lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 16 Feb 2022 13:44:07 -0800
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Jakub Sitnicki <jakub@...udflare.com>,
        Ilya Leoshkevich <iii@...ux.ibm.com>
Cc:     bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        kernel-team <kernel-team@...udflare.com>,
        Yonghong Song <yhs@...com>
Subject: Re: [PATCH bpf-next v2 2/2] selftests/bpf: Cover 4-byte load from
 remote_port in bpf_sk_lookup

On Wed, Feb 9, 2022 at 10:43 AM Jakub Sitnicki <jakub@...udflare.com> wrote:
>
> Extend the context access tests for sk_lookup prog to cover the surprising
> case of a 4-byte load from the remote_port field, where the expected value
> is actually shifted by 16 bits.
>
> Acked-by: Yonghong Song <yhs@...com>
> Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>
> ---
>  tools/include/uapi/linux/bpf.h                     | 3 ++-
>  tools/testing/selftests/bpf/progs/test_sk_lookup.c | 6 ++++++
>  2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> index a7f0ddedac1f..afe3d0d7f5f2 100644
> --- a/tools/include/uapi/linux/bpf.h
> +++ b/tools/include/uapi/linux/bpf.h
> @@ -6453,7 +6453,8 @@ struct bpf_sk_lookup {
>         __u32 protocol;         /* IP protocol (IPPROTO_TCP, IPPROTO_UDP) */
>         __u32 remote_ip4;       /* Network byte order */
>         __u32 remote_ip6[4];    /* Network byte order */
> -       __u32 remote_port;      /* Network byte order */
> +       __be16 remote_port;     /* Network byte order */
> +       __u16 :16;              /* Zero padding */
>         __u32 local_ip4;        /* Network byte order */
>         __u32 local_ip6[4];     /* Network byte order */
>         __u32 local_port;       /* Host byte order */
> diff --git a/tools/testing/selftests/bpf/progs/test_sk_lookup.c b/tools/testing/selftests/bpf/progs/test_sk_lookup.c
> index 83b0aaa52ef7..bf5b7caefdd0 100644
> --- a/tools/testing/selftests/bpf/progs/test_sk_lookup.c
> +++ b/tools/testing/selftests/bpf/progs/test_sk_lookup.c
> @@ -392,6 +392,7 @@ int ctx_narrow_access(struct bpf_sk_lookup *ctx)
>  {
>         struct bpf_sock *sk;
>         int err, family;
> +       __u32 val_u32;
>         bool v4;
>
>         v4 = (ctx->family == AF_INET);
> @@ -418,6 +419,11 @@ int ctx_narrow_access(struct bpf_sk_lookup *ctx)
>         if (LSW(ctx->remote_port, 0) != SRC_PORT)
>                 return SK_DROP;
>
> +       /* Load from remote_port field with zero padding (backward compatibility) */
> +       val_u32 = *(__u32 *)&ctx->remote_port;
> +       if (val_u32 != bpf_htonl(bpf_ntohs(SRC_PORT) << 16))
> +               return SK_DROP;
> +

Jakub, can you please double check that your patch set doesn't break
big-endian architectures? I've noticed that our s390x test runner is
now failing in the sk_lookup selftest. See [0]. Also CC'ing Ilya.

  [0] https://github.com/libbpf/libbpf/runs/5220996832?check_suite_focus=true

>         /* Narrow loads from local_port field. Expect DST_PORT. */
>         if (LSB(ctx->local_port, 0) != ((DST_PORT >> 0) & 0xff) ||
>             LSB(ctx->local_port, 1) != ((DST_PORT >> 8) & 0xff) ||
> --
> 2.31.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ