lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20160725.103519.196023078266457070.davem@davemloft.net>
Date:	Mon, 25 Jul 2016 10:35:19 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	daniel@...earbox.net
Cc:	alexei.starovoitov@...il.com, tgraf@...g.ch,
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net-next] bpf, events: fix offset in skb copy handler

From: Daniel Borkmann <daniel@...earbox.net>
Date: Fri, 22 Jul 2016 01:19:42 +0200

> This patch fixes the __output_custom() routine we currently use with
> bpf_skb_copy(). I missed that when len is larger than the size of the
> current handle, we can issue multiple invocations of copy_func, and
> __output_custom() advances destination but also source buffer by the
> written amount of bytes. When we have __output_custom(), this is actually
> wrong since in that case the source buffer points to a non-linear object,
> in our case an skb, which the copy_func helper is supposed to walk.
> Therefore, since this is non-linear we thus need to pass the offset into
> the helper, so that copy_func can use it for extracting the data from
> the source object.
> 
> Therefore, adjust the callback signatures properly and pass offset
> into the skb_header_pointer() invoked from bpf_skb_copy() callback. The
> __DEFINE_OUTPUT_COPY_BODY() is adjusted to accommodate for two things:
> i) to pass in whether we should advance source buffer or not; this is
> a compile-time constant condition, ii) to pass in the offset for
> __output_custom(), which we do with help of __VA_ARGS__, so everything
> can stay inlined as is currently. Both changes allow for adapting the
> __output_* fast-path helpers w/o extra overhead.
> 
> Fixes: 555c8a8623a3 ("bpf: avoid stack copy and use skb ctx for event output")
> Fixes: 7e3f977edd0b ("perf, events: add non-linear data support for raw records")
> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
> Acked-by: Alexei Starovoitov <ast@...nel.org>

Applied.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ