From: Daniel Borkmann <daniel@iogearbox.net>
To: ast@kernel.org
Cc: netdev@vger.kernel.org, Daniel Borkmann <daniel@iogearbox.net>
Subject: [PATCH bpf-next 07/11] bpf: make sure to clear unused fields in tunnel/xfrm state fetch
Date: Mon, 28 May 2018 02:43:40 +0200 [thread overview]
Message-ID: <20180528004344.3606-8-daniel@iogearbox.net> (raw)
In-Reply-To: <20180528004344.3606-1-daniel@iogearbox.net>
Since the remaining bits are not filled in struct bpf_tunnel_key
resp. struct bpf_xfrm_state and originate from uninitialized stack
space, we should make sure to clear them before handing control
back to the program.
Also add a padding element to struct bpf_xfrm_state for future use
similar as we have in struct bpf_tunnel_key and clear it as well.
struct bpf_xfrm_state {
__u32 reqid; /* 0 4 */
__u32 spi; /* 4 4 */
__u16 family; /* 8 2 */
/* XXX 2 bytes hole, try to pack */
union {
__u32 remote_ipv4; /* 4 */
__u32 remote_ipv6[4]; /* 16 */
}; /* 12 16 */
/* size: 28, cachelines: 1, members: 4 */
/* sum members: 26, holes: 1, sum holes: 2 */
/* last cacheline: 28 bytes */
};
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
---
include/uapi/linux/bpf.h | 3 ++-
net/core/filter.c | 6 ++++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index e2853aa..7108711 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -2214,7 +2214,7 @@ struct bpf_tunnel_key {
};
__u8 tunnel_tos;
__u8 tunnel_ttl;
- __u16 tunnel_ext;
+ __u16 tunnel_ext; /* Padding, future use. */
__u32 tunnel_label;
};
@@ -2225,6 +2225,7 @@ struct bpf_xfrm_state {
__u32 reqid;
__u32 spi; /* Stored in network byte order */
__u16 family;
+ __u16 ext; /* Padding, future use. */
union {
__u32 remote_ipv4; /* Stored in network byte order */
__u32 remote_ipv6[4]; /* Stored in network byte order */
diff --git a/net/core/filter.c b/net/core/filter.c
index 717c740..5ceb5e6 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3445,6 +3445,7 @@ BPF_CALL_4(bpf_skb_get_tunnel_key, struct sk_buff *, skb, struct bpf_tunnel_key
to->tunnel_id = be64_to_cpu(info->key.tun_id);
to->tunnel_tos = info->key.tos;
to->tunnel_ttl = info->key.ttl;
+ to->tunnel_ext = 0;
if (flags & BPF_F_TUNINFO_IPV6) {
memcpy(to->remote_ipv6, &info->key.u.ipv6.src,
@@ -3452,6 +3453,8 @@ BPF_CALL_4(bpf_skb_get_tunnel_key, struct sk_buff *, skb, struct bpf_tunnel_key
to->tunnel_label = be32_to_cpu(info->key.label);
} else {
to->remote_ipv4 = be32_to_cpu(info->key.u.ipv4.src);
+ memset(&to->remote_ipv6[1], 0, sizeof(__u32) * 3);
+ to->tunnel_label = 0;
}
if (unlikely(size != sizeof(struct bpf_tunnel_key)))
@@ -4047,11 +4050,14 @@ BPF_CALL_5(bpf_skb_get_xfrm_state, struct sk_buff *, skb, u32, index,
to->reqid = x->props.reqid;
to->spi = x->id.spi;
to->family = x->props.family;
+ to->ext = 0;
+
if (to->family == AF_INET6) {
memcpy(to->remote_ipv6, x->props.saddr.a6,
sizeof(to->remote_ipv6));
} else {
to->remote_ipv4 = x->props.saddr.a4;
+ memset(&to->remote_ipv6[1], 0, sizeof(__u32) * 3);
}
return 0;
--
2.9.5
next prev parent reply other threads:[~2018-05-28 0:44 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-28 0:43 [PATCH bpf-next 00/11] Misc BPF improvements Daniel Borkmann
2018-05-28 0:43 ` [PATCH bpf-next 01/11] bpf: test case for map pointer poison with calls/branches Daniel Borkmann
2018-05-29 18:01 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 02/11] bpf: add also cbpf long jump test cases with heavy expansion Daniel Borkmann
2018-05-29 18:09 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 03/11] bpf: fixup error message from gpl helpers on license mismatch Daniel Borkmann
2018-05-29 17:16 ` Jesper Dangaard Brouer
2018-05-29 18:10 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 04/11] bpf: show prog and map id in fdinfo Daniel Borkmann
2018-05-29 17:27 ` Jesper Dangaard Brouer
2018-05-29 19:55 ` Daniel Borkmann
2018-05-30 16:15 ` Song Liu
2018-05-30 17:15 ` Jesper Dangaard Brouer
2018-05-28 0:43 ` [PATCH bpf-next 05/11] bpf: avoid retpoline for lookup/update/delete calls on maps Daniel Borkmann
2018-05-29 17:23 ` Jesper Dangaard Brouer
2018-05-30 17:06 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 06/11] bpf: add bpf_skb_cgroup_id helper Daniel Borkmann
2018-05-29 12:15 ` Quentin Monnet
2018-05-29 15:43 ` Daniel Borkmann
2018-05-28 0:43 ` Daniel Borkmann [this message]
2018-05-30 17:15 ` [PATCH bpf-next 07/11] bpf: make sure to clear unused fields in tunnel/xfrm state fetch Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 08/11] bpf: fix cbpf parser bug for octal numbers Daniel Borkmann
2018-05-30 17:16 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 09/11] bpf: fix context access in tracing progs on 32 bit archs Daniel Borkmann
2018-05-30 16:46 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 10/11] bpf: sync bpf uapi header with tools Daniel Borkmann
2018-05-30 16:10 ` Song Liu
2018-05-28 0:43 ` [PATCH bpf-next 11/11] bpf, doc: add missing patchwork url and libbpf to maintainers Daniel Borkmann
2018-05-30 0:16 ` Song Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180528004344.3606-8-daniel@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=ast@kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.