Reject BPF program if uninitialized stack or registers are accessed during interpret path #445
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Alan-Jowett
force-pushed
the
ub_check
branch
2 times, most recently
from
d83a876 to
2491e7d
Compare
Alan-Jowett
force-pushed
the
ub_check
branch
5 times, most recently
from
c62564d to
9d46db6
Compare
Alan-Jowett
force-pushed
the
ub_check
branch
2 times, most recently
from
02eef61 to
f9703df
Compare
Reject programs if registers are used before intialized Make undefined behavior check optional Signed-off-by: Alan Jowett <[email protected]>
hawkinsw
reviewed
May 21, 2024
Co-authored-by: Will Hawkins <[email protected]> Signed-off-by: Alan Jowett <[email protected]>
Signed-off-by: Alan Jowett <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request includes changes to improve the
ubpflibrary. The most important changes include adding a new libfuzzer based fuzzer, modifying theLLVMFuzzerTestOneInputfunction to compare the results of the interpreter and JIT compiler, adding a bash script to split the fuzzer input into a program and memory, and adding bounds checking for memory accesses.Improvements to fuzzing:
libfuzzer/README.md: Added instructions for building and running a new libfuzzer based fuzzer.libfuzzer/libfuzz_harness.cc: Modified theLLVMFuzzerTestOneInputfunction to compare the results of the interpreter and JIT compiler, and to ensure the program length is a multiple ofsizeof(ebpf_inst). [1] [2]libfuzzer/split.sh: Added a bash script to split the fuzzer input into a program and memory, and to disassemble the program.Improvements to disassembler:
ubpf/disassembler.py: Modified thedisassemble_onefunction to append " local" to the opcode name if the source register is 1. [1] [2]Improvements to JIT compiler:
vm/ubpf_jit_x86_64.c: Added code to truncate the target register to 32 bits for ALU32 instructions.vm/ubpf_jit_x86_64.h: Added theemit_truncate_u32function to emit instructions to truncate a register to 32 bits.Improvements to VM:
vm/ubpf_vm.c: Added bounds checking for memory accesses, and added checks to ensure registers are initialized before they are read. Also fixed a bug in theEBPF_OP_JEQ32_REGinstruction. [1] [2] [3] [4] [5] [6] [7] [8] [9]Resolves: #480