| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2a6762cb-fbf5-42ce-ed41-4f1a6c84ae44@stressinduktion.org>
Date: Thu, 27 Apr 2017 13:39:24 +0200
From: Hannes Frederic Sowa <hannes@...essinduktion.org>
To: Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org
Cc: ast@...nel.org, daniel@...earbox.com, jbenc@...hat.com,
aconole@...heb.org
Subject: Re: [PATCH net-next 4/6] bpf: track if the bpf program was loaded
with SYS_ADMIN capabilities
On 26.04.2017 23:04, Daniel Borkmann wrote:
> On 04/26/2017 08:24 PM, Hannes Frederic Sowa wrote:
>> diff --git a/net/core/filter.c b/net/core/filter.c
>> index 9a37860a80fc78..dc020d40bb770a 100644
>> --- a/net/core/filter.c
>> +++ b/net/core/filter.c
>> @@ -1100,7 +1100,7 @@ int bpf_prog_create(struct bpf_prog **pfp,
>> struct sock_fprog_kern *fprog)
>> if (!bpf_check_basics_ok(fprog->filter, fprog->len))
>> return -EINVAL;
>>
>> - fp = bpf_prog_alloc(bpf_prog_size(fprog->len), 0);
>> + fp = bpf_prog_alloc(bpf_prog_size(fprog->len), 0, false);
>> if (!fp)
>> return -ENOMEM;
>>
>
> Did you check that transferring allow_ptr_leaks doesn't have a side
> effect on the nfp JIT? I believe it can also do cbpf migrations to
> a certain extend.
Initially I grepped allow_ptr_leaks usages and didn't see it. I just
looked through the code path and didn't see how it could have an impact.
Also, cbpf programs shouldn't depend on allow_ptr_leak to the best of my
knowledge, no?
Thanks,
Hannes
Powered by blists - more mailing lists