lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <065efa88-d9f2-f3fb-0f81-a8a7bde4ac8c@iogearbox.net>
Date:   Thu, 21 Dec 2017 03:20:32 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Alexei Starovoitov <ast@...nel.org>,
        "David S . Miller" <davem@...emloft.net>
Cc:     Jann Horn <jannh@...gle.com>, Edward Cree <ecree@...arflare.com>,
        netdev@...r.kernel.org, kernel-team@...com
Subject: Re: [PATCH bpf] bpf: do not allow root to mangle valid pointers

On 12/19/2017 05:15 AM, Alexei Starovoitov wrote:
> Do not allow root to convert valid pointers into unknown scalars.
> In particular disallow:
>  ptr &= reg
>  ptr <<= reg
>  ptr += ptr
> and explicitly allow:
>  ptr -= ptr
> since pkt_end - pkt == length
> 
> 1.
> This minimizes amount of address leaks root can do.
> In the future may need to further tighten the leaks with kptr_restrict.
> 
> 2.
> If program has such pointer math it's likely a user mistake and
> when verifier complains about it right away instead of many instructions
> later on invalid memory access it's easier for users to fix their progs.
> 
> 3.
> when register holding a pointer cannot change to scalar it allows JITs to
> optimize better. Like 32-bit archs could use single register for pointers
> instead of a pair required to hold 64-bit scalars.
> 
> 4.
> reduces architecture dependent behavior. Since code:
> r1 = r10;
> r1 &= 0xff;
> if (r1 ...)
> will behave differently arm64 vs x64 and offloaded vs native.
> 
> A significant chunk of ptr mangling was allowed by
> commit f1174f77b50c ("bpf/verifier: rework value tracking")
> yet some of it was allowed even earlier.
> 
> Signed-off-by: Alexei Starovoitov <ast@...nel.org>

Series applied to bpf tree, thanks Alexei!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ