lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Apr 2020 22:26:54 -0700 From: John Fastabend <john.fastabend@...il.com> To: Jesper Dangaard Brouer <brouer@...hat.com>, sameehj@...zon.com Cc: Jesper Dangaard Brouer <brouer@...hat.com>, netdev@...r.kernel.org, bpf@...r.kernel.org, zorik@...zon.com, akiyano@...zon.com, gtzalik@...zon.com, Toke Høiland-Jørgensen <toke@...hat.com>, Daniel Borkmann <borkmann@...earbox.net>, Alexei Starovoitov <alexei.starovoitov@...il.com>, John Fastabend <john.fastabend@...il.com>, Alexander Duyck <alexander.duyck@...il.com>, Jeff Kirsher <jeffrey.t.kirsher@...el.com>, David Ahern <dsahern@...il.com>, Willem de Bruijn <willemdebruijn.kernel@...il.com>, Ilias Apalodimas <ilias.apalodimas@...aro.org>, Lorenzo Bianconi <lorenzo@...nel.org>, Saeed Mahameed <saeedm@...lanox.com>, steffen.klassert@...unet.com Subject: RE: [PATCH net-next 30/33] xdp: clear grow memory in bpf_xdp_adjust_tail() Jesper Dangaard Brouer wrote: > Clearing memory of tail when grow happens, because it is too easy > to write a XDP_PASS program that extend the tail, which expose > this memory to users that can run tcpdump. > > Signed-off-by: Jesper Dangaard Brouer <brouer@...hat.com> > --- Hi Jesper, Thanks for the series any idea what the cost of doing this is? If you have some data I would be curious to know a baseline measurment, a grow with memset, then a grow with memset. I'm guess this can be relatively expensive? > net/core/filter.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/net/core/filter.c b/net/core/filter.c > index 5e9c387f74eb..889d96a690c2 100644 > --- a/net/core/filter.c > +++ b/net/core/filter.c > @@ -3442,6 +3442,10 @@ BPF_CALL_2(bpf_xdp_adjust_tail, struct xdp_buff *, xdp, int, offset) > if (unlikely(data_end < xdp->data + ETH_HLEN)) > return -EINVAL; > > + /* Clear memory area on grow, can contain uninit kernel memory */ > + if (offset > 0) > + memset(xdp->data_end, 0, offset); > + > xdp->data_end = data_end; > > return 0; > >
Powered by blists - more mailing lists