| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAADnVQLC_zViaCs5Huu63Jr2oCx1NGY3f_VCkJhrKvqst7HL=g@mail.gmail.com> Date: Mon, 9 Jun 2025 22:31:31 -0700 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Luis Gerhorst <luis.gerhorst@....de> Cc: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Puranjay Mohan <puranjay@...nel.org>, Xu Kuohai <xukuohai@...weicloud.com>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, Hari Bathini <hbathini@...ux.ibm.com>, Christophe Leroy <christophe.leroy@...roup.eu>, Naveen N Rao <naveen@...nel.org>, Madhavan Srinivasan <maddy@...ux.ibm.com>, Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>, Mykola Lysenko <mykolal@...com>, Shuah Khan <shuah@...nel.org>, Henriette Herzog <henriette.herzog@....de>, Saket Kumar Bhaskar <skb99@...ux.ibm.com>, Cupertino Miranda <cupertino.miranda@...cle.com>, Jiayuan Chen <mrpre@....com>, Matan Shachnai <m.shachnai@...il.com>, Dimitar Kanaliev <dimitar.kanaliev@...eground.com>, Shung-Hsi Yu <shung-hsi.yu@...e.com>, Daniel Xu <dxu@...uu.xyz>, bpf <bpf@...r.kernel.org>, linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>, LKML <linux-kernel@...r.kernel.org>, ppc-dev <linuxppc-dev@...ts.ozlabs.org>, "open list:KERNEL SELFTEST FRAMEWORK" <linux-kselftest@...r.kernel.org>, Kumar Kartikeya Dwivedi <memxor@...il.com>, Maximilian Ott <ott@...fau.de>, Milan Stephan <milan.stephan@....de> Subject: Re: [PATCH bpf-next v4 9/9] bpf: Fall back to nospec for sanitization-failures On Tue, Jun 3, 2025 at 2:32 PM Luis Gerhorst <luis.gerhorst@....de> wrote: > > ALU sanitization was introduced to ensure that a subsequent ptr access > can never go OOB, even under speculation. This is required because we > currently allow speculative scalar confusion. Spec. scalar confusion is > possible because Spectre v4 sanitization only adds a nospec after > critical stores (e.g., scalar overwritten with a pointer). > > If we add a nospec before the ALU op, none of the operands can be > subject to scalar confusion. As an ADD/SUB can not introduce scalar > confusion itself, the result will also not be subject to scalar > confusion. Therefore, the subsequent ptr access is always safe. > > We directly fall back to nospec for the sanitization errors > REASON_BOUNDS, _TYPE, _PATHS, and _LIMIT, even if we are not on a > speculative path. > > For REASON_STACK, we return the error -ENOMEM directly now. Previously, > sanitize_err() returned -EACCES for this case but we change it to > -ENOMEM because doing so prevents do_check() from falling back to a > nospec if we are on a speculative path. This would not be a serious > issue (the verifier would probably run into the -ENOMEM again shortly on > the next non-speculative path and still abort verification), but -ENOMEM > is more fitting here anyway. An alternative would be -EFAULT, which is > also returned for some of the other cases where push_stack() fails, but > this is more frequently used for verifier-internal bugs. > > Signed-off-by: Luis Gerhorst <luis.gerhorst@....de> > Acked-by: Kumar Kartikeya Dwivedi <memxor@...il.com> > Acked-by: Henriette Herzog <henriette.herzog@....de> > Cc: Maximilian Ott <ott@...fau.de> > Cc: Milan Stephan <milan.stephan@....de> > --- > kernel/bpf/verifier.c | 89 ++++++----------- > .../selftests/bpf/progs/verifier_bounds.c | 5 +- > .../bpf/progs/verifier_bounds_deduction.c | 45 ++++++--- > .../selftests/bpf/progs/verifier_map_ptr.c | 20 +++- > .../bpf/progs/verifier_value_ptr_arith.c | 97 ++++++++++++++++--- > 5 files changed, 160 insertions(+), 96 deletions(-) I applied the first 8, but this patch had odd merge conflicts and I didn't want to risk it. Please rebase.
Powered by blists - more mailing lists