lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 04 Apr 2017 19:26:19 +0200
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Johannes Berg <johannes@...solutions.net>, netdev@...r.kernel.org
CC:     Alexei Starovoitov <ast@...nel.org>,
        Johannes Berg <johannes.berg@...el.com>
Subject: Re: [PATCH] bpf: use 'ctx' instead of 'skb' in debug message

On 04/04/2017 04:46 PM, Johannes Berg wrote:
> From: Johannes Berg <johannes.berg@...el.com>
>
> The error message here should mention 'ctx' since the context
> is now more generic than just an skb.
>
> Signed-off-by: Johannes Berg <johannes.berg@...el.com>
> ---
>   kernel/bpf/verifier.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 796b68d00119..1b3c921d3798 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -2329,7 +2329,7 @@ static int check_ld_abs(struct bpf_verifier_env *env, struct bpf_insn *insn)
>   		return err;
>
>   	if (regs[BPF_REG_6].type != PTR_TO_CTX) {
> -		verbose("at the time of BPF_LD_ABS|IND R6 != pointer to skb\n");
> +		verbose("at the time of BPF_LD_ABS|IND R6 != pointer to ctx\n");
>   		return -EINVAL;

Seems okay, the reason why we had 'skb' in the verbose message here is
due to BPF_LD + BPF_ABS/BPF_IND operations being only specific to skbs
and no other context (see __bpf_prog_run(), and in verifier may_access_skb()
check before that verbose() message in check_ld_abs()). Reason for this
is mostly historical due to the cBPF to eBPF migration so that these loads
don't get slowed down when migrated to eBPF and can be handled by JIT
optimizations (e.g., caching skb->data), too. Anyway, just to provide
some more background on this. I've no strong opinion if you want to change
the verifier error message, so:

Acked-by: Daniel Borkmann <daniel@...earbox.net>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ