| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <991C3D59-65D5-4B31-B667-EDAF348F9F7F@gmail.com> Date: Tue, 23 Dec 2025 11:15:46 +0800 From: Zesen Liu <ftyghome@...il.com> To: Amery Hung <ameryhung@...il.com> Cc: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Matt Bobrowski <mattbobrowski@...gle.com>, Steven Rostedt <rostedt@...dmis.org>, Masami Hiramatsu <mhiramat@...nel.org>, Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, Daniel Xu <dxu@...uu.xyz>, Shuah Khan <shuah@...nel.org>, bpf@...r.kernel.org, linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org, netdev@...r.kernel.org, linux-kselftest@...r.kernel.org, Shuran Liu <electronlsr@...il.com>, Peili Gao <gplhust955@...il.com>, Haoran Ni <haoran.ni.cs@...il.com> Subject: Re: [RFC bpf PATCH 0/2] bpf: Fix memory access tags in helper prototypes Apologies for the resend due to an incorrect configuration in my mail client. Thanks for your comment! > On Dec 23, 2025, at 03:29, Amery Hung <ameryhung@...il.com> wrote: > > Perhaps you are conflating one of your proposals here? This is fine > currently. ARG_PTR_TO_MEM without any annotation is viewed as BPF_READ > so passing a read-only buffer should work. Actually, that is not the case. I tested this again, and ARG_PTR_TO_MEM without MEM_RDONLY does reject read-only buffers. You can reproduce this behavior with test_d_path_check_rdonly_mem in selftests by removing its arg2’s MEM_WRITE tag. > I think it is better to make the MEM_WRITE, MEM_RDONLY annotation > explicit and check it in the verifier. > > Flipping the default MEM_RDONLY semantic to MEM_WRITE does not prevent > a similar bug in the future when we have helpers/optimizations/checks > rely on an implicit semantic. The current default semantic is in an inconsistent state: it implies neither MEM_RDONLY nor MEM_WRITE. A naked ARG_PTR_TO_MEM rejects read-only buffers, yet tells the verifier that the helper does not modify the memory. I see two ways to resolve this ambiguity: 1) Enforce explicit memory access tags (disallow naked ARG_PTR_TO_MEM) as I proposed eariler; or 2) Change ARG_PTR_TO_MEM semantics to behave exactly like ARG_PTR_TO_MEM | MEM_RDONLY. I would appreciate your thoughts on this. :) Thanks, Zesen Liu
Powered by blists - more mailing lists