lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 16 May 2020 21:02:01 -0700
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     Jesper Dangaard Brouer <brouer@...hat.com>
Cc:     sameehj@...zon.com, Network Development <netdev@...r.kernel.org>,
        bpf <bpf@...r.kernel.org>,
        Toke Høiland-Jørgensen <toke@...hat.com>,
        Daniel Borkmann <borkmann@...earbox.net>,
        "David S. Miller" <davem@...emloft.net>,
        John Fastabend <john.fastabend@...il.com>,
        Alexander Duyck <alexander.duyck@...il.com>,
        Jeff Kirsher <jeffrey.t.kirsher@...el.com>,
        David Ahern <dsahern@...il.com>,
        Ilias Apalodimas <ilias.apalodimas@...aro.org>,
        Lorenzo Bianconi <lorenzo@...nel.org>,
        Saeed Mahameed <saeedm@...lanox.com>,
        Tariq Toukan <tariqt@...lanox.com>,
        Andrii Nakryiko <andriin@...com>
Subject: unstable xdp tests. Was: [PATCH net-next v4 31/33] bpf: add
 xdp.frame_sz in bpf_prog_test_run_xdp().

On Thu, May 14, 2020 at 3:51 AM Jesper Dangaard Brouer
<brouer@...hat.com> wrote:
>
> Update the memory requirements, when adding xdp.frame_sz in BPF test_run
> function bpf_prog_test_run_xdp() which e.g. is used by XDP selftests.
>
> Specifically add the expected reserved tailroom, but also allocated a
> larger memory area to reflect that XDP frames usually comes in this
> format. Limit the provided packet data size to 4096 minus headroom +
> tailroom, as this also reflect a common 3520 bytes MTU limit with XDP.
>
> Note that bpf_test_init already use a memory allocation method that clears
> memory.  Thus, this already guards against leaking uninit kernel memory.
>
> Signed-off-by: Jesper Dangaard Brouer <brouer@...hat.com>
> ---
>  net/bpf/test_run.c |   16 ++++++++++++----
>  1 file changed, 12 insertions(+), 4 deletions(-)
>
> diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
> index 29dbdd4c29f6..30ba7d38941d 100644
> --- a/net/bpf/test_run.c
> +++ b/net/bpf/test_run.c
> @@ -470,25 +470,34 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
>  int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr,
>                           union bpf_attr __user *uattr)
>  {
> +       u32 tailroom = SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
> +       u32 headroom = XDP_PACKET_HEADROOM;
>         u32 size = kattr->test.data_size_in;
>         u32 repeat = kattr->test.repeat;
>         struct netdev_rx_queue *rxqueue;
>         struct xdp_buff xdp = {};
>         u32 retval, duration;
> +       u32 max_data_sz;
>         void *data;
>         int ret;
>
>         if (kattr->test.ctx_in || kattr->test.ctx_out)
>                 return -EINVAL;
>
> -       data = bpf_test_init(kattr, size, XDP_PACKET_HEADROOM + NET_IP_ALIGN, 0);
> +       /* XDP have extra tailroom as (most) drivers use full page */
> +       max_data_sz = 4096 - headroom - tailroom;
> +       if (size > max_data_sz)
> +               return -EINVAL;
> +
> +       data = bpf_test_init(kattr, max_data_sz, headroom, tailroom);

Hi Jesper,

above is buggy.
max_data_sz is way more than what user space has.
That causes xdp unit tests to fail sporadically with EFAULT.
Like:
./test_progs -t xdp_perf
test_xdp_perf:FAIL:xdp-perf err -1 errno 14 retval 0 size 0
#89 xdp_perf:FAIL

For that test max_data_sz will be 3520 while user space prepared only 128 bytes
and copy_from_user will fault.

Powered by blists - more mailing lists