lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <54078FBC.5050402@redhat.com>
Date:	Thu, 04 Sep 2014 00:01:32 +0200
From:	Daniel Borkmann <dborkman@...hat.com>
To:	Denis Kirjanov <kda@...ux-powerpc.org>
CC:	netdev@...r.kernel.org,
	Markos Chandras <markos.chandras@...tec.com>,
	Martin Schwidefsky <schwidefsky@...ibm.com>,
	Alexei Starovoitov <alexei.starovoitov@...il.com>
Subject: Re: [PATCH v2 net-next] net: filter: export pkt_type_offset() helper

On 09/03/2014 11:08 PM, Denis Kirjanov wrote:
> Currently we have 2 pkt_type_offset functions doing
> the same thing and spread across the architecture files.
> Let's use the generic helper routine.
>
> Signed-off-by: Denis Kirjanov <kda@...ux-powerpc.org>
> Cc: Markos Chandras <markos.chandras@...tec.com>
> Cc: Martin Schwidefsky <schwidefsky@...ibm.com>
> Cc: Daniel Borkmann <dborkman@...hat.com>
> Cc: Alexei Starovoitov <alexei.starovoitov@...il.com>
>
> V2: Initialize the pkt_type_offset through the pure_initcall()
> ---
>   arch/mips/net/bpf_jit.c      | 27 ++-------------------------
>   arch/s390/net/bpf_jit_comp.c | 31 -------------------------------
>   include/linux/filter.h       |  2 ++
>   net/core/filter.c            | 16 +++++++++++++---
>   4 files changed, 17 insertions(+), 59 deletions(-)
>
> diff --git a/arch/mips/net/bpf_jit.c b/arch/mips/net/bpf_jit.c
> index 05a5661..bb9b53f 100644
> --- a/arch/mips/net/bpf_jit.c
> +++ b/arch/mips/net/bpf_jit.c
> @@ -765,27 +765,6 @@ static u64 jit_get_skb_w(struct sk_buff *skb, unsigned offset)
>   	return (u64)err << 32 | ntohl(ret);
>   }
>
> -#ifdef __BIG_ENDIAN_BITFIELD
> -#define PKT_TYPE_MAX	(7 << 5)
> -#else
> -#define PKT_TYPE_MAX	7
> -#endif
> -static int pkt_type_offset(void)
> -{
> -	struct sk_buff skb_probe = {
> -		.pkt_type = ~0,
> -	};
> -	u8 *ct = (u8 *)&skb_probe;
> -	unsigned int off;
> -
> -	for (off = 0; off < sizeof(struct sk_buff); off++) {
> -		if (ct[off] == PKT_TYPE_MAX)
> -			return off;
> -	}
> -	pr_err_once("Please fix pkt_type_offset(), as pkt_type couldn't be found\n");
> -	return -1;
> -}
> -
>   static int build_body(struct jit_ctx *ctx)
>   {
>   	void *load_func[] = {jit_get_skb_b, jit_get_skb_h, jit_get_skb_w};
> @@ -1332,11 +1311,9 @@ jmp_cmp:
>   		case BPF_ANC | SKF_AD_PKTTYPE:
>   			ctx->flags |= SEEN_SKB;
>
> -			off = pkt_type_offset();
> -
> -			if (off < 0)
> +			if (pkt_type_offset < 0)
>   				return -1;
> -			emit_load_byte(r_tmp, r_skb, off, ctx);
> +			emit_load_byte(r_tmp, r_skb, pkt_type_offset, ctx);
>   			/* Keep only the last 3 bits */
>   			emit_andi(r_A, r_tmp, PKT_TYPE_MAX, ctx);
>   #ifdef __BIG_ENDIAN_BITFIELD
> diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
> index 61e45b7..caa0cab 100644
> --- a/arch/s390/net/bpf_jit_comp.c
> +++ b/arch/s390/net/bpf_jit_comp.c
> @@ -223,37 +223,6 @@ static void bpf_jit_epilogue(struct bpf_jit *jit)
>   	EMIT2(0x07fe);
>   }
>
> -/* Helper to find the offset of pkt_type in sk_buff
> - * Make sure its still a 3bit field starting at the MSBs within a byte.
> - */
> -#define PKT_TYPE_MAX 0xe0
> -static int pkt_type_offset;
> -
> -static int __init bpf_pkt_type_offset_init(void)
> -{
> -	struct sk_buff skb_probe = {
> -		.pkt_type = ~0,
> -	};
> -	char *ct = (char *)&skb_probe;
> -	int off;
> -
> -	pkt_type_offset = -1;
> -	for (off = 0; off < sizeof(struct sk_buff); off++) {
> -		if (!ct[off])
> -			continue;
> -		if (ct[off] == PKT_TYPE_MAX)
> -			pkt_type_offset = off;
> -		else {
> -			/* Found non matching bit pattern, fix needed. */
> -			WARN_ON_ONCE(1);
> -			pkt_type_offset = -1;
> -			return -1;
> -		}
> -	}
> -	return 0;
> -}
> -device_initcall(bpf_pkt_type_offset_init);
> -
>   /*
>    * make sure we dont leak kernel information to user
>    */
> diff --git a/include/linux/filter.h b/include/linux/filter.h
> index a5227ab..6814b54 100644
> --- a/include/linux/filter.h
> +++ b/include/linux/filter.h
> @@ -424,6 +424,8 @@ static inline void *bpf_load_pointer(const struct sk_buff *skb, int k,
>   	return bpf_internal_load_pointer_neg_helper(skb, k, size);
>   }
>
> +extern __read_mostly int pkt_type_offset;
> +

Nit:

extern unsigned int pkt_type_offset;

(Perhaps this should also rather be named bpf_pkt_type_offset to not
  cause any current/future name collisions when it's in the header?)

>   #ifdef CONFIG_BPF_JIT
>   #include <stdarg.h>
>   #include <linux/linkage.h>
> diff --git a/net/core/filter.c b/net/core/filter.c
> index d814b8a..edd17f1 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -96,21 +96,29 @@ EXPORT_SYMBOL(sk_filter);
>   #else
>   #define PKT_TYPE_MAX	7
>   #endif
> -static unsigned int pkt_type_offset(void)
> +
> +__read_mostly int pkt_type_offset;

Nit:

unsigned int pkt_type_offset __read_mostly;

> +static int __init init_pkt_type_offset(void)
>   {
>   	struct sk_buff skb_probe = { .pkt_type = ~0, };
>   	u8 *ct = (u8 *) &skb_probe;
>   	unsigned int off;
>
> +	pkt_type_offset = -1;
>   	for (off = 0; off < sizeof(struct sk_buff); off++) {
> -		if (ct[off] == PKT_TYPE_MAX)
> +		if (ct[off] == PKT_TYPE_MAX) {
> +			pkt_type_offset = off;
>   			return off;
> +		}
>   	}

Why not BUG_ON() when pkt_type_offset could not be found?

That way we would know that something is broken and you can
spare the checks for negative offsets everywhere ...

>   	pr_err_once("Please fix %s, as pkt_type couldn't be found!\n", __func__);
>   	return -1;
>   }
>
> +pure_initcall(init_pkt_type_offset);
> +
>   static u64 __skb_get_pay_offset(u64 ctx, u64 a, u64 x, u64 r4, u64 r5)
>   {
>   	return __skb_get_poff((struct sk_buff *)(unsigned long) ctx);
> @@ -190,8 +198,10 @@ static bool convert_bpf_extensions(struct sock_filter *fp,
>   		break;
>
>   	case SKF_AD_OFF + SKF_AD_PKTTYPE:
> +		if (pkt_type_offset < 0)
> +			return false;
>   		*insn = BPF_LDX_MEM(BPF_B, BPF_REG_A, BPF_REG_CTX,
> -				    pkt_type_offset());
> +				    pkt_type_offset);
>   		if (insn->off < 0)
>   			return false;
>   		insn++;
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ