| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Nov 2015 15:30:34 -0800 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Daniel Borkmann <daniel@...earbox.net> Cc: davem@...emloft.net, Alexei Starovoitov <ast@...nel.org>, netdev <netdev@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, syzkaller <syzkaller@...glegroups.com>, Kostya Serebryany <kcc@...gle.com>, Alexander Potapenko <glider@...gle.com>, Eric Dumazet <edumazet@...gle.com>, Sasha Levin <sasha.levin@...cle.com> Subject: Re: [PATCH net] bpf: fix allocation warnings in bpf maps and integer overflow On Mon, Nov 30, 2015 at 11:16:46PM +0100, Daniel Borkmann wrote: > > So, when creating a sufficiently large map where map->key_size + map->value_size > would be > MAX_BPF_STACK (but map->key_size still <= MAX_BPF_STACK), we can only > read the map from an eBPF program, but not update it. In such cases, updates could > only happen from user space application. yes and no. If both key_size + value_size > MAX_BPF_STACK, the program cannot technically call bpf_map_update_elem() helper, but the user space can still populate large map elements and the program can update it, since it can have a pointer via bpf_map_lookup_elem(). So depends on definition of 'update'. btw, the large-ish key support is actually needed too, since on tracing side we need to be able to do map[kernel_stack_and_user_stack]++ and key is multipage long. On userspace side it will be consumed by flamegraphs. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists