| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Aug 2020 23:03:45 -0700
From: Yonghong Song <yhs@...com>
To: Udip Pant <udippant@...com>, Alexei Starovoitov <ast@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>,
Andrii Nakryiko <andriin@...com>,
"David S . Miller" <davem@...emloft.net>
CC: <netdev@...r.kernel.org>, <bpf@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH bpf] bpf: verifier: check for packet data access based on
target prog
On 8/18/20 6:12 PM, Udip Pant wrote:
> While using dynamic program extension (of type BPF_PROG_TYPE_EXT), we
> need to check the program type of the target program to grant the read /
> write access to the packet data.
>
> The BPF_PROG_TYPE_EXT type can be used to extend types such as XDP, SKB
> and others. Since the BPF_PROG_TYPE_EXT program type on itself is just a
> placeholder for those, we need this extended check for those target
> programs to actually work while using this option.
>
> Tested this with a freplace xdp program. Without this patch, the
> verifier fails with error 'cannot write into packet'.
Could you add a selftest for this? FYI, current selftests/bpf have
4 freplace programs:
fexit_bpf2bpf.c:SEC("freplace/get_skb_len")
fexit_bpf2bpf.c:SEC("freplace/get_skb_ifindex")
fexit_bpf2bpf.c:SEC("freplace/get_constant")
freplace_connect4.c:SEC("freplace/do_bind")
>
> Signed-off-by: Udip Pant <udippant@...com>
> ---
> kernel/bpf/verifier.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index ef938f17b944..4d7604430994 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -2629,7 +2629,11 @@ static bool may_access_direct_pkt_data(struct bpf_verifier_env *env,
> const struct bpf_call_arg_meta *meta,
> enum bpf_access_type t)
> {
> - switch (env->prog->type) {
> + struct bpf_prog *prog = env->prog;
> + enum bpf_prog_type prog_type = prog->aux->linked_prog ?
> + prog->aux->linked_prog->type : prog->type;
> +
> + switch (prog_type) {
> /* Program types only with direct read access go here! */
> case BPF_PROG_TYPE_LWT_IN:
> case BPF_PROG_TYPE_LWT_OUT:
>
Powered by blists - more mailing lists