[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <615a2102-2244-f0be-6375-16cf795715ef@iogearbox.net>
Date: Fri, 2 Sep 2022 14:47:59 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: Shung-Hsi Yu <shung-hsi.yu@...e.com>
Cc: bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
Alexei Starovoitov <ast@...nel.org>,
John Fastabend <john.fastabend@...il.com>
Subject: Re: [RFC bpf-next 1/2] bpf: tnums: warn against the usage of
tnum_in(tnum_range(), ...)
On 9/2/22 5:52 AM, Shung-Hsi Yu wrote:
> On Thu, Sep 01, 2022 at 05:00:58PM +0200, Daniel Borkmann wrote:
>> On 8/31/22 5:19 AM, Shung-Hsi Yu wrote:
>>> Commit a657182a5c51 ("bpf: Don't use tnum_range on array range checking
>>> for poke descriptors") has shown that using tnum_range() as argument to
>>> tnum_in() can lead to misleading code that looks like tight bound check
>>> when in fact the actual allowed range is much wider.
>>>
>>> Document such behavior to warn against its usage in general, and suggest
>>> some scenario where result can be trusted.
>>>
>>> Link: https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel@iogearbox.net/
>>> Link: https://www.openwall.com/lists/oss-security/2022/08/26/1
>>> Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@...e.com>
>>
>> Any objections from your side if I merge this? Thanks for adding doc. :)
>
> There is a small typo I meant to fix with s/including/include below.
>
> Other than that, none at all, thanks! :)
Fixed up and applied to bpf-next, thanks!
Powered by blists - more mailing lists