From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Borkmann Subject: Re: [net-next PATCH] bpf: reserve xdp_frame size in xdp headroom Date: Thu, 19 Apr 2018 17:55:20 +0200 Message-ID: References: <152414743253.1777.13128952001748907524.stgit@firesoul> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org To: Jesper Dangaard Brouer , Daniel Borkmann , Alexei Starovoitov Return-path: Received: from www62.your-server.de ([213.133.104.62]:59737 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753369AbeDSPzW (ORCPT ); Thu, 19 Apr 2018 11:55:22 -0400 In-Reply-To: <152414743253.1777.13128952001748907524.stgit@firesoul> Content-Language: en-US Sender: netdev-owner@vger.kernel.org List-ID: On 04/19/2018 04:17 PM, Jesper Dangaard Brouer wrote: > Commit 6dfb970d3dbd ("xdp: avoid leaking info stored in frame data on > page reuse") tried to allow user/bpf_prog to (re)use area used by > xdp_frame (stored in frame headroom), by memset clearing area when > bpf_xdp_adjust_head give bpf_prog access to headroom area. > > The mentioned commit had two bugs. (1) Didn't take bpf_xdp_adjust_meta > into account. (2) a combination of bpf_xdp_adjust_head calls, where > xdp->data is moved into xdp_frame section, can cause clearing > xdp_frame area again for area previously granted to bpf_prog. > > After discussions with Daniel, we choose to implement a simpler > solution to the problem, which is to reserve the headroom used by > xdp_frame info. > > This also avoids the situation where bpf_prog is allowed to adjust/add > headers, and then XDP_REDIRECT later drops the packet due to lack of > headroom for the xdp_frame. This would likely confuse the end-user. > > Fixes: 6dfb970d3dbd ("xdp: avoid leaking info stored in frame data on page reuse") > Signed-off-by: Jesper Dangaard Brouer Applied to bpf-next, thanks Jesper!