From: Ingo Molnar <mingo-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
To: Alexei Starovoitov <ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
Cc: Daniel Borkmann <daniel-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org>,
"David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
Hannes Frederic Sowa
<hannes-tFNcAqjVMyqKXQKiL6tip0B+6BGkLq7r@public.gmane.org>,
Eric Dumazet <edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Kees Cook <keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH net-next 1/2] bpf: enable non-root eBPF programs
Date: Tue, 6 Oct 2015 09:13:47 +0200 [thread overview]
Message-ID: <20151006071347.GB14093@gmail.com> (raw)
In-Reply-To: <56131B1F.80002-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
* Alexei Starovoitov <ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org> wrote:
> On 10/5/15 3:14 PM, Daniel Borkmann wrote:
> >One scenario that comes to mind ... what happens when there are kernel
> >pointers stored in skb->cb[] (either from the current layer or an old
> >one from a different layer that the skb went through previously, but
> >which did not get overwritten)?
> >
> >Socket filters could read a portion of skb->cb[] also when unprived and
> >leak that out through maps. I think the verifier doesn't catch that,
> >right?
>
> grrr. indeed. previous layer before sk_filter() can leave junk in there.
Could this be solved by activating zeroing/sanitizing of this data if there's an
active BPF function around that can access that socket?
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Alexei Starovoitov <ast@plumgrid.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>,
"David S. Miller" <davem@davemloft.net>,
Andy Lutomirski <luto@amacapital.net>,
Hannes Frederic Sowa <hannes@stressinduktion.org>,
Eric Dumazet <edumazet@google.com>,
Kees Cook <keescook@chromium.org>,
linux-api@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH net-next 1/2] bpf: enable non-root eBPF programs
Date: Tue, 6 Oct 2015 09:13:47 +0200 [thread overview]
Message-ID: <20151006071347.GB14093@gmail.com> (raw)
In-Reply-To: <56131B1F.80002@plumgrid.com>
* Alexei Starovoitov <ast@plumgrid.com> wrote:
> On 10/5/15 3:14 PM, Daniel Borkmann wrote:
> >One scenario that comes to mind ... what happens when there are kernel
> >pointers stored in skb->cb[] (either from the current layer or an old
> >one from a different layer that the skb went through previously, but
> >which did not get overwritten)?
> >
> >Socket filters could read a portion of skb->cb[] also when unprived and
> >leak that out through maps. I think the verifier doesn't catch that,
> >right?
>
> grrr. indeed. previous layer before sk_filter() can leave junk in there.
Could this be solved by activating zeroing/sanitizing of this data if there's an
active BPF function around that can access that socket?
Thanks,
Ingo
next prev parent reply other threads:[~2015-10-06 7:13 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-05 20:48 [PATCH net-next 0/2] bpf: unprivileged Alexei Starovoitov
2015-10-05 20:48 ` [PATCH net-next 1/2] bpf: enable non-root eBPF programs Alexei Starovoitov
[not found] ` <1444078101-29060-2-git-send-email-ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-10-05 21:00 ` Kees Cook
2015-10-05 21:00 ` Kees Cook
2015-10-05 21:12 ` Alexei Starovoitov
[not found] ` <5612E7C4.1010306-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-10-05 21:16 ` Andy Lutomirski
2015-10-05 21:16 ` Andy Lutomirski
2015-10-05 21:32 ` Alexei Starovoitov
2015-10-05 22:02 ` Kees Cook
2015-10-06 0:28 ` Alexei Starovoitov
2015-10-08 2:29 ` Alexei Starovoitov
2015-10-08 2:29 ` Alexei Starovoitov
2015-10-05 22:14 ` Daniel Borkmann
[not found] ` <5612F639.2050305-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org>
2015-10-06 0:51 ` Alexei Starovoitov
2015-10-06 0:51 ` Alexei Starovoitov
[not found] ` <56131B1F.80002-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-10-06 7:13 ` Ingo Molnar [this message]
2015-10-06 7:13 ` Ingo Molnar
2015-10-06 8:05 ` Daniel Borkmann
2015-10-06 8:20 ` Ingo Molnar
[not found] ` <20151006082048.GA18287-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2015-10-06 8:39 ` Daniel Borkmann
2015-10-06 8:39 ` Daniel Borkmann
[not found] ` <561388D1.30406-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org>
2015-10-06 17:50 ` Alexei Starovoitov
2015-10-06 17:50 ` Alexei Starovoitov
2015-10-06 17:56 ` Eric Dumazet
[not found] ` <1444154160.9555.5.camel-XN9IlZ5yJG9HTL0Zs8A6p/gx64E7kk8eUsxypvmhUTTZJqsBc5GL+g@public.gmane.org>
2015-10-06 18:05 ` Andy Lutomirski
2015-10-06 18:05 ` Andy Lutomirski
2015-10-07 6:05 ` Ingo Molnar
2015-10-06 19:26 ` Alexei Starovoitov
[not found] ` <561409EC.5050005-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-10-06 18:03 ` Daniel Borkmann
2015-10-06 18:03 ` Daniel Borkmann
2015-10-06 12:45 ` Daniel Borkmann
2015-10-06 12:45 ` Daniel Borkmann
2015-10-07 21:20 ` Alexei Starovoitov
[not found] ` <56158CAF.9030209-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-10-07 22:07 ` Daniel Borkmann
2015-10-07 22:07 ` Daniel Borkmann
2015-10-07 22:22 ` Kees Cook
2015-10-07 23:49 ` Alexei Starovoitov
[not found] ` <5615AF92.50402-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org>
2015-10-08 6:21 ` Ingo Molnar
2015-10-08 6:21 ` Ingo Molnar
2015-10-08 6:30 ` Alexei Starovoitov
2015-10-08 17:42 ` Kees Cook
2015-10-05 20:48 ` [PATCH net-next 2/2] bpf: charge user for creation of BPF maps and programs Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151006071347.GB14093@gmail.com \
--to=mingo-dgejt+ai2ygdnm+yrofe0a@public.gmane.org \
--cc=ast-uqk4Ao+rVK5Wk0Htik3J/w@public.gmane.org \
--cc=daniel-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=hannes-tFNcAqjVMyqKXQKiL6tip0B+6BGkLq7r@public.gmane.org \
--cc=keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.