BPF Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] bpf_prog_offload_info_fill: replace bitwise AND by logical AND
@ 2020-02-12 19:32 Johannes Krude
  2020-02-13  3:38 ` Jakub Kicinski
  2020-02-17 15:56 ` Daniel Borkmann
  0 siblings, 2 replies; 3+ messages in thread
From: Johannes Krude @ 2020-02-12 19:32 UTC (permalink / raw)
  To: bpf, netdev, linux-kernel; +Cc: David S. Miller, Jakub Kicinski, trivial

This if guards whether user-space wants a copy of the offload-jited
bytecode and whether this bytecode exists. By erroneously doing a bitwise
AND instead of a logical AND on user- and kernel-space buffer-size can lead
to no data being copied to user-space especially when user-space size is a
power of two and bigger then the kernel-space buffer.

Signed-off-by: Johannes Krude <johannes@krude.de>
---
 kernel/bpf/offload.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bpf/offload.c b/kernel/bpf/offload.c
index 2c5dc6541..bd09290e3 100644
--- a/kernel/bpf/offload.c
+++ b/kernel/bpf/offload.c
@@ -321,7 +321,7 @@ int bpf_prog_offload_info_fill(struct bpf_prog_info *info,
 
 	ulen = info->jited_prog_len;
 	info->jited_prog_len = aux->offload->jited_len;
-	if (info->jited_prog_len & ulen) {
+	if (info->jited_prog_len && ulen) {
 		uinsns = u64_to_user_ptr(info->jited_prog_insns);
 		ulen = min_t(u32, info->jited_prog_len, ulen);
 		if (copy_to_user(uinsns, aux->offload->jited_image, ulen)) {
-- 
2.24.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] bpf_prog_offload_info_fill: replace bitwise AND by logical AND
  2020-02-12 19:32 [PATCH] bpf_prog_offload_info_fill: replace bitwise AND by logical AND Johannes Krude
@ 2020-02-13  3:38 ` Jakub Kicinski
  2020-02-17 15:56 ` Daniel Borkmann
  1 sibling, 0 replies; 3+ messages in thread
From: Jakub Kicinski @ 2020-02-13  3:38 UTC (permalink / raw)
  To: Johannes Krude; +Cc: bpf, netdev, linux-kernel, David S. Miller, trivial

On Wed, 12 Feb 2020 20:32:27 +0100, Johannes Krude wrote:
> This if guards whether user-space wants a copy of the offload-jited
> bytecode and whether this bytecode exists. By erroneously doing a bitwise
> AND instead of a logical AND on user- and kernel-space buffer-size can lead
> to no data being copied to user-space especially when user-space size is a
> power of two and bigger then the kernel-space buffer.
> 
> Signed-off-by: Johannes Krude <johannes@krude.de>

Thank you for the fix, in the future please provide a Fixes tag and
include the tree name in the PATCH tag, e.g. [PATCH bpf], or [PATCH net]
etc.

Fixes: fcfb126defda ("bpf: add new jited info fields in bpf_dev_offload and bpf_prog_info")

Acked-by: Jakub Kicinski <kuba@kernel.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] bpf_prog_offload_info_fill: replace bitwise AND by logical AND
  2020-02-12 19:32 [PATCH] bpf_prog_offload_info_fill: replace bitwise AND by logical AND Johannes Krude
  2020-02-13  3:38 ` Jakub Kicinski
@ 2020-02-17 15:56 ` Daniel Borkmann
  1 sibling, 0 replies; 3+ messages in thread
From: Daniel Borkmann @ 2020-02-17 15:56 UTC (permalink / raw)
  To: Johannes Krude, bpf, netdev, linux-kernel
  Cc: David S. Miller, Jakub Kicinski, trivial

On 2/12/20 8:32 PM, Johannes Krude wrote:
> This if guards whether user-space wants a copy of the offload-jited
> bytecode and whether this bytecode exists. By erroneously doing a bitwise
> AND instead of a logical AND on user- and kernel-space buffer-size can lead
> to no data being copied to user-space especially when user-space size is a
> power of two and bigger then the kernel-space buffer.
> 
> Signed-off-by: Johannes Krude <johannes@krude.de>

Applied, thanks!

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-12 19:32 [PATCH] bpf_prog_offload_info_fill: replace bitwise AND by logical AND Johannes Krude
2020-02-13  3:38 ` Jakub Kicinski
2020-02-17 15:56 ` Daniel Borkmann

BPF Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/bpf/0 bpf/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 bpf bpf/ https://lore.kernel.org/bpf \
		bpf@vger.kernel.org
	public-inbox-index bpf

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.bpf


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git