| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <874iwwlejx.fsf@fau.de> Date: Tue, 03 Jun 2025 23:07:30 +0200 From: Luis Gerhorst <luis.gerhorst@....de> To: Kumar Kartikeya Dwivedi <memxor@...il.com> Cc: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Puranjay Mohan <puranjay@...nel.org>, Xu Kuohai <xukuohai@...weicloud.com>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, Hari Bathini <hbathini@...ux.ibm.com>, Christophe Leroy <christophe.leroy@...roup.eu>, Naveen N Rao <naveen@...nel.org>, Madhavan Srinivasan <maddy@...ux.ibm.com>, Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>, Mykola Lysenko <mykolal@...com>, Shuah Khan <shuah@...nel.org>, Henriette Herzog <henriette.herzog@....de>, Saket Kumar Bhaskar <skb99@...ux.ibm.com>, Cupertino Miranda <cupertino.miranda@...cle.com>, Jiayuan Chen <mrpre@....com>, Matan Shachnai <m.shachnai@...il.com>, Dimitar Kanaliev <dimitar.kanaliev@...eground.com>, Shung-Hsi Yu <shung-hsi.yu@...e.com>, Daniel Xu <dxu@...uu.xyz>, bpf@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, linux-kselftest@...r.kernel.org, Maximilian Ott <ott@...fau.de>, Milan Stephan <milan.stephan@....de> Subject: Re: [PATCH bpf-next v3 10/11] bpf: Allow nospec-protected var-offset stack access Kumar Kartikeya Dwivedi <memxor@...il.com> writes: > Hmm, while reading related code, I noticed that sanitize_check_bounds > returns 0 in case the type is not map_value or stack. > It seems like it should be returning an error, cannot check right now > but I'm pretty sure these are not the two pointer types unprivileged > programs can access? > So smells like a bug? I now looked into this and as suspected it does not appear to be a bug but only misleading code, I have sent a patch with a detailed explanation and an assert: https://lore.kernel.org/bpf/20250603204557.332447-1-luis.gerhorst@fau.de/T/#u
Powered by blists - more mailing lists