lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 23 Jan 2020 10:06:32 -0800
From:   Luigi Rizzo <lrizzo@...gle.com>
To:     Toke Høiland-Jørgensen <toke@...hat.com>
Cc:     Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
        Jesper Dangaard Brouer <hawk@...nel.org>,
        "David S. Miller" <davem@...emloft.net>, sameehj@...zon.com
Subject: Re: [PATCH] net-xdp: netdev attribute to control xdpgeneric skb linearization

On Thu, Jan 23, 2020 at 10:01 AM Toke Høiland-Jørgensen <toke@...hat.com> wrote:
>
> Luigi Rizzo <lrizzo@...gle.com> writes:
>
> > On Thu, Jan 23, 2020 at 8:14 AM Toke Høiland-Jørgensen <toke@...hat.com> wrote:
> >>
> >> Daniel Borkmann <daniel@...earbox.net> writes:
> >>
> >> > On 1/23/20 10:53 AM, Toke Høiland-Jørgensen wrote:
> >> >> Luigi Rizzo <lrizzo@...gle.com> writes:
> >> >>
> >> >>> Add a netdevice flag to control skb linearization in generic xdp mode.
> >> >>> Among the various mechanism to control the flag, the sysfs
> >> >>> interface seems sufficiently simple and self-contained.
> >> >>> The attribute can be modified through
> >> >>>     /sys/class/net/<DEVICE>/xdp_linearize
> >> >>> The default is 1 (on)
> >> >
> >> > Needs documentation in Documentation/ABI/testing/sysfs-class-net.
> >> >
> >> >> Erm, won't turning off linearization break the XDP program's ability to
> >> >> do direct packet access?
> >> >
> >> > Yes, in the worst case you only have eth header pulled into linear
> >> > section. :/
> >>
> >> In which case an eBPF program could read/write out of bounds since the
> >> verifier only verifies checks against xdp->data_end. Right?
> >
> > Why out of bounds? Without linearization we construct xdp_buff as follows:
> >
> > mac_len = skb->data - skb_mac_header(skb);
> > hlen = skb_headlen(skb) + mac_len;
> > xdp->data = skb->data - mac_len;
> > xdp->data_end = xdp->data + hlen;
> > xdp->data_hard_start = skb->data - skb_headroom(skb);
> >
> > so we shouldn't go out of bounds.
>
> Hmm, right, as long as it's guaranteed that the bit up to hlen is
> already linear; is it? :)

honest question: that would be skb->len - skb->data_len, isn't that
the linear part by definition ?

cheers
luigi
>
> -Toke
>

Powered by blists - more mailing lists