From patchwork Fri Jul 15 23:28:57 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brenden Blanco X-Patchwork-Id: 649048 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3rrphD5y2bz9sCZ for ; Sat, 16 Jul 2016 09:30:04 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=plumgrid-com.20150623.gappssmtp.com header.i=@plumgrid-com.20150623.gappssmtp.com header.b=lsQpXMFw; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751930AbcGOXaB (ORCPT ); Fri, 15 Jul 2016 19:30:01 -0400 Received: from mail-pa0-f48.google.com ([209.85.220.48]:34696 "EHLO mail-pa0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751824AbcGOX3j (ORCPT ); Fri, 15 Jul 2016 19:29:39 -0400 Received: by mail-pa0-f48.google.com with SMTP id fi15so43120660pac.1 for ; Fri, 15 Jul 2016 16:29:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=plumgrid-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=eYSkl39t0/QT9KUXsxpay7o6x7XyLvYCY4Vw63/La40=; b=lsQpXMFwehvGLpVCCsPU/V5d/GT8GKf+BZwgo/rEYqYaVymPpX1SfG2OS8gVB0Nols tglg/hyIa9VdYD6W9whf67LiAu1ypvPIxCjh6+gBpURYTbLBEY0Kq8/qmQ+/VzKuqWIp 3BNYwmG/5dfFiIDQ1K8efH+kMcX7ZxTspBwCyrBjP6y4TaMLboX98avVwKYAvAQXqaed CjF/8l3XQMJ2NVtzqW6rcFNPSxi4uo9vVI8oqf66QhPgYkz+HgF4Fho+vzAZJmWFtN+r CTyxB5uf+PPV/Kc7/jyLxSImKH9YK44WoXUYug9ipjW8CpAPgrhJ2ju2wnYVQgsZ+/S3 XpuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=eYSkl39t0/QT9KUXsxpay7o6x7XyLvYCY4Vw63/La40=; b=W/mp+5mp93lwPeN0bkGLJag8o/kO96e4e5E+X0qK6E0bFd0ra2HI4RlrIfUcvxbpM9 y5k+OjOIx2GijmAh2+j+UeEq52hT+PlgFpFBHrs1YZrQAucojdmUTiXlM33DrwGUyjaT 706sVeTQvIVeLRiujZAum/9WH3OCEEmLqaH5TQIvlMvp7PMOCqj439hidVdh9CCfvLWt h+TJnyrv7/LEs6paZW2Fi8sX9D0g0AtWKwZcSHU+DaJ2X67SYcd2LXfcZbd2z6cBZW9m jKfRfiv+S/cJwnUI7LLqOc2N/ULs+e49VeGkAikKKxcdkOEBrYqH+PNhcCpeklyy9e9h UsDg== X-Gm-Message-State: ALyK8tLVdLK3yqd0vDaI8IcPeZF8gwMZgiQXD3cduWUZL8J3iCg99f3flqVBEG8vqDosHlk4 X-Received: by 10.66.132.7 with SMTP id oq7mr35727315pab.26.1468625378790; Fri, 15 Jul 2016 16:29:38 -0700 (PDT) Received: from iovisor-test1.plumgrid.com ([12.97.19.201]) by smtp.gmail.com with ESMTPSA id nd4sm6990993pab.14.2016.07.15.16.29.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 15 Jul 2016 16:29:38 -0700 (PDT) From: Brenden Blanco To: davem@davemloft.net, netdev@vger.kernel.org Cc: Brenden Blanco , Jamal Hadi Salim , Saeed Mahameed , Martin KaFai Lau , Jesper Dangaard Brouer , Ari Saha , Alexei Starovoitov , Or Gerlitz , john.fastabend@gmail.com, hannes@stressinduktion.org, Thomas Graf , Tom Herbert , Daniel Borkmann Subject: [PATCH v9 10/11] bpf: enable direct packet data write for xdp progs Date: Fri, 15 Jul 2016 16:28:57 -0700 Message-Id: <1468625338-32391-11-git-send-email-bblanco@plumgrid.com> X-Mailer: git-send-email 2.8.2 In-Reply-To: <1468625338-32391-1-git-send-email-bblanco@plumgrid.com> References: <1468625338-32391-1-git-send-email-bblanco@plumgrid.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org For forwarding to be effective, XDP programs should be allowed to rewrite packet data. This requires that the drivers supporting XDP must all map the packet memory as TODEVICE or BIDIRECTIONAL before invoking the program. Signed-off-by: Brenden Blanco --- kernel/bpf/verifier.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index a8d67d0..f72f23b 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -653,6 +653,16 @@ static int check_map_access(struct verifier_env *env, u32 regno, int off, #define MAX_PACKET_OFF 0xffff +static bool may_write_pkt_data(enum bpf_prog_type type) +{ + switch (type) { + case BPF_PROG_TYPE_XDP: + return true; + default: + return false; + } +} + static int check_packet_access(struct verifier_env *env, u32 regno, int off, int size) { @@ -806,10 +816,15 @@ static int check_mem_access(struct verifier_env *env, u32 regno, int off, err = check_stack_read(state, off, size, value_regno); } } else if (state->regs[regno].type == PTR_TO_PACKET) { - if (t == BPF_WRITE) { + if (t == BPF_WRITE && !may_write_pkt_data(env->prog->type)) { verbose("cannot write into packet\n"); return -EACCES; } + if (t == BPF_WRITE && value_regno >= 0 && + is_pointer_value(env, value_regno)) { + verbose("R%d leaks addr into packet\n", value_regno); + return -EACCES; + } err = check_packet_access(env, regno, off, size); if (!err && t == BPF_READ && value_regno >= 0) mark_reg_unknown_value(state->regs, value_regno);