Comments (2)
tgraf
commented on May 21, 2024
The issue is that r1 gets pushed to the stack before the conditional jump. I think may recent upstream work should resolve this.
commit 57a09bf0a416700676e77102c28f9cfcb48267e0
Author: Thomas Graf <[email protected]>
Date: Tue Oct 18 19:51:19 2016 +0200
bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers
A BPF program is required to check the return register of a
map_elem_lookup() call before accessing memory. The verifier keeps
track of this by converting the type of the result register from
PTR_TO_MAP_VALUE_OR_NULL to PTR_TO_MAP_VALUE after a conditional
jump ensures safety. This check is currently exclusively performed
for the result register 0.
In the event the compiler reorders instructions, BPF_MOV64_REG
instructions may be moved before the conditional jump which causes
them to keep their type PTR_TO_MAP_VALUE_OR_NULL to which the
verifier objects when the register is accessed:
0: (b7) r1 = 10
1: (7b) *(u64 *)(r10 -8) = r1
2: (bf) r2 = r10
3: (07) r2 += -8
4: (18) r1 = 0x59c00000
6: (85) call 1
7: (bf) r4 = r0
8: (15) if r0 == 0x0 goto pc+1
R0=map_value(ks=8,vs=8) R4=map_value_or_null(ks=8,vs=8) R10=fp
9: (7a) *(u64 *)(r4 +0) = 0
R4 invalid mem access 'map_value_or_null'
This commit extends the verifier to keep track of all identical
PTR_TO_MAP_VALUE_OR_NULL registers after a map_elem_lookup() by
assigning them an ID and then marking them all when the conditional
jump is observed.
Signed-off-by: Thomas Graf <[email protected]>
Reviewed-by: Josef Bacik <[email protected]>
Acked-by: Daniel Borkmann <[email protected]>
Acked-by: Alexei Starovoitov <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
from cilium.
tgraf
commented on May 21, 2024
Fixed in kernel commit 57a09bf0a416700676e77102c28f9cfcb48267e0
from cilium.
Related Issues (20)
- `ingress.cilium.io/tls-passthrough: "enabled"` can not work HOT 1
- CI: Conformance E2E - check-log-errors - Cannot forward proxied DNS lookup: duplicate request id 24376
- CI: Telemetry for step trace is broken HOT 1
- IPAM Deadlock ? HOT 1
- Some IPv4 connectivity tests still run even with ipv4.enabled=false
- CFP: Support TLS for Cilium metrics endpoint
- Document developer expectations for usage of labels HOT 1
- CFP: Remove Deprecated Function Calls HOT 4
- CI: Installation and Connectivity Test pod-to-world/http(s)-to-google.com: curl: (22) The requested URL returned error: 502
- CI: Conformance EKS (ci-eks): IPSec key rotation: no-interrupted-connections
- CI: Conformance EKS (ci-eks): IPSec key rotation: no-ipsec-xfrm-errors
- CI: Conformance E2E (ci-e2e): check-log-errors: map cilium_ratelimit: pin map to /sys/fs/bpf/tc/globals/cilium_ratelimit: file exists
- Gateway: Combining listeners with HTTPS and TLS protocol HOT 4
- if i changed specific clusterPoolIPv4PodCIDRList, node communiction fails HOT 8
- After disabling ClusterMesh, Cilium seems to think it still exists despite it was disabled HOT 2
- CFP: IP metrics
- cilium_bpf_map_pressure show incorrect map utilization HOT 4
- hostfw: scalability issue due to BPF connection tracking for overlay traffic
- OwnerReferences removal by Cilium Operator HOT 2
- Cilium continues to serve stale IPs from existing allocated ENIs after updating AWS subnets HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cilium.