bpf: Allow multiple modifiers in reg_type_str() prefix

reg_type_str() in the verifier currently only allows a single register
type modifier to be present in the 'prefix' string which is eventually
stored in the env type_str_buf. This currently works fine because there
are no overlapping type modifiers, but once PTR_TRUSTED is added, that
will no longer be the case. This patch updates reg_type_str() to support
having multiple modifiers in the prefix string, and updates the size of
type_str_buf to be 128 bytes.

Signed-off-by: David Vernet <void@manifault.com>
Link: https://lore.kernel.org/r/20221120051004.3605026-2-void@manifault.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index 23f30c685f287dfbcd675d39c0ecced91fa70e76..608dde740fef1f352dd82ff4801073b8f0ad8fc7 100644 (file)
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -19,7 +19,7 @@
  */
 #define BPF_MAX_VAR_SIZ        (1 << 29)
 /* size of type_str_buf in bpf_verifier. */
-#define TYPE_STR_BUF_LEN 64
+#define TYPE_STR_BUF_LEN 128
 
 /* Liveness marks, used for registers and spilled-regs (in stack slots).
  * Read marks propagate upwards until they find a write mark; they record that

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 195d24316750d32eeb81186040495d17bde404a9..67a6f11d953c74d5c69c07c83ffe8c9e3806eed6 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -557,7 +557,7 @@ static bool is_cmpxchg_insn(const struct bpf_insn *insn)
 static const char *reg_type_str(struct bpf_verifier_env *env,
                                enum bpf_reg_type type)
 {
-       char postfix[16] = {0}, prefix[32] = {0};
+       char postfix[16] = {0}, prefix[64] = {0};
        static const char * const str[] = {
                [NOT_INIT]              = "?",
                [SCALAR_VALUE]          = "scalar",
@@ -589,16 +589,13 @@ static const char *reg_type_str(struct bpf_verifier_env *env,
                        strncpy(postfix, "_or_null", 16);
        }
 
-       if (type & MEM_RDONLY)
-               strncpy(prefix, "rdonly_", 32);
-       if (type & MEM_RINGBUF)
-               strncpy(prefix, "ringbuf_", 32);
-       if (type & MEM_USER)
-               strncpy(prefix, "user_", 32);
-       if (type & MEM_PERCPU)
-               strncpy(prefix, "percpu_", 32);
-       if (type & PTR_UNTRUSTED)
-               strncpy(prefix, "untrusted_", 32);
+       snprintf(prefix, sizeof(prefix), "%s%s%s%s%s",
+                type & MEM_RDONLY ? "rdonly_" : "",
+                type & MEM_RINGBUF ? "ringbuf_" : "",
+                type & MEM_USER ? "user_" : "",
+                type & MEM_PERCPU ? "percpu_" : "",
+                type & PTR_UNTRUSTED ? "untrusted_" : ""
+       );
 
        snprintf(env->type_str_buf, TYPE_STR_BUF_LEN, "%s%s%s",
                 prefix, str[base_type(type)], postfix);