| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 May 2020 13:02:14 -0700
From: John Fastabend <john.fastabend@...il.com>
To: ast@...nel.org, daniel@...earbox.net
Cc: netdev@...r.kernel.org, bpf@...r.kernel.org,
john.fastabend@...il.com
Subject: [bpf-next PATCH 0/4] verifier, improve ptr is_branch_taken logic
Verifier logic to track pointer is_branch_taken logic to prune paths
that can not be taken. For many types we track if the pointer is null
or not. We can then use this information when calculating if branches
are taken when jump is comparing if pointer is null or not.
First patch is the verifier logic, patches 2/3 are tests for sock
pointers and map values. The final patch adds a printk to one of
the C test cases where the issue was initially reported. Feel free
to drop this if we think its overkill. OTOH it keeps a nice test
of a pattern folks might actually try and also doesn't add much in
the way of test overhead.
---
John Fastabend (4):
bpf: verifier track null pointer branch_taken with JNE and JEQ
bpf: selftests, verifier case for non null pointer check branch taken
bpf: selftests, verifier case for non null pointer map value branch
bpf: selftests, add printk to test_sk_lookup_kern to encode null ptr check
.../selftests/bpf/progs/test_sk_lookup_kern.c | 1 +
.../testing/selftests/bpf/verifier/ref_tracking.c | 16 ++++++++++++++++
.../testing/selftests/bpf/verifier/value_or_null.c | 19 +++++++++++++++++++
3 files changed, 36 insertions(+)
--
Signature
Powered by blists - more mailing lists