| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160719215931.GG64618@ast-mbp.thefacebook.com>
Date: Tue, 19 Jul 2016 14:59:32 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Brenden Blanco <bblanco@...mgrid.com>
Cc: davem@...emloft.net, netdev@...r.kernel.org,
Jamal Hadi Salim <jhs@...atatu.com>,
Saeed Mahameed <saeedm@....mellanox.co.il>,
Martin KaFai Lau <kafai@...com>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Ari Saha <as754m@....com>, Or Gerlitz <gerlitz.or@...il.com>,
john.fastabend@...il.com, hannes@...essinduktion.org,
Thomas Graf <tgraf@...g.ch>, Tom Herbert <tom@...bertland.com>,
Daniel Borkmann <daniel@...earbox.net>,
Tariq Toukan <ttoukan.linux@...il.com>
Subject: Re: [PATCH v10 11/12] bpf: enable direct packet data write for xdp
progs
On Tue, Jul 19, 2016 at 12:16:56PM -0700, Brenden Blanco wrote:
> For forwarding to be effective, XDP programs should be allowed to
> rewrite packet data.
>
> This requires that the drivers supporting XDP must all map the packet
> memory as TODEVICE or BIDIRECTIONAL before invoking the program.
>
> Signed-off-by: Brenden Blanco <bblanco@...mgrid.com>
> ---
> kernel/bpf/verifier.c | 17 ++++++++++++++++-
> 1 file changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index a8d67d0..f72f23b 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -653,6 +653,16 @@ static int check_map_access(struct verifier_env *env, u32 regno, int off,
>
> #define MAX_PACKET_OFF 0xffff
>
> +static bool may_write_pkt_data(enum bpf_prog_type type)
> +{
> + switch (type) {
> + case BPF_PROG_TYPE_XDP:
> + return true;
> + default:
> + return false;
> + }
> +}
> +
> static int check_packet_access(struct verifier_env *env, u32 regno, int off,
> int size)
> {
> @@ -806,10 +816,15 @@ static int check_mem_access(struct verifier_env *env, u32 regno, int off,
> err = check_stack_read(state, off, size, value_regno);
> }
> } else if (state->regs[regno].type == PTR_TO_PACKET) {
> - if (t == BPF_WRITE) {
> + if (t == BPF_WRITE && !may_write_pkt_data(env->prog->type)) {
> verbose("cannot write into packet\n");
> return -EACCES;
> }
> + if (t == BPF_WRITE && value_regno >= 0 &&
> + is_pointer_value(env, value_regno)) {
> + verbose("R%d leaks addr into packet\n", value_regno);
> + return -EACCES;
> + }
Like this extra security check :) though it's arguably overkill.
Acked-by: Alexei Starovoitov <ast@...nel.org>
Powered by blists - more mailing lists