| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 May 2018 18:47:39 -0600
From: David Ahern <dsahern@...il.com>
To: Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
borkmann@...earbox.net, ast@...nel.org
Cc: davem@...emloft.net, shm@...ulusnetworks.com,
roopa@...ulusnetworks.com, brouer@...hat.com, toke@...e.dk,
john.fastabend@...il.com
Subject: Re: [bpf-next v1 8/9] bpf: Provide helper to do lookups in kernel FIB
table
On 5/3/18 6:45 PM, Daniel Borkmann wrote:
>> + .ret_type = RET_INTEGER,
>> + .arg1_type = ARG_PTR_TO_CTX,
>> + .arg2_type = ARG_PTR_TO_MEM,
>> + .arg3_type = ARG_CONST_SIZE,
>> + .arg4_type = ARG_ANYTHING,
>> +};
>> +
>> +BPF_CALL_4(bpf_skb_fib_lookup, struct sk_buff *, skb,
>> + struct bpf_fib_lookup *, params, int, plen, u32, flags)
>> +{
>> + if (plen < sizeof(*params))
>> + return -EINVAL;
>> +
>> + switch (params->family) {
>> +#if IS_ENABLED(CONFIG_INET)
>> + case AF_INET:
>> + return bpf_ipv4_fib_lookup(dev_net(skb->dev), params, flags);
>> +#endif
>> +#if IS_ENABLED(CONFIG_IPV6)
>> + case AF_INET6:
>> + return bpf_ipv6_fib_lookup(dev_net(skb->dev), params, flags);
>> +#endif
>> + }
>> + return -ENOTSUPP;
>> +}
>> +
>> +static const struct bpf_func_proto bpf_skb_fib_lookup_proto = {
>> + .func = bpf_skb_fib_lookup,
>> + .gpl_only = true,
>> + .pkt_access = true,
>
> ... this should both not be marked as pkt_access = true. What this means is that
> arg2, which is the struct bpf_fib_lookup, could come from the raw packet buffer.
leftover from the first version which did pass in the packet. Will remove.
Powered by blists - more mailing lists