lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20180928132944.GA30652@castle.intern>
Date:   Fri, 28 Sep 2018 14:29:50 +0100
From:   Roman Gushchin <guro@...com>
To:     Daniel Borkmann <daniel@...earbox.net>
CC:     <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <kernel-team@...com>, Alexei Starovoitov <ast@...nel.org>
Subject: Re: [PATCH bpf-next] bpf: fix flags check in
 bpf_percpu_cgroup_storage_update()

On Fri, Sep 28, 2018 at 02:11:48PM +0200, Daniel Borkmann wrote:
> On 09/28/2018 01:06 PM, Roman Gushchin wrote:
> > Fix an issue in bpf_percpu_cgroup_storage_update(): it should return
> > -EINVAL on an attempt to pass BPF_NOEXIST rather than BPF_EXIST.
> > 
> > Cgroup local storage is automatically created on attaching of a bpf
> > program to a cgroup, and it can't be done from the userspace.
> > 
> > Fixes: 0daef9b42374 ("bpf: introduce per-cpu cgroup local storage")
> > Signed-off-by: Roman Gushchin <guro@...com>
> > Cc: Daniel Borkmann <daniel@...earbox.net>
> > Cc: Alexei Starovoitov <ast@...nel.org>
> > ---
> >  kernel/bpf/local_storage.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/kernel/bpf/local_storage.c b/kernel/bpf/local_storage.c
> > index c739f6dcc3c2..190535f6d5e2 100644
> > --- a/kernel/bpf/local_storage.c
> > +++ b/kernel/bpf/local_storage.c
> > @@ -191,7 +191,7 @@ int bpf_percpu_cgroup_storage_update(struct bpf_map *_map, void *_key,
> >  	int cpu, off = 0;
> >  	u32 size;
> >  
> > -	if (unlikely(map_flags & BPF_EXIST))
> > +	if (map_flags & BPF_NOEXIST)
> >  		return -EINVAL;
> 
> Hmm, this is also incorrect as any future reserved flag would be accepted here and
> couldn't be extended anymore. :/ And it looks like cgroup_storage_update_elem() is
> doing the same today, given the cgroups local storage is still early, we should route
> a patch to stable for fixing this.

Fair enough, will post soon.

> 
> Wrt this series, given the series is top of tree right now, I would prefer a fresh
> respin so we have the fix integrated properly w/o follow-up. Perhaps this could also
> incorporate Alexei's previous cleanup suggestions as well from today if you have a
> chance.

I'm not sure about merging copy() and update() functions, as large #define
blocks are really bad. So I'd think a bit more here. Will do the rest.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ