@alien8.de>
	Cc: Christoph Hellwig <hch@lst.de>
	Cc: Christoph Lameter <cl@linux.com>
	Cc: David Rientjes <rientjes@google.com>
	Cc: Dmitry Vyukov <dvyukov@google.com>
	Cc: Eric Biggers <ebiggers@google.com>
	Cc: Eric Biggers <ebiggers@kernel.org>
	Cc: Eric Dumazet <edumazet@google.com>
	Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Cc: Herbert Xu <herbert@gondor.apana.org.au>
	Cc: Ilya Leoshkevich <iii@linux.ibm.com>
	Cc: Ingo Molnar <mingo@redhat.com>
	Cc: Jens Axboe <axboe@kernel.dk>
	Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
	Cc: Kees Cook <keescook@chromium.org>
	Cc: Marco Elver <elver@google.com>
	Cc: Mark Rutland <mark.rutland@arm.com>
	Cc: Matthew Wilcox <willy@infradead.org>
	Cc: Michael S. Tsirkin <mst@redhat.com>
	Cc: Pekka Enberg <penberg@kernel.org>
	Cc: Peter Zijlstra <peterz@infradead.org>
	Cc: Petr Mladek <pmladek@suse.com>
	Cc: Stephen Rothwell <sfr@canb.auug.org.au>
	Cc: Steven Rostedt <rostedt@goodmis.org>
	Cc: Thomas Gleixner <tglx@linutronix.de>
	Cc: Vasily Gorbik <gor@linux.ibm.com>
	Cc: Vegard Nossum <vegard.nossum@oracle.com>
	Cc: Vlastimil Babka <vbabka@suse.cz>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	---

	kernel/bpf/core.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	--- a/kernel/bpf/core.c~bpf-kmsan-initialize-bpf-registers-with-zeroes
	+++ a/kernel/bpf/core.c
	@@ -2002,7 +2002,7 @@ out:
	static unsigned int PROG_NAME(stack_size)(const void ctx, const struct bpf_insn insn) \
	{ \
	u64 stack[stack_size / sizeof(u64)]; \
	- u64 regs[MAX_BPF_EXT_REG]; \
	+ u64 regs[MAX_BPF_EXT_REG] = {}; \
	\
	FP = (u64) (unsigned long) &stack[ARRAY_SIZE(stack)]; \
	ARG1 = (u64) (unsigned long) ctx; \
	_