lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAADnVQJzfnK0Mv6HVKZ38VDuAemzbmSMeYscf77YoEy0SgWw+A@mail.gmail.com>
Date: Sun, 24 Mar 2024 13:43:06 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: David Laight <David.Laight@...lab.com>
Cc: Puranjay Mohan <puranjay12@...il.com>, Ilya Leoshkevich <iii@...ux.ibm.com>, 
	"David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>, 
	Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, 
	Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, 
	Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, 
	Yonghong Song <yonghong.song@...ux.dev>, John Fastabend <john.fastabend@...il.com>, 
	KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...gle.com>, Hao Luo <haoluo@...gle.com>, 
	Jiri Olsa <jolsa@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, 
	Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, X86 ML <x86@...nel.org>, 
	"H. Peter Anvin" <hpa@...or.com>, Jean-Philippe Brucker <jean-philippe@...aro.org>, 
	Network Development <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>, 
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH bpf] bpf: verifier: prevent userspace memory access

On Sun, Mar 24, 2024 at 1:05 PM David Laight <David.Laight@...lab.com> wrote:
>
> From: Alexei Starovoitov
> > Sent: 21 March 2024 06:08
> >
> > On Wed, Mar 20, 2024 at 3:55 AM Puranjay Mohan <puranjay12@...il.com> wrote:
> > >
> > > The JITs need to implement bpf_arch_uaddress_limit() to define where
> > > the userspace addresses end for that architecture or TASK_SIZE is taken
> > > as default.
> > >
> > > The implementation is as follows:
> > >
> > > REG_AX =  SRC_REG
> > > if(offset)
> > >         REG_AX += offset;
> > > REG_AX >>= 32;
> > > if (REG_AX <= (uaddress_limit >> 32))
> > >         DST_REG = 0;
> > > else
> > >         DST_REG = *(size *)(SRC_REG + offset);
> >
> > The patch looks good, but it seems to be causing s390 CI failures.
>
> I'm confused by the need for this check (and, IIRC, some other bpf
> code that does kernel copies that can fault - and return an error).
>
> I though that the entire point of bpf was that is sanitised and
> verified everything to limit what the 'program' could do in order
> to stop it overwriting (or even reading) kernel structures that
> is wasn't supposed to access.
>
> So it just shouldn't have a address that might be (in any way)
> invalid.

bpf tracing progs can call bpf_probe_read_kernel() which
can read any kernel memory.
This is nothing but an inlined version of it.

> The only possible address verify is access_ok() to ensure that
> a uses address really is a user address.

access_ok() considerations don't apply.
We're not dealing with user memory access.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ