lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ed5cozsc7mduzmgbwrlw3lou4tlb6zpivhs2xrqwgpq2rhvkue@l7aifknll4tb>
Date: Thu, 21 Mar 2024 09:45:05 +0100
From: Ilya Leoshkevich <iii@...ux.ibm.com>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>,
        Puranjay Mohan <puranjay12@...il.com>
Cc: "David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <martin.lau@...ux.dev>,
        Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>,
        Yonghong Song <yonghong.song@...ux.dev>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...gle.com>,
        Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
        Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
        Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, X86 ML <x86@...nel.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        Jean-Philippe Brucker <jean-philippe@...aro.org>,
        Network Development <netdev@...r.kernel.org>,
        bpf <bpf@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH bpf] bpf: verifier: prevent userspace memory access

On Wed, Mar 20, 2024 at 11:08:00PM -0700, Alexei Starovoitov wrote:
> On Wed, Mar 20, 2024 at 3:55 AM Puranjay Mohan <puranjay12@...il.com> wrote:
> >
> > The JITs need to implement bpf_arch_uaddress_limit() to define where
> > the userspace addresses end for that architecture or TASK_SIZE is taken
> > as default.
> >
> > The implementation is as follows:
> >
> > REG_AX =  SRC_REG
> > if(offset)
> >         REG_AX += offset;
> > REG_AX >>= 32;
> > if (REG_AX <= (uaddress_limit >> 32))
> >         DST_REG = 0;
> > else
> >         DST_REG = *(size *)(SRC_REG + offset);
> 
> The patch looks good, but it seems to be causing s390 CI failures.
> 
> Ilya,
> could you help us understand is this check needed on s390
> and if so, what should be the uaddress_limit ?

s390x does not define ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE.
Userspace and kernel run in completely different and isolated address
spaces, so it's not possible to determine from a pointer value whether
it's a user or a kernel pointer.
But the good news is that whatever you deference without using
special instruction sequences will refer to the kernel address space.
So I wonder if we could somehow disable this check on s390x altogether?
And if we are not sure whether it's a valid pointer, use BPF_PROBE_MEM
as always.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ