lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <960b5e26-e97d-2b1a-4628-df8525c0728b@linux.ibm.com>
Date:   Fri, 25 Jun 2021 11:52:24 +0530
From:   Ravi Bangoria <ravi.bangoria@...ux.ibm.com>
To:     Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        David Ahern <dsahern@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        X86 ML <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Network Development <netdev@...r.kernel.org>,
        bpf <bpf@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>,
        "Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com>,
        Ravi Bangoria <ravi.bangoria@...ux.ibm.com>
Subject: Re: [PATCH] x86 bpf: Fix extable offset calculation



On 6/25/21 9:31 AM, Alexei Starovoitov wrote:
> On Tue, Jun 22, 2021 at 4:01 AM Ravi Bangoria
> <ravi.bangoria@...ux.ibm.com> wrote:
>>
>> commit 4c5de127598e1 ("bpf: Emit explicit NULL pointer checks
>> for PROBE_LDX instructions.") is emitting couple of instructions
>> before actual load. Consider those additional instructions while
>> calculating extable offset.
>>
>> Fixes: 4c5de127598e1 ("bpf: Emit explicit NULL pointer checks for PROBE_LDX instructions.")
>> Signed-off-by: Ravi Bangoria <ravi.bangoria@...ux.ibm.com>
>> ---
>>   arch/x86/net/bpf_jit_comp.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
>> index 2a2e290fa5d8..231a8178cc11 100644
>> --- a/arch/x86/net/bpf_jit_comp.c
>> +++ b/arch/x86/net/bpf_jit_comp.c
>> @@ -1297,7 +1297,7 @@ st:                       if (is_imm8(insn->off))
>>                          emit_ldx(&prog, BPF_SIZE(insn->code), dst_reg, src_reg, insn->off);
>>                          if (BPF_MODE(insn->code) == BPF_PROBE_MEM) {
>>                                  struct exception_table_entry *ex;
>> -                               u8 *_insn = image + proglen;
>> +                               u8 *_insn = image + proglen + (u8)(start_of_ldx - temp);
> 
> Great debugging and the fix. Thanks a lot.
> I've dropped (u8) cast, kept (), and applied to bpf tree.
> I think it looks cleaner without that cast.

Thanks.

> Could you send a followup patch with a selftest, so I don't make
> the same mistake again ? ;)

Unfortunately extable gets involved only for bad kernel pointers and
ideally there should not be any bad pointer in kernel. So there is no
easy way to create a proper selftest for this.

Ravi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ