lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170511.211406.1201174799693258613.davem@davemloft.net> Date: Thu, 11 May 2017 21:14:06 -0400 (EDT) From: David Miller <davem@...emloft.net> To: ast@...com Cc: daniel@...earbox.net, alexei.starovoitov@...il.com, netdev@...r.kernel.org Subject: Re: [PATCH v2 1/7] bpf: Track alignment of register values in the verifier. From: Alexei Starovoitov <ast@...com> Date: Thu, 11 May 2017 15:53:06 -0700 > On 5/11/17 9:05 AM, David Miller wrote: >> + had_id = (dst_reg->id != 0); >> + >> /* dst_reg stays as pkt_ptr type and since some positive >> * integer value was added to the pointer, increment its 'id' >> */ >> dst_reg->id = ++env->id_gen; >> >> - /* something was added to pkt_ptr, set range and off to zero */ >> + /* something was added to pkt_ptr, set range to zero */ >> + dst_reg->aux_off = dst_reg->off; > > what about 2nd addition of a variable to pkt_ptr ? > aux_off sort-of remembers already accumulated offset in pkt_ptr, but > above line will hard assign it which doesn't seem right for the 2nd > addition. > Ex: > before first add, reg->off == 14 > after first add, aux_off = 14, off = 0 > then imm4 added, now we have reg->off=4, aux_off=14 > now we do 2nd add of variable and > reg->aux_off becomes 4 > and if we later do u64 load from the packet it will be rejected > due to (net_ip_align + 4) whereas it should have been ok > due to (net_ip_align + 14 + 4). Indeed, we have to accumulate. I was just thinking about this earlier today. Thanks for pointing this out, I'll work on a fix and write some test cases.
Powered by blists - more mailing lists