| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9c1d60cd-281b-1223-a7dd-aff142410fd0@iogearbox.net> Date: Tue, 18 Dec 2018 23:28:34 +0100 From: Daniel Borkmann <daniel@...earbox.net> To: Jiong Wang <jiong.wang@...ronome.com>, ast@...nel.org Cc: netdev@...r.kernel.org, oss-drivers@...ronome.com Subject: Re: [PATCH bpf-next] bpf: correct slot_type marking logic to allow more stack slot sharing On 12/15/2018 09:34 AM, Jiong Wang wrote: > Verifier is supposed to support sharing stack slot allocated to ptr with > SCALAR_VALUE for privileged program. However this doesn't happen for some > cases. > > The reason is verifier is not clearing slot_type STACK_SPILL for all bytes, > it only clears part of them, while verifier is using: > > slot_type[0] == STACK_SPILL > > as a convention to check one slot is ptr type. > > So, the consequence of partial clearing slot_type is verifier could treat a > partially overridden ptr slot, which should now be a SCALAR_VALUE slot, > still as ptr slot, and rejects some valid programs. > > Before this patch, test_xdp_noinline.o under bpf selftests, bpf_lxc.o and > bpf_netdev.o under Cilium bpf repo, when built with -mattr=+alu32 are > rejected due to this issue. After this patch, they all accepted. > > There is no processed insn number change before and after this patch on > Cilium bpf programs. > > Reviewed-by: Jakub Kicinski <jakub.kicinski@...ronome.com> > Signed-off-by: Jiong Wang <jiong.wang@...ronome.com> Reviewed-by: Daniel Borkmann <daniel@...earbox.net>
Powered by blists - more mailing lists