lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 16 Apr 2015 14:09:21 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	ast@...mgrid.com
Cc:	edumazet@...gle.com, daniel@...earbox.net, tgraf@...g.ch,
	jiri@...nulli.us, jhs@...atatu.com, netdev@...r.kernel.org
Subject: Re: [PATCH net] bpf: fix bpf helpers to use skb->mac_header
 relative offsets

From: Alexei Starovoitov <ast@...mgrid.com>
Date: Wed, 15 Apr 2015 12:55:45 -0700

> For the short-term solution, lets fix bpf helper functions to use
> skb->mac_header relative offsets instead of skb->data in order to
> get the same eBPF programs with cls_bpf and act_bpf work on ingress
> and egress qdisc path. We need to ensure that mac_header is set
> before calling into programs. This is effectively the first option
> from below referenced discussion.
> 
> More long term solution for LD_ABS|LD_IND instructions will be more
> intrusive but also more beneficial than this, and implemented later
> as it's too risky at this point in time.
> 
> I.e., we plan to look into the option of moving skb_pull() out of
> eth_type_trans() and into netif_receive_skb() as has been suggested
> as second option. Meanwhile, this solution ensures ingress can be
> used with eBPF, too, and that we won't run into ABI troubles later.
> For dealing with negative offsets inside eBPF helper functions,
> we've implemented bpf_skb_clone_unwritable() to test for unwriteable
> headers.
> 
> Reference: http://thread.gmane.org/gmane.linux.network/359129/focus=359694
> Fixes: 608cd71a9c7c ("tc: bpf: generalize pedit action")
> Fixes: 91bc4822c3d6 ("tc: bpf: add checksum helpers")
> Signed-off-by: Alexei Starovoitov <ast@...mgrid.com>
> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ