lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 12 Jan 2017 09:25:20 +0100
From:   Quentin Monnet <quentin.monnet@...nd.com>
To:     Daniel Borkmann <daniel@...earbox.net>, davem@...emloft.net
Cc:     alexei.starovoitov@...il.com, netdev@...r.kernel.org
Subject: Re: [PATCH net-next 2/2] bpf: allow b/h/w/dw access for bpf's cb in
 ctx

Hi Daniel,

2017-01-12 (02:21 +0100) ~ Daniel Borkmann <daniel@...earbox.net>
> When structs are used to store temporary state in cb[] buffer that is
> used with programs and among tail calls, then the generated code will
> not always access the buffer in bpf_w chunks. We can ease programming
> of it and let this act more natural by allowing for aligned b/h/w/dw
> sized access for cb[] ctx member. Various test cases are attached as
> well for the selftest suite. Potentially, this can also be reused for
> other program types to pass data around.
> 
> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
> Acked-by: Alexei Starovoitov <ast@...nel.org>
> ---
>  kernel/bpf/verifier.c                       |   8 +-
>  net/core/filter.c                           |  41 ++-
>  tools/testing/selftests/bpf/test_verifier.c | 442 +++++++++++++++++++++++++++-
>  3 files changed, 478 insertions(+), 13 deletions(-)
> 

[...]

> diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
> index 9bb4534..f664bed 100644
> --- a/tools/testing/selftests/bpf/test_verifier.c
> +++ b/tools/testing/selftests/bpf/test_verifier.c
> @@ -859,15 +859,451 @@ struct test_val {

[...]

> +	{
> +		"check cb access: doulbe, oob 5",
> +		.insns = {
> +			BPF_MOV64_IMM(BPF_REG_0, 0),
> +			BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
> +				    offsetof(struct __sk_buff, cb[4]) + 8),
> +			BPF_EXIT_INSN(),
> +		},
> +		.errstr = "invalid bpf_context access",
> +		.result = REJECT,
> +	},

Nitpicking: typo ("doulbe").

Regards,
Quentin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ