lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 10 Oct 2019 21:50:31 +1100
From:   Aleksa Sarai <cyphar@...har.com>
To:     Christian Brauner <christian.brauner@...ntu.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>, bpf@...r.kernel.org,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/3] bpf: use check_zeroed_user() in
 bpf_check_uarg_tail_zero()

On 2019-10-09, Christian Brauner <christian.brauner@...ntu.com> wrote:
> In v5.4-rc2 we added a new helper (cf. [1]) check_zeroed_user() which
> does what bpf_check_uarg_tail_zero() is doing generically. We're slowly
> switching such codepaths over to use check_zeroed_user() instead of
> using their own hand-rolled version.
> 
> [1]: f5a1a536fa14 ("lib: introduce copy_struct_from_user() helper")
> Signed-off-by: Christian Brauner <christian.brauner@...ntu.com>

Acked-by: Aleksa Sarai <cyphar@...har.com>

> ---
>  kernel/bpf/syscall.c | 22 +++++++---------------
>  1 file changed, 7 insertions(+), 15 deletions(-)
> 
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index 82eabd4e38ad..78790778f101 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -63,30 +63,22 @@ int bpf_check_uarg_tail_zero(void __user *uaddr,
>  			     size_t expected_size,
>  			     size_t actual_size)
>  {
> -	unsigned char __user *addr;
> -	unsigned char __user *end;
> -	unsigned char val;
> +	size_t size = min(expected_size, actual_size);
> +	size_t rest = max(expected_size, actual_size) - size;
>  	int err;
>  
>  	if (unlikely(actual_size > PAGE_SIZE))	/* silly large */
>  		return -E2BIG;
>  
> -	if (unlikely(!access_ok(uaddr, actual_size)))
> -		return -EFAULT;
> -
>  	if (actual_size <= expected_size)
>  		return 0;
>  
> -	addr = uaddr + expected_size;
> -	end  = uaddr + actual_size;
> +	err = check_zeroed_user(uaddr + expected_size, rest);
> +	if (err < 0)
> +		return err;
>  
> -	for (; addr < end; addr++) {
> -		err = get_user(val, addr);
> -		if (err)
> -			return err;
> -		if (val)
> -			return -E2BIG;
> -	}
> +	if (err)
> +		return -E2BIG;
>  
>  	return 0;
>  }

-- 
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ