From 3e604a6f49fde97ef003cfffe7f62a382bb669bb Mon Sep 17 00:00:00 2001
From: Luis Gerhorst <gerhorst@cs.fau.de>
Date: Thu, 21 Dec 2023 16:34:56 +0100
Subject: [PATCH] [DRAFT] bpf: Raise stack/other sanitization errors up

push_stack() may fail:
- to limit complexity (when called for speculative path)
  -> do_check() will insert nospec
- because of resource limits
  -> we are too close already, do not try to cover these errors up
---
 kernel/bpf/verifier.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 8edf87e92a0e..14f783a190c7 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -11546,7 +11546,6 @@ enum {
 	REASON_TYPE	= -2,
 	REASON_PATHS	= -3,
 	REASON_LIMIT	= -4,
-	REASON_STACK	= -5,
 };
 
 static int retrieve_ptr_limit(const struct bpf_reg_state *ptr_reg,
@@ -11742,7 +11741,7 @@ static int sanitize_ptr_alu(struct bpf_verifier_env *env,
 					env->insn_idx);
 	if (!ptr_is_dst_reg && !err)
 		*dst_reg = tmp;
-	return (err == -ENOMEM || err == -EFAULT) ? REASON_STACK : err;
+	return err;
 }
 
 static void sanitize_mark_insn_seen(struct bpf_verifier_env *env)
@@ -11792,17 +11791,12 @@ static int sanitize_err(struct bpf_verifier_env *env,
 		aux->nospec_v1_result = true;
 		aux->alu_state = 0;
 		return 0;
-	case REASON_STACK:
-		verbose(env, "R%d could not be pushed for speculative verification, %s\n",
-			dst, err);
-		break;
 	default:
-		verbose(env, "verifier internal error: unknown reason (%d)\n",
-			reason);
 		break;
 	}
 
-	return -EACCES;
+	WARN_ON_ONCE(reason >= 0);
+	return reason;
 }
 
 /* check that stack access falls within stack limits and that 'reg' doesn't
-- 
GitLab