| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Dec 2017 03:20:32 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Alexei Starovoitov <ast@...nel.org>,
"David S . Miller" <davem@...emloft.net>
Cc: Jann Horn <jannh@...gle.com>, Edward Cree <ecree@...arflare.com>,
netdev@...r.kernel.org, kernel-team@...com
Subject: Re: [PATCH bpf] bpf: do not allow root to mangle valid pointers
On 12/19/2017 05:15 AM, Alexei Starovoitov wrote:
> Do not allow root to convert valid pointers into unknown scalars.
> In particular disallow:
> ptr &= reg
> ptr <<= reg
> ptr += ptr
> and explicitly allow:
> ptr -= ptr
> since pkt_end - pkt == length
>
> 1.
> This minimizes amount of address leaks root can do.
> In the future may need to further tighten the leaks with kptr_restrict.
>
> 2.
> If program has such pointer math it's likely a user mistake and
> when verifier complains about it right away instead of many instructions
> later on invalid memory access it's easier for users to fix their progs.
>
> 3.
> when register holding a pointer cannot change to scalar it allows JITs to
> optimize better. Like 32-bit archs could use single register for pointers
> instead of a pair required to hold 64-bit scalars.
>
> 4.
> reduces architecture dependent behavior. Since code:
> r1 = r10;
> r1 &= 0xff;
> if (r1 ...)
> will behave differently arm64 vs x64 and offloaded vs native.
>
> A significant chunk of ptr mangling was allowed by
> commit f1174f77b50c ("bpf/verifier: rework value tracking")
> yet some of it was allowed even earlier.
>
> Signed-off-by: Alexei Starovoitov <ast@...nel.org>
Series applied to bpf tree, thanks Alexei!
Powered by blists - more mailing lists