| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEf4BzaRNLw9_EnaMo5e46CdEkzbJiVU3j9oxnsemBKjNFf3wQ@mail.gmail.com>
Date: Wed, 16 Feb 2022 13:44:07 -0800
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Jakub Sitnicki <jakub@...udflare.com>,
Ilya Leoshkevich <iii@...ux.ibm.com>
Cc: bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
kernel-team <kernel-team@...udflare.com>,
Yonghong Song <yhs@...com>
Subject: Re: [PATCH bpf-next v2 2/2] selftests/bpf: Cover 4-byte load from
remote_port in bpf_sk_lookup
On Wed, Feb 9, 2022 at 10:43 AM Jakub Sitnicki <jakub@...udflare.com> wrote:
>
> Extend the context access tests for sk_lookup prog to cover the surprising
> case of a 4-byte load from the remote_port field, where the expected value
> is actually shifted by 16 bits.
>
> Acked-by: Yonghong Song <yhs@...com>
> Signed-off-by: Jakub Sitnicki <jakub@...udflare.com>
> ---
> tools/include/uapi/linux/bpf.h | 3 ++-
> tools/testing/selftests/bpf/progs/test_sk_lookup.c | 6 ++++++
> 2 files changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> index a7f0ddedac1f..afe3d0d7f5f2 100644
> --- a/tools/include/uapi/linux/bpf.h
> +++ b/tools/include/uapi/linux/bpf.h
> @@ -6453,7 +6453,8 @@ struct bpf_sk_lookup {
> __u32 protocol; /* IP protocol (IPPROTO_TCP, IPPROTO_UDP) */
> __u32 remote_ip4; /* Network byte order */
> __u32 remote_ip6[4]; /* Network byte order */
> - __u32 remote_port; /* Network byte order */
> + __be16 remote_port; /* Network byte order */
> + __u16 :16; /* Zero padding */
> __u32 local_ip4; /* Network byte order */
> __u32 local_ip6[4]; /* Network byte order */
> __u32 local_port; /* Host byte order */
> diff --git a/tools/testing/selftests/bpf/progs/test_sk_lookup.c b/tools/testing/selftests/bpf/progs/test_sk_lookup.c
> index 83b0aaa52ef7..bf5b7caefdd0 100644
> --- a/tools/testing/selftests/bpf/progs/test_sk_lookup.c
> +++ b/tools/testing/selftests/bpf/progs/test_sk_lookup.c
> @@ -392,6 +392,7 @@ int ctx_narrow_access(struct bpf_sk_lookup *ctx)
> {
> struct bpf_sock *sk;
> int err, family;
> + __u32 val_u32;
> bool v4;
>
> v4 = (ctx->family == AF_INET);
> @@ -418,6 +419,11 @@ int ctx_narrow_access(struct bpf_sk_lookup *ctx)
> if (LSW(ctx->remote_port, 0) != SRC_PORT)
> return SK_DROP;
>
> + /* Load from remote_port field with zero padding (backward compatibility) */
> + val_u32 = *(__u32 *)&ctx->remote_port;
> + if (val_u32 != bpf_htonl(bpf_ntohs(SRC_PORT) << 16))
> + return SK_DROP;
> +
Jakub, can you please double check that your patch set doesn't break
big-endian architectures? I've noticed that our s390x test runner is
now failing in the sk_lookup selftest. See [0]. Also CC'ing Ilya.
[0] https://github.com/libbpf/libbpf/runs/5220996832?check_suite_focus=true
> /* Narrow loads from local_port field. Expect DST_PORT. */
> if (LSB(ctx->local_port, 0) != ((DST_PORT >> 0) & 0xff) ||
> LSB(ctx->local_port, 1) != ((DST_PORT >> 8) & 0xff) ||
> --
> 2.31.1
>
Powered by blists - more mailing lists