| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Feb 2017 22:19:22 -0800
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: William Tu <u9012063@...il.com>
Cc: Daniel Borkmann <daniel@...earbox.net>,
Linux Kernel Network Developers <netdev@...r.kernel.org>
Subject: Re: [PATCH net-next] bpf: fix verifier issue at check_packet_ptr_add
On Thu, Feb 02, 2017 at 09:31:06PM -0800, William Tu wrote:
>
> Yes, this is auto-generated. We want to use P4 2016 as front end to
> generate ebpf for XDP.
P4 2016 front-end ? is it public? Is there a 2017 version? ;)
just curious.
> >
> > The line 272 is r4 += r2
> > where R4=imm4 and R2=pkt_end
>
> R2 is no longer pkt_end, it's R2 == R0 == 0
> 269: (bf) r2 = r0
> 270: (77) r2 >>= 3
> 271: (bf) r4 = r1
> 272: (0f) r4 += r2
>
> So at line 272, it's pkt_ptr = pkt_ptr + 0
> thus the following fix works for us.
> - if (imm <= 0) {
> + if (imm < 0) {
got it. I forgot that we have:
if (src_reg->type == CONST_IMM) {
/* pkt_ptr += reg where reg is known constant */
imm = src_reg->imm;
goto add_imm;
}
and got confused by if (BPF_SRC(insn->code) == BPF_K) bit.
Thanks for explaining!
Could you respin with the extra test for it in the test_verifier.c ?
Since it's a rare case, would be good to keep it working.
Powered by blists - more mailing lists