lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <65744a70c11106a54ca2df212a9fd264e4340e2c.camel@gmail.com>
Date: Tue, 22 Jul 2025 12:10:21 -0700
From: Eduard Zingerman <eddyz87@...il.com>
To: Jakub Sitnicki <jakub@...udflare.com>, bpf@...r.kernel.org
Cc: Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko
 <andrii@...nel.org>,  Arthur Fabre <arthur@...hurfabre.com>, Daniel
 Borkmann <daniel@...earbox.net>, Eric Dumazet	 <edumazet@...gle.com>, Jakub
 Kicinski <kuba@...nel.org>, Jesper Dangaard Brouer	 <hawk@...nel.org>,
 Jesse Brandeburg <jbrandeburg@...udflare.com>, Joanne Koong	
 <joannelkoong@...il.com>, Lorenzo Bianconi <lorenzo@...nel.org>, Martin
 KaFai Lau <martin.lau@...ux.dev>, Toke
 Høiland-Jørgensen <thoiland@...hat.com>,  Yan Zhai
 <yan@...udflare.com>, kernel-team@...udflare.com, netdev@...r.kernel.org,
 Stanislav Fomichev	 <sdf@...ichev.me>
Subject: Re: [PATCH bpf-next v3 01/10] bpf: Add dynptr type for skb metadata

On Tue, 2025-07-22 at 11:46 -0700, Eduard Zingerman wrote:

[...]

> > @@ -2274,7 +2278,8 @@ static bool reg_is_pkt_pointer_any(const struct bpf_reg_state *reg)
> >  static bool reg_is_dynptr_slice_pkt(const struct bpf_reg_state *reg)
> >  {
> >  	return base_type(reg->type) == PTR_TO_MEM &&
> > -		(reg->type & DYNPTR_TYPE_SKB || reg->type & DYNPTR_TYPE_XDP);
> > +	       (reg->type &
> > +		(DYNPTR_TYPE_SKB | DYNPTR_TYPE_XDP | DYNPTR_TYPE_SKB_META));
> >  }
> 
> Note: This function is used to identify pointers to packet data that
>       might be stale after call to one of the functions in list [1].
>       Once such pointers are identified, verifier would disallow
>       access through these pointers.
>       dynptr_from_skb_meta() is implemented as:
> 
>         bpf_dynptr_init(ptr, skb, BPF_DYNPTR_TYPE_SKB_META, 0, skb_metadata_len(skb));
> 
>       here any read or write goes through skb object, not a pointer derived from it.
>       Given above, is it still necessary to list DYNPTR_FROM_SKB_META here?
>       Or some functions from [1] can change skb_metadata_len(skb)?
> 
> [1] https://elixir.bootlin.com/linux/v6.15.7/source/net/core/filter.c#L7989

Nevermind, it is necessary, otherwise your tests skb_meta_invalid_data_slice*
would be accepted. Sorry for the noise.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ