lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 7 Nov 2019 17:22:47 +0000
From:   Martin Lau <kafai@...com>
To:     Andrii Nakryiko <andrii.nakryiko@...il.com>
CC:     bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>,
        "Alexei Starovoitov" <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        "David Miller" <davem@...emloft.net>,
        Kernel Team <Kernel-team@...com>
Subject: Re: [PATCH v3 bpf-next 2/3] bpf: Add array support to
 btf_struct_access

On Wed, Nov 06, 2019 at 06:41:15PM -0800, Andrii Nakryiko wrote:
> On Wed, Nov 6, 2019 at 5:49 PM Martin KaFai Lau <kafai@...com> wrote:
> >
> > This patch adds array support to btf_struct_access().
> > It supports array of int, array of struct and multidimensional
> > array.
> >
> > It also allows using u8[] as a scratch space.  For example,
> > it allows access the "char cb[48]" with size larger than
> > the array's element "char".  Another potential use case is
> > "u64 icsk_ca_priv[]" in the tcp congestion control.
> >
> > btf_resolve_size() is added to resolve the size of any type.
> > It will follow the modifier if there is any.  Please
> > see the function comment for details.
> >
> > This patch also adds the "off < moff" check at the beginning
> > of the for loop.  It is to reject cases when "off" is pointing
> > to a "hole" in a struct.
> >
> > Signed-off-by: Martin KaFai Lau <kafai@...com>
> > ---
> 
> Looks good, just two small nits.
> 
> Acked-by: Andrii Nakryiko <andriin@...com>
> 
> >  kernel/bpf/btf.c | 187 +++++++++++++++++++++++++++++++++++++++--------
> >  1 file changed, 157 insertions(+), 30 deletions(-)
> >
> > diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> > index 128d89601d73..5c4b6aa7b9f0 100644
> > --- a/kernel/bpf/btf.c
> > +++ b/kernel/bpf/btf.c
> > @@ -1036,6 +1036,82 @@ static const struct resolve_vertex *env_stack_peak(struct btf_verifier_env *env)
> >         return env->top_stack ? &env->stack[env->top_stack - 1] : NULL;
> >  }
> >
> 
> [...]
> 
> > -               if (off + size <= moff / 8)
> > -                       /* won't find anything, field is already too far */
> > +               /* offset of the field in bytes */
> > +               moff = btf_member_bit_offset(t, member) / 8;
> > +               if (off + size <= moff)
> 
> you dropped useful comment :(
good catch. will undo.

> 
> >                         break;
> > +               /* In case of "off" is pointing to holes of a struct */
> > +               if (off < moff)
> > +                       continue;
> >
> 
> [...]
> 
> > +
> > +               mtrue_end = moff + msize;
> 
> nit: there is no other _end, so might be just mend (in line with moff)
I prefer to keep it.  For array, this _end is not the end of mtype.
The intention is to distinguish it from the mtype/msize convention
such that it is the true_end of the current struct's member.  I will
add some comments to clarify.

> 
> > +               if (off >= mtrue_end)
> >                         /* no overlap with member, keep iterating */
> >                         continue;
> > +
> 
> [...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ