| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170911.143340.2229370127207977653.davem@davemloft.net>
Date: Mon, 11 Sep 2017 14:33:40 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: brouer@...hat.com
Cc: netdev@...r.kernel.org, john.fastabend@...il.com,
andy@...yhouse.net
Subject: Re: [V3 PATCH net] xdp: implement xdp_redirect_map for generic XDP
From: Jesper Dangaard Brouer <brouer@...hat.com>
Date: Sun, 10 Sep 2017 09:47:02 +0200
> Using bpf_redirect_map is allowed for generic XDP programs, but the
> appropriate map lookup was never performed in xdp_do_generic_redirect().
>
> Instead the map-index is directly used as the ifindex. For the
> xdp_redirect_map sample in SKB-mode '-S', this resulted in trying
> sending on ifindex 0 which isn't valid, resulting in getting SKB
> packets dropped. Thus, the reported performance numbers are wrong in
> commit 24251c264798 ("samples/bpf: add option for native and skb mode
> for redirect apps") for the 'xdp_redirect_map -S' case.
>
> Before commit 109980b894e9 ("bpf: don't select potentially stale
> ri->map from buggy xdp progs") it could crash the kernel. Like this
> commit also check that the map_owner owner is correct before
> dereferencing the map pointer. But make sure that this API misusage
> can be caught by a tracepoint. Thus, allowing userspace via
> tracepoints to detect misbehaving bpf_progs.
>
> Fixes: 6103aa96ec07 ("net: implement XDP_REDIRECT for xdp generic")
> Fixes: 24251c264798 ("samples/bpf: add option for native and skb mode for redirect apps")
> Signed-off-by: Jesper Dangaard Brouer <brouer@...hat.com>
Applied, thanks Jesper.
Powered by blists - more mailing lists