From: John Fastabend <firstname.lastname@example.org>
To: email@example.com, firstname.lastname@example.org, email@example.com,
Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
Subject: [bpf PATCH v3 0/5] Fix sock_ops field read splat
Date: Tue, 11 Aug 2020 15:04:18 -0700 [thread overview]
Message-ID: <159718333343.4728.9389284976477402193.stgit@john-Precision-5820-Tower> (raw)
Doing some refactoring resulted in a kernel splat when reading sock_ops
Patch 1, has the details and proposed fix for sock_ops sk field access.
Patch 2, has the details and proposed fix for reading sock_ops->sk field
Patch 3, Gives a reproducer and test to verify the fix. I used the netcnt
program to test this because I wanted a splat to be generated which can
only be done if we have real traffic exercising the code.
Patch 4, Is an optional patch. While doing above I wanted to also verify
loads were OK. The code looked good, but I wanted some xlated code to
review as well. It seems like a good idea to add it here or at least
shouldn't hurt. I could push it into bpf-next if folks want.
Patch 5, Add reproducers for reading scok_ops->sk field.
I split Patch1 and Patch2 into two two patches because they have different
fixes tags. Seems like this will help with backporting. They could be
squashed though if folks want.
For selftests I was fairly verbose creating three patches each with the
associated xlated code to handle each of the three cases. My hope is this
helps the reader understand issues and review fixes. Its more or less
how I debugged the issue and created reproducers so it at least helped
me to have them logically different patches.
v2->v3: Updated commit msg in patch1 to include ommited line of asm
output, per Daniels comment.
v1->v2: Added fix sk access case
John Fastabend (5):
bpf: sock_ops ctx access may stomp registers in corner case
bpf: sock_ops sk access may stomp registers when dst_reg = src_reg
bpf, selftests: Add tests for ctx access in sock_ops with single register
bpf, selftests: Add tests for sock_ops load with r9,r8.r7 registers
bpf, selftests: Add tests to sock_ops for loading sk
net/core/filter.c | 75 +++++++++++++++++---
.../testing/selftests/bpf/progs/test_tcpbpf_kern.c | 41 +++++++++++
2 files changed, 103 insertions(+), 13 deletions(-)
next reply other threads:[~2020-08-11 22:04 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-11 22:04 John Fastabend [this message]
2020-08-11 22:04 ` [bpf PATCH v3 1/5] bpf: sock_ops ctx access may stomp registers in corner case John Fastabend
2020-08-11 22:04 ` [bpf PATCH v3 2/5] bpf: sock_ops sk access may stomp registers when dst_reg = src_reg John Fastabend
2020-08-11 22:05 ` [bpf PATCH v3 3/5] bpf, selftests: Add tests for ctx access in sock_ops with single register John Fastabend
2020-08-11 22:05 ` [bpf PATCH v3 4/5] bpf, selftests: Add tests for sock_ops load with r9, r8.r7 registers John Fastabend
2020-08-11 22:05 ` [bpf PATCH v3 5/5] bpf, selftests: Add tests to sock_ops for loading sk John Fastabend
2020-08-13 21:36 ` [bpf PATCH v3 0/5] Fix sock_ops field read splat Daniel Borkmann
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).