| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c0e6689b-62ef-5b91-b7b2-f30d867fb8f5@iogearbox.net>
Date: Tue, 19 Dec 2017 01:46:40 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Yonghong Song <yhs@...com>, ast@...com, netdev@...r.kernel.org
Cc: guro@...com, kernel-team@...com
Subject: Re: [PATCH net-next] bpf/cgroup: fix a verification error for a
CGROUP_DEVICE type prog
On 12/18/2017 07:13 PM, Yonghong Song wrote:
> The tools/testing/selftests/bpf test program
> test_dev_cgroup fails with the following error
> when compiled with llvm 6.0. (I did not try
> with earlier versions.)
>
> libbpf: load bpf program failed: Permission denied
> libbpf: -- BEGIN DUMP LOG ---
> libbpf:
> 0: (61) r2 = *(u32 *)(r1 +4)
> 1: (b7) r0 = 0
> 2: (55) if r2 != 0x1 goto pc+8
> R0=inv0 R1=ctx(id=0,off=0,imm=0) R2=inv1 R10=fp0
> 3: (69) r2 = *(u16 *)(r1 +0)
> invalid bpf_context access off=0 size=2
> ...
>
> The culprit is the following statement in dev_cgroup.c:
> short type = ctx->access_type & 0xFFFF;
> This code is typical as the ctx->access_type is assigned
> as below in kernel/bpf/cgroup.c:
> struct bpf_cgroup_dev_ctx ctx = {
> .access_type = (access << 16) | dev_type,
> .major = major,
> .minor = minor,
> };
>
> The compiler converts it to u16 access while
> the verifier cgroup_dev_is_valid_access rejects
> any non u32 access.
>
> This patch permits the field access_type to be accessible
> with type u16 and u8 as well.
>
> Signed-off-by: Yonghong Song <yhs@...com>
> Tested-by: Roman Gushchin <guro@...com>
Looks good, applied to bpf-next, thanks Yonghong!
Powered by blists - more mailing lists