lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200512155236.1080458-1-yhs@fb.com>
Date:   Tue, 12 May 2020 08:52:36 -0700
From:   Yonghong Song <yhs@...com>
To:     Andrii Nakryiko <andriin@...com>, <bpf@...r.kernel.org>,
        Martin KaFai Lau <kafai@...com>, <netdev@...r.kernel.org>
CC:     Alexei Starovoitov <ast@...com>,
        Daniel Borkmann <daniel@...earbox.net>, <kernel-team@...com>,
        Alexei Starovoitov <ast@...nel.org>
Subject: [PATCH bpf-next 4/8] bpf: add WARN_ONCE if bpf_seq_read show() return a positive number

In seq_read() implementation, a positive integer return value
of seq_ops->show() indicates that the current object seq_file
buffer is discarded and next object should be checked.
bpf_seq_read() implemented in a similar way if show()
returns a positive integer value.

But for bpf_seq_read(), show() didn't return positive integer for
all currently supported targets. Let us add a WARN_ONCE for
such cases so we can get an alert when things are changed.

Suggested-by: Alexei Starovoitov <ast@...nel.org>
Signed-off-by: Yonghong Song <yhs@...com>
---
 kernel/bpf/bpf_iter.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/bpf/bpf_iter.c b/kernel/bpf/bpf_iter.c
index 0a45a6cdfabd..b0c8b3bdf3b0 100644
--- a/kernel/bpf/bpf_iter.c
+++ b/kernel/bpf/bpf_iter.c
@@ -120,6 +120,7 @@ static ssize_t bpf_seq_read(struct file *file, char __user *buf, size_t size,
 
 	err = seq->op->show(seq, p);
 	if (err > 0) {
+		WARN_ONCE(1, "seq_ops->show() returns %d\n", err);
 		/* object is skipped, decrease seq_num, so next
 		 * valid object can reuse the same seq_num.
 		 */
@@ -156,6 +157,7 @@ static ssize_t bpf_seq_read(struct file *file, char __user *buf, size_t size,
 
 		err = seq->op->show(seq, p);
 		if (err > 0) {
+			WARN_ONCE(1, "seq_ops->show() returns %d\n", err);
 			bpf_iter_dec_seq_num(seq);
 			seq->count = offs;
 		} else if (err < 0 || seq_has_overflowed(seq)) {
-- 
2.24.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ