netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: John Fastabend <john.fastabend@gmail.com>
To: songliubraving@fb.com, kafai@fb.com, daniel@iogearbox.net,
	ast@kernel.org
Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, john.fastabend@gmail.com
Subject: [bpf PATCH v3 0/5] Fix sock_ops field read splat
Date: Tue, 11 Aug 2020 15:04:18 -0700	[thread overview]
Message-ID: <159718333343.4728.9389284976477402193.stgit@john-Precision-5820-Tower> (raw)

Doing some refactoring resulted in a kernel splat when reading sock_ops
fields.

Patch 1, has the details and proposed fix for sock_ops sk field access.

Patch 2, has the details and proposed fix for reading sock_ops->sk field

Patch 3, Gives a reproducer and test to verify the fix. I used the netcnt
program to test this because I wanted a splat to be generated which can
only be done if we have real traffic exercising the code.

Patch 4, Is an optional patch. While doing above I wanted to also verify
loads were OK. The code looked good, but I wanted some xlated code to
review as well. It seems like a good idea to add it here or at least
shouldn't hurt. I could push it into bpf-next if folks want.

Patch 5, Add reproducers for reading scok_ops->sk field.

I split Patch1 and Patch2 into two two patches because they have different
fixes tags. Seems like this will help with backporting. They could be
squashed though if folks want.

For selftests I was fairly verbose creating three patches each with the
associated xlated code to handle each of the three cases. My hope is this
helps the reader understand issues and review fixes. Its more or less
how I debugged the issue and created reproducers so it at least helped
me to have them logically different patches.

v2->v3: Updated commit msg in patch1 to include ommited line of asm
        output, per Daniels comment.
v1->v2: Added fix sk access case

---

John Fastabend (5):
      bpf: sock_ops ctx access may stomp registers in corner case
      bpf: sock_ops sk access may stomp registers when dst_reg = src_reg
      bpf, selftests: Add tests for ctx access in sock_ops with single register
      bpf, selftests: Add tests for sock_ops load with r9,r8.r7 registers
      bpf, selftests: Add tests to sock_ops for loading sk


 net/core/filter.c                                  |   75 +++++++++++++++++---
 .../testing/selftests/bpf/progs/test_tcpbpf_kern.c |   41 +++++++++++
 2 files changed, 103 insertions(+), 13 deletions(-)

--
Signature

             reply	other threads:[~2020-08-11 22:04 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-11 22:04 John Fastabend [this message]
2020-08-11 22:04 ` [bpf PATCH v3 1/5] bpf: sock_ops ctx access may stomp registers in corner case John Fastabend
2020-08-11 22:04 ` [bpf PATCH v3 2/5] bpf: sock_ops sk access may stomp registers when dst_reg = src_reg John Fastabend
2020-08-11 22:05 ` [bpf PATCH v3 3/5] bpf, selftests: Add tests for ctx access in sock_ops with single register John Fastabend
2020-08-11 22:05 ` [bpf PATCH v3 4/5] bpf, selftests: Add tests for sock_ops load with r9, r8.r7 registers John Fastabend
2020-08-11 22:05 ` [bpf PATCH v3 5/5] bpf, selftests: Add tests to sock_ops for loading sk John Fastabend
2020-08-13 21:36 ` [bpf PATCH v3 0/5] Fix sock_ops field read splat Daniel Borkmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=159718333343.4728.9389284976477402193.stgit@john-Precision-5820-Tower \
    --to=john.fastabend@gmail.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=kafai@fb.com \
    --cc=netdev@vger.kernel.org \
    --cc=songliubraving@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).