From patchwork Thu Apr 4 06:22:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Ignatov X-Patchwork-Id: 1076852 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=fb.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=fb.com header.i=@fb.com header.b="eTVTqMy+"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44ZXv71zWZz9sQr for ; Thu, 4 Apr 2019 17:23:14 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726427AbfDDGXN (ORCPT ); Thu, 4 Apr 2019 02:23:13 -0400 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:44670 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726031AbfDDGXM (ORCPT ); Thu, 4 Apr 2019 02:23:12 -0400 Received: from pps.filterd (m0044008.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x346JVKl027903 for ; Wed, 3 Apr 2019 23:23:11 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : mime-version : content-type; s=facebook; bh=IZ/XXsWOakZ9uEWEry8L1JisEekTL3OeLr4MJdqrlt4=; b=eTVTqMy+pe0xE3PFvd+EPm+2okXLcHzxEKAC8xsT4CegUT7sJ90MfoLL7KoJMdfwH/8l ILoaD3cD3jShjuu3riX5TF/4c8tKDqF9aIQEvDOYVsTIYuWU/vBmPj9OcZ/8bV/L+0V+ +vsZ/6rxOmkvWsaApHHC8EsQvX8bZytVPNI= Received: from maileast.thefacebook.com ([199.201.65.23]) by mx0a-00082601.pphosted.com with ESMTP id 2rn4ycs8yg-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Wed, 03 Apr 2019 23:23:11 -0700 Received: from mx-out.facebook.com (2620:10d:c0a1:3::13) by mail.thefacebook.com (2620:10d:c021:18::171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) id 15.1.1713.5; Wed, 3 Apr 2019 23:23:10 -0700 Received: by dev082.prn2.facebook.com (Postfix, from userid 572249) id B6A943702EB4; Wed, 3 Apr 2019 23:23:08 -0700 (PDT) Smtp-Origin-Hostprefix: dev From: Andrey Ignatov Smtp-Origin-Hostname: dev082.prn2.facebook.com To: CC: Andrey Ignatov , , , Smtp-Origin-Cluster: prn2c23 Subject: [PATCH v3 bpf-next 0/7] bpf: Fix indirect var_off stack access support Date: Wed, 3 Apr 2019 23:22:36 -0700 Message-ID: X-Mailer: git-send-email 2.17.1 X-FB-Internal: Safe MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-04-04_03:, , signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org v2->v3: - sanity check max value for variable offset. v1->v2: - rely on meta = NULL to reject var_off stack access to uninit buffer. This patch set is a follow-up for discussion [1]. It fixes variable offset stack access handling for raw and unprivileged mode, rejecting both of them, and sanity checks max variable offset value. Patch 1 handles raw (uninitialized) mode. Patch 2 adds test for raw mode. Patch 3 handles unprivileged mode. Patch 4 adds test for unprivileged mode. Patch 5 adds sanity check for max value of variable offset. Patch 6 adds test for variable offset max value checking. Patch 7 is a minor fix in verbose log. Unprivileged mode is an interesting case since one (and only?) way to come up with variable offset is to use pointer arithmetics. Though pointer arithmetics is already prohibited for unprivileged mode. I'm not sure if it's enough though and it seems like a good idea to still reject variable offset for unpriv in check_stack_boundary(). Please see patches 3 and 4 for more details on this. [1] https://marc.info/?l=linux-netdev&m=155419526427742&w=2 Andrey Ignatov (7): bpf: Reject indirect var_off stack access in raw mode selftests/bpf: Test indirect var_off stack access in raw mode bpf: Reject indirect var_off stack access in unpriv mode selftests/bpf: Test indirect var_off stack access in unpriv mode bpf: Sanity check max value for var_off stack access selftests/bpf: Test unbounded var_off stack access bpf: Add missed newline in verifier verbose log kernel/bpf/verifier.c | 45 ++++++- .../testing/selftests/bpf/verifier/var_off.c | 111 +++++++++++++++++- 2 files changed, 150 insertions(+), 6 deletions(-)