| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAP01T74Sgn354dXGiFWFryu4vg+o8b9s9La1d9zEbC4LGvH4qg@mail.gmail.com>
Date: Wed, 17 Aug 2022 22:07:20 +0200
From: Kumar Kartikeya Dwivedi <memxor@...il.com>
To: Daniel Xu <dxu@...uu.xyz>
Cc: bpf@...r.kernel.org, ast@...nel.org, daniel@...earbox.net,
andrii@...nel.org, pablo@...filter.org, fw@...len.de,
toke@...nel.org, netfilter-devel@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf-next v2 1/4] bpf: Remove duplicate PTR_TO_BTF_ID RO check
On Wed, 17 Aug 2022 at 20:43, Daniel Xu <dxu@...uu.xyz> wrote:
>
> Since commit 27ae7997a661 ("bpf: Introduce BPF_PROG_TYPE_STRUCT_OPS")
> there has existed bpf_verifier_ops:btf_struct_access. When
> btf_struct_access is _unset_ for a prog type, the verifier runs the
> default implementation, which is to enforce read only:
>
> if (env->ops->btf_struct_access) {
> [...]
> } else {
> if (atype != BPF_READ) {
> verbose(env, "only read is supported\n");
> return -EACCES;
> }
>
> [...]
> }
>
> When btf_struct_access is _set_, the expectation is that
> btf_struct_access has full control over accesses, including if writes
> are allowed.
>
> Rather than carve out an exception for each prog type that may write to
> BTF ptrs, delete the redundant check and give full control to
> btf_struct_access.
>
> Signed-off-by: Daniel Xu <dxu@...uu.xyz>
> ---
Acked-by: Kumar Kartikeya Dwivedi <memxor@...il.com>
Powered by blists - more mailing lists