| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Apr 2018 17:55:20 +0200
From: Daniel Borkmann <daniel@...earbox.net>
To: Jesper Dangaard Brouer <brouer@...hat.com>,
Daniel Borkmann <borkmann@...earbox.net>,
Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: netdev@...r.kernel.org
Subject: Re: [net-next PATCH] bpf: reserve xdp_frame size in xdp headroom
On 04/19/2018 04:17 PM, Jesper Dangaard Brouer wrote:
> Commit 6dfb970d3dbd ("xdp: avoid leaking info stored in frame data on
> page reuse") tried to allow user/bpf_prog to (re)use area used by
> xdp_frame (stored in frame headroom), by memset clearing area when
> bpf_xdp_adjust_head give bpf_prog access to headroom area.
>
> The mentioned commit had two bugs. (1) Didn't take bpf_xdp_adjust_meta
> into account. (2) a combination of bpf_xdp_adjust_head calls, where
> xdp->data is moved into xdp_frame section, can cause clearing
> xdp_frame area again for area previously granted to bpf_prog.
>
> After discussions with Daniel, we choose to implement a simpler
> solution to the problem, which is to reserve the headroom used by
> xdp_frame info.
>
> This also avoids the situation where bpf_prog is allowed to adjust/add
> headers, and then XDP_REDIRECT later drops the packet due to lack of
> headroom for the xdp_frame. This would likely confuse the end-user.
>
> Fixes: 6dfb970d3dbd ("xdp: avoid leaking info stored in frame data on page reuse")
> Signed-off-by: Jesper Dangaard Brouer <brouer@...hat.com>
Applied to bpf-next, thanks Jesper!
Powered by blists - more mailing lists