* [PATCH bpf] xsk: Fix unaligned descriptor validation
@ 2023-04-03 14:36 Kal Conley
2023-04-04 6:25 ` Magnus Karlsson
0 siblings, 1 reply; 6+ messages in thread
From: Kal Conley @ 2023-04-03 14:36 UTC (permalink / raw)
To: Björn Töpel, Magnus Karlsson, Maciej Fijalkowski,
Jonathan Lemon, David S. Miller, Eric Dumazet, Jakub Kicinski,
Paolo Abeni, Alexei Starovoitov, Daniel Borkmann,
Jesper Dangaard Brouer, John Fastabend, Maxim Mikityanskiy
Cc: Kal Conley, netdev, bpf, linux-kernel
Make sure unaligned descriptors that straddle the end of the UMEM are
considered invalid. Currently, descriptor validation is broken for
zero-copy mode which only checks descriptors at page granularity.
Descriptors that cross the end of the UMEM but not a page boundary may
be therefore incorrectly considered valid. The check needs to happen
before the page boundary and contiguity checks in
xp_desc_crosses_non_contig_pg. Do this check in
xp_unaligned_validate_desc instead like xp_check_unaligned already does.
Fixes: 2b43470add8c ("xsk: Introduce AF_XDP buffer allocation API")
Signed-off-by: Kal Conley <kal.conley@dectris.com>
---
include/net/xsk_buff_pool.h | 9 ++-------
net/xdp/xsk_queue.h | 1 +
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/include/net/xsk_buff_pool.h b/include/net/xsk_buff_pool.h
index 3e952e569418..d318c769b445 100644
--- a/include/net/xsk_buff_pool.h
+++ b/include/net/xsk_buff_pool.h
@@ -180,13 +180,8 @@ static inline bool xp_desc_crosses_non_contig_pg(struct xsk_buff_pool *pool,
if (likely(!cross_pg))
return false;
- if (pool->dma_pages_cnt) {
- return !(pool->dma_pages[addr >> PAGE_SHIFT] &
- XSK_NEXT_PG_CONTIG_MASK);
- }
-
- /* skb path */
- return addr + len > pool->addrs_cnt;
+ return pool->dma_pages_cnt &&
+ !(pool->dma_pages[addr >> PAGE_SHIFT] & XSK_NEXT_PG_CONTIG_MASK);
}
static inline u64 xp_aligned_extract_addr(struct xsk_buff_pool *pool, u64 addr)
diff --git a/net/xdp/xsk_queue.h b/net/xdp/xsk_queue.h
index bfb2a7e50c26..66c6f57c9c44 100644
--- a/net/xdp/xsk_queue.h
+++ b/net/xdp/xsk_queue.h
@@ -162,6 +162,7 @@ static inline bool xp_unaligned_validate_desc(struct xsk_buff_pool *pool,
return false;
if (base_addr >= pool->addrs_cnt || addr >= pool->addrs_cnt ||
+ addr + desc->len > pool->addrs_cnt ||
xp_desc_crosses_non_contig_pg(pool, addr, desc->len))
return false;
--
2.39.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH bpf] xsk: Fix unaligned descriptor validation
2023-04-03 14:36 [PATCH bpf] xsk: Fix unaligned descriptor validation Kal Conley
@ 2023-04-04 6:25 ` Magnus Karlsson
2023-04-05 19:38 ` Martin KaFai Lau
0 siblings, 1 reply; 6+ messages in thread
From: Magnus Karlsson @ 2023-04-04 6:25 UTC (permalink / raw)
To: Kal Conley
Cc: Björn Töpel, Magnus Karlsson, Maciej Fijalkowski,
Jonathan Lemon, David S. Miller, Eric Dumazet, Jakub Kicinski,
Paolo Abeni, Alexei Starovoitov, Daniel Borkmann,
Jesper Dangaard Brouer, John Fastabend, Maxim Mikityanskiy,
netdev, bpf, linux-kernel
On Mon, 3 Apr 2023 at 16:38, Kal Conley <kal.conley@dectris.com> wrote:
>
> Make sure unaligned descriptors that straddle the end of the UMEM are
> considered invalid. Currently, descriptor validation is broken for
> zero-copy mode which only checks descriptors at page granularity.
> Descriptors that cross the end of the UMEM but not a page boundary may
> be therefore incorrectly considered valid. The check needs to happen
> before the page boundary and contiguity checks in
> xp_desc_crosses_non_contig_pg. Do this check in
> xp_unaligned_validate_desc instead like xp_check_unaligned already does.
Thanks for catching this Kal.
Acked-by: Magnus Karlsson <magnus.karlsson@intel.com>
> Fixes: 2b43470add8c ("xsk: Introduce AF_XDP buffer allocation API")
> Signed-off-by: Kal Conley <kal.conley@dectris.com>
> ---
> include/net/xsk_buff_pool.h | 9 ++-------
> net/xdp/xsk_queue.h | 1 +
> 2 files changed, 3 insertions(+), 7 deletions(-)
>
> diff --git a/include/net/xsk_buff_pool.h b/include/net/xsk_buff_pool.h
> index 3e952e569418..d318c769b445 100644
> --- a/include/net/xsk_buff_pool.h
> +++ b/include/net/xsk_buff_pool.h
> @@ -180,13 +180,8 @@ static inline bool xp_desc_crosses_non_contig_pg(struct xsk_buff_pool *pool,
> if (likely(!cross_pg))
> return false;
>
> - if (pool->dma_pages_cnt) {
> - return !(pool->dma_pages[addr >> PAGE_SHIFT] &
> - XSK_NEXT_PG_CONTIG_MASK);
> - }
> -
> - /* skb path */
> - return addr + len > pool->addrs_cnt;
> + return pool->dma_pages_cnt &&
> + !(pool->dma_pages[addr >> PAGE_SHIFT] & XSK_NEXT_PG_CONTIG_MASK);
> }
>
> static inline u64 xp_aligned_extract_addr(struct xsk_buff_pool *pool, u64 addr)
> diff --git a/net/xdp/xsk_queue.h b/net/xdp/xsk_queue.h
> index bfb2a7e50c26..66c6f57c9c44 100644
> --- a/net/xdp/xsk_queue.h
> +++ b/net/xdp/xsk_queue.h
> @@ -162,6 +162,7 @@ static inline bool xp_unaligned_validate_desc(struct xsk_buff_pool *pool,
> return false;
>
> if (base_addr >= pool->addrs_cnt || addr >= pool->addrs_cnt ||
> + addr + desc->len > pool->addrs_cnt ||
> xp_desc_crosses_non_contig_pg(pool, addr, desc->len))
> return false;
>
> --
> 2.39.2
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH bpf] xsk: Fix unaligned descriptor validation
2023-04-04 6:25 ` Magnus Karlsson
@ 2023-04-05 19:38 ` Martin KaFai Lau
2023-04-05 19:48 ` Kal Cutter Conley
0 siblings, 1 reply; 6+ messages in thread
From: Martin KaFai Lau @ 2023-04-05 19:38 UTC (permalink / raw)
To: Magnus Karlsson, Kal Conley
Cc: Björn Töpel, Magnus Karlsson, Maciej Fijalkowski,
Jonathan Lemon, David S. Miller, Eric Dumazet, Jakub Kicinski,
Paolo Abeni, Alexei Starovoitov, Daniel Borkmann,
Jesper Dangaard Brouer, John Fastabend, Maxim Mikityanskiy,
netdev, bpf, linux-kernel
On 4/3/23 11:25 PM, Magnus Karlsson wrote:
> On Mon, 3 Apr 2023 at 16:38, Kal Conley <kal.conley@dectris.com> wrote:
>>
>> Make sure unaligned descriptors that straddle the end of the UMEM are
>> considered invalid. Currently, descriptor validation is broken for
>> zero-copy mode which only checks descriptors at page granularity.
>> Descriptors that cross the end of the UMEM but not a page boundary may
>> be therefore incorrectly considered valid. The check needs to happen
>> before the page boundary and contiguity checks in
>> xp_desc_crosses_non_contig_pg. Do this check in
>> xp_unaligned_validate_desc instead like xp_check_unaligned already does.
>
> Thanks for catching this Kal.
>
> Acked-by: Magnus Karlsson <magnus.karlsson@intel.com>
Is this case covered by an existing test?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH bpf] xsk: Fix unaligned descriptor validation
2023-04-05 19:38 ` Martin KaFai Lau
@ 2023-04-05 19:48 ` Kal Cutter Conley
2023-04-05 20:11 ` Martin KaFai Lau
0 siblings, 1 reply; 6+ messages in thread
From: Kal Cutter Conley @ 2023-04-05 19:48 UTC (permalink / raw)
To: Martin KaFai Lau
Cc: Magnus Karlsson, Björn Töpel, Magnus Karlsson,
Maciej Fijalkowski, Jonathan Lemon, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, Alexei Starovoitov,
Daniel Borkmann, Jesper Dangaard Brouer, John Fastabend,
Maxim Mikityanskiy, netdev, bpf, linux-kernel
> Is this case covered by an existing test?
>
No. I submitted a test but I was asked to make minor changes to it. I
plan to submit the test once this gets picked up on bpf-next.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH bpf] xsk: Fix unaligned descriptor validation
2023-04-05 19:48 ` Kal Cutter Conley
@ 2023-04-05 20:11 ` Martin KaFai Lau
2023-04-06 0:12 ` Kal Cutter Conley
0 siblings, 1 reply; 6+ messages in thread
From: Martin KaFai Lau @ 2023-04-05 20:11 UTC (permalink / raw)
To: Kal Cutter Conley
Cc: Magnus Karlsson, Björn Töpel, Magnus Karlsson,
Maciej Fijalkowski, Jonathan Lemon, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, Alexei Starovoitov,
Daniel Borkmann, Jesper Dangaard Brouer, John Fastabend,
Maxim Mikityanskiy, netdev, bpf, linux-kernel
On 4/5/23 12:48 PM, Kal Cutter Conley wrote:
>> Is this case covered by an existing test?
>>
>
> No. I submitted a test but I was asked to make minor changes to it. I
> plan to submit the test once this gets picked up on bpf-next.
Since you already have a test case, it is better to submit them together such
that this case can be covered earlier than later.
Other xskxceiver fixes have already landed to bpf-next. imo, I think for this
particular case, bpf-next for both the fix and the test is fine.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH bpf] xsk: Fix unaligned descriptor validation
2023-04-05 20:11 ` Martin KaFai Lau
@ 2023-04-06 0:12 ` Kal Cutter Conley
0 siblings, 0 replies; 6+ messages in thread
From: Kal Cutter Conley @ 2023-04-06 0:12 UTC (permalink / raw)
To: Martin KaFai Lau
Cc: Magnus Karlsson, Björn Töpel, Magnus Karlsson,
Maciej Fijalkowski, Jonathan Lemon, David S. Miller,
Eric Dumazet, Jakub Kicinski, Paolo Abeni, Alexei Starovoitov,
Daniel Borkmann, Jesper Dangaard Brouer, John Fastabend,
Maxim Mikityanskiy, netdev, bpf, linux-kernel
> Since you already have a test case, it is better to submit them together such
> that this case can be covered earlier than later.
>
> Other xskxceiver fixes have already landed to bpf-next. imo, I think for this
> particular case, bpf-next for both the fix and the test is fine.
Done. See: https://lore.kernel.org/all/20230405235920.7305-1-kal.conley@dectris.com/
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-04-06 0:07 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-03 14:36 [PATCH bpf] xsk: Fix unaligned descriptor validation Kal Conley
2023-04-04 6:25 ` Magnus Karlsson
2023-04-05 19:38 ` Martin KaFai Lau
2023-04-05 19:48 ` Kal Cutter Conley
2023-04-05 20:11 ` Martin KaFai Lau
2023-04-06 0:12 ` Kal Cutter Conley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).