From: Daniel Borkmann <dborkman@redhat.com>
To: David Miller <davem@davemloft.net>
Cc: eric.dumazet@gmail.com, ast@plumgrid.com, netdev@vger.kernel.org
Subject: Re: [PATCH net] net: filter: initialize A and X registers
Date: Wed, 23 Apr 2014 19:10:49 +0200 [thread overview]
Message-ID: <5357F419.1020909@redhat.com> (raw)
In-Reply-To: <20140423.125126.244770898759207308.davem@davemloft.net>
On 04/23/2014 06:51 PM, David Miller wrote:
> From: Eric Dumazet <eric.dumazet@gmail.com>
> Date: Tue, 22 Apr 2014 22:13:00 -0700
>
>> On Tue, 2014-04-22 at 23:57 -0400, David Miller wrote:
>>> From: Alexei Starovoitov <ast@plumgrid.com>
>>> Date: Tue, 22 Apr 2014 20:18:57 -0700
>>>
>>>> exisiting BPF verifier allows uninitialized access to registers,
>>>> 'ret A' is considered to be a valid filter.
>>>> So initialize A and X to zero to prevent leaking kernel memory
>>>> In the future BPF verifier will be rejecting such filters
>>>>
>>>> Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
>>>
>>> Has the code always been like this?
>>>
>>> Did the eBPF changes introduce this problem either directly or
>>> indirectly?
>>
>> Original code was fine AFAIK
>>
>> Fixes: bd4cf0ed331a2 ("net: filter: rework/optimize internal BPF interpreter's instruction set")
>>
>> David, is it possible for you to push net-next tree ?
>
> What exactly are you asking me to do? Put this patch in the net-next tree?
> Or are you asking me to merge net into net-next after I apply it?
>
> It's definitely a 'net' patch.
I think Eric already clarified it in [1].
It's definitely against net tree.
From my side, it would be awesome, if you could put this into net and
then merge net into net-next as I have some pending stuff on top of
this fix. That would at least avoid a bigger merge conflict later on.
Thanks a lot, Dave.
[1] http://patchwork.ozlabs.org/patch/341693/, April 23, 2014, 1:39 p.m.
next prev parent reply other threads:[~2014-04-23 17:10 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-23 3:18 [PATCH net] net: filter: initialize A and X registers Alexei Starovoitov
2014-04-23 3:57 ` David Miller
2014-04-23 4:59 ` Alexei Starovoitov
2014-04-23 7:02 ` Daniel Borkmann
2014-04-23 16:52 ` David Miller
2014-04-23 17:20 ` Daniel Borkmann
2014-04-23 16:50 ` David Miller
2014-04-23 20:38 ` Alexei Starovoitov
2014-04-23 21:39 ` Eric Dumazet
2014-04-23 22:19 ` Alexei Starovoitov
2014-04-24 2:55 ` Eric Dumazet
2014-04-24 3:22 ` Alexei Starovoitov
2014-04-25 8:23 ` Daniel Borkmann
2014-04-24 7:07 ` Martin Schwidefsky
2014-04-23 5:13 ` Eric Dumazet
2014-04-23 11:45 ` Daniel Borkmann
2014-04-23 13:39 ` Eric Dumazet
2014-04-23 21:07 ` David Miller
2014-04-23 16:51 ` David Miller
2014-04-23 17:10 ` Daniel Borkmann [this message]
2014-04-23 17:14 ` Eric Dumazet
2014-04-24 17:24 ` David Miller
2014-04-24 18:11 ` Eric Dumazet
2014-04-24 22:18 ` Daniel Borkmann
2014-04-23 7:53 ` Daniel Borkmann
2014-04-23 16:13 ` Alexei Starovoitov
2014-04-23 19:35 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5357F419.1020909@redhat.com \
--to=dborkman@redhat.com \
--cc=ast@plumgrid.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.