| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 2 Apr 2016 23:11:52 -0700
From: Brenden Blanco <bblanco@...mgrid.com>
To: Jesper Dangaard Brouer <brouer@...hat.com>
Cc: davem@...emloft.net, netdev@...r.kernel.org, tom@...bertland.com,
alexei.starovoitov@...il.com, ogerlitz@...lanox.com,
daniel@...earbox.net, john.fastabend@...il.com
Subject: Re: [RFC PATCH 4/5] mlx4: add support for fast rx drop bpf program
On Sat, Apr 02, 2016 at 10:23:31AM +0200, Jesper Dangaard Brouer wrote:
[...]
>
> I think you need to DMA sync RX-page before you can safely access
> packet data in page (on all arch's).
>
Thanks, I will give that a try in the next spin.
> > + ethh = (struct ethhdr *)(page_address(frags[0].page) +
> > + frags[0].page_offset);
> > + if (mlx4_call_bpf(prog, ethh, length)) {
>
> AFAIK length here covers all the frags[n].page, thus potentially
> causing the BPF program to access memory out of bound (crash).
>
> Having several page fragments is AFAIK an optimization for jumbo-frames
> on PowerPC (which is a bit annoying for you use-case ;-)).
>
Yeah, this needs some more work. I can think of some options:
1. limit pseudo skb.len to first frag's length only, and signal to
program that the packet is incomplete
2. for nfrags>1 skip bpf processing, but this could be functionally
incorrect for some use cases
3. run the program for each frag
4. reject ndo_bpf_set when frags are possible (large mtu?)
My preference is to go with 1, thoughts?
>
[...]
Powered by blists - more mailing lists