All of lore.kernel.org
 help / color / mirror / Atom feed
From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [dpdk-dev] [Bug 298] BPF: eval_call() is messing bounds of return types different of RTE_BPF_ARG_RAW
Date: Thu, 27 Jun 2019 14:58:31 +0000	[thread overview]
Message-ID: <bug-298-3@http.bugs.dpdk.org/> (raw)

https://bugs.dpdk.org/show_bug.cgi?id=298

            Bug ID: 298
           Summary: BPF: eval_call() is messing bounds of return types
                    different of RTE_BPF_ARG_RAW
           Product: DPDK
           Version: 19.08
          Hardware: All
                OS: All
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: other
          Assignee: dev@dpdk.org
          Reporter: michel@digirati.com.br
  Target Milestone: ---

Created attachment 42
  --> https://bugs.dpdk.org/attachment.cgi?id=42&action=edit
Patch eval_call() in lib/librte_bpf/bpf_validate.c

eval_call() in lib/librte_bpf/bpf_validate.c calls eval_max_bound() on the BPF
return value for all types. This makes the verifier fails when a BPF helper
function returns a pointer that is later dereferenced. The error message when
this happens should be similar to this one: evaluate: memory boundary violation
at pc: 7.

evaluate() in the same file only calls eval_max_bound() on the parameter of the
BPF program when its type is RTE_BPF_ARG_RAW. Based on this knowledge, I tested
the attached patch and it works. But I'm not knowledgable enough on librte_bpf
to know if this is the correct way to solve this problem.

-- 
You are receiving this mail because:
You are the assignee for the bug.

             reply	other threads:[~2019-06-27 14:58 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-27 14:58 bugzilla [this message]
2019-07-05 19:16 ` [dpdk-dev] [Bug 298] BPF: eval_call() is messing bounds of return types different of RTE_BPF_ARG_RAW bugzilla

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-298-3@http.bugs.dpdk.org/ \
    --to=bugzilla@dpdk.org \
    --cc=dev@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.