lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAADnVQ+PDTTBT5GEZQhnoF0Ni8JVbRD5A+zWRH6DO45Kc-Zn=Q@mail.gmail.com>
Date:   Tue, 15 Oct 2019 16:02:25 -0700
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     Christian Brauner <christian.brauner@...ntu.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        bpf <bpf@...r.kernel.org>, Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Network Development <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 0/3] bpf: switch to new usercopy helpers

On Tue, Oct 15, 2019 at 3:55 PM Christian Brauner
<christian.brauner@...ntu.com> wrote:
>
> On Tue, Oct 15, 2019 at 03:45:54PM -0700, Alexei Starovoitov wrote:
> > On Thu, Oct 10, 2019 at 2:26 AM Christian Brauner
> > <christian.brauner@...ntu.com> wrote:
> > >
> > > On Wed, Oct 09, 2019 at 04:06:18PM -0700, Alexei Starovoitov wrote:
> > > > On Wed, Oct 9, 2019 at 9:09 AM Christian Brauner
> > > > <christian.brauner@...ntu.com> wrote:
> > > > >
> > > > > Hey everyone,
> > > > >
> > > > > In v5.4-rc2 we added two new helpers check_zeroed_user() and
> > > > > copy_struct_from_user() including selftests (cf. [1]). It is a generic
> > > > > interface designed to copy a struct from userspace. The helpers will be
> > > > > especially useful for structs versioned by size of which we have quite a
> > > > > few.
> > > > >
> > > > > The most obvious benefit is that this helper lets us get rid of
> > > > > duplicate code. We've already switched over sched_setattr(), perf_event_open(),
> > > > > and clone3(). More importantly it will also help to ensure that users
> > > > > implementing versioning-by-size end up with the same core semantics.
> > > > >
> > > > > This point is especially crucial since we have at least one case where
> > > > > versioning-by-size is used but with slighly different semantics:
> > > > > sched_setattr(), perf_event_open(), and clone3() all do do similar
> > > > > checks to copy_struct_from_user() while rt_sigprocmask(2) always rejects
> > > > > differently-sized struct arguments.
> > > > >
> > > > > This little series switches over bpf codepaths that have hand-rolled
> > > > > implementations of these helpers.
> > > >
> > > > check_zeroed_user() is not in bpf-next.
> > > > we will let this set sit in patchworks for some time until bpf-next
> > > > is merged back into net-next and we fast forward it.
> > > > Then we can apply it (assuming no conflicts).
> > >
> > > Sounds good to me. Just ping me when you need me to resend rebase onto
> > > bpf-next.
> >
> > -rc1 is now in bpf-next.
> > I took a look at patches and they look good overall.
> >
> > In patches 2 and 3 the zero init via "= {};"
> > should be unnecessary anymore due to
> > copy_struct_from_user() logic, right?
>
> Right, I can remove them.
>
> >
> > Could you also convert all other case in kernel/bpf/,
> > so bpf_check_uarg_tail_zero() can be removed ?
> > Otherwise the half-way conversion will look odd.
>
> Hm, I thought I did that and concluded that bpf_check_uarg_tail_zero()
> can't be removed because sometimes it is called to verify whether a
> given struct is zeroed but nothing is actually copied from userspace but
> rather to userspace. See for example
> v5.4-rc3:kernel/bpf/syscall.c:bpf_map_get_info_by_fd()
> All call sites where something is actually copied from userspace I've
> switched to copy_struct_from_user().

I see. You're right.
Could you update the comment in bpf_check_uarg_tail_zero()
to clarify that copy_struct_from_user() should be used whenever
possible instead ?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ