lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Nov 2016 19:10:17 -0800 From: Alexei Starovoitov <alexei.starovoitov@...il.com> To: Josef Bacik <jbacik@...com> Cc: jannh@...gle.com, ast@...nel.org, daniel@...earbox.net, davem@...emloft.net, netdev@...r.kernel.org Subject: Re: [PATCH net][v2] bpf: fix range arithmetic for bpf map access On Mon, Nov 14, 2016 at 03:45:36PM -0500, Josef Bacik wrote: > I made some invalid assumptions with BPF_AND and BPF_MOD that could result in > invalid accesses to bpf map entries. Fix this up by doing a few things > > 1) Kill BPF_MOD support. This doesn't actually get used by the compiler in real > life and just adds extra complexity. > > 2) Fix the logic for BPF_AND, don't allow AND of negative numbers and set the > minimum value to 0 for positive AND's. > > 3) Don't do operations on the ranges if they are set to the limits, as they are > by definition undefined, and allowing arithmetic operations on those values > could make them appear valid when they really aren't. > > This fixes the testcase provided by Jann as well as a few other theoretical > problems. > > Reported-by: Jann Horn <jannh@...gle.com> > Signed-off-by: Josef Bacik <jbacik@...com> lgtm. Acked-by: Alexei Starovoitov <ast@...nel.org> Jann, could you please double check the logic. Thanks!
Powered by blists - more mailing lists