From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Borkmann Subject: Re: [PATCH v3] bpf: Set register type according to is_valid_access() Date: Mon, 26 Sep 2016 16:49:17 +0200 Message-ID: <57E9356D.70308@iogearbox.net> References: <20160924180150.23620-1-mic@digikod.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Cc: Alexei Starovoitov , Andy Lutomirski , Kees Cook , Sargun Dhillon , Tejun Heo , netdev@vger.kernel.org To: =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , linux-kernel@vger.kernel.org Return-path: In-Reply-To: <20160924180150.23620-1-mic@digikod.net> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org On 09/24/2016 08:01 PM, Mickaël Salaün wrote: > This prevent future potential pointer leaks when an unprivileged eBPF > program will read a pointer value from its context. Even if > is_valid_access() returns a pointer type, the eBPF verifier replace it > with UNKNOWN_VALUE. The register value that contains a kernel address is > then allowed to leak. Moreover, this fix allows unprivileged eBPF > programs to use functions with (legitimate) pointer arguments. > > Not an issue currently since reg_type is only set for PTR_TO_PACKET or > PTR_TO_PACKET_END in XDP and TC programs that can only be loaded as > privileged. For now, the only unprivileged eBPF program allowed is for > socket filtering and all the types from its context are UNKNOWN_VALUE. > However, this fix is important for future unprivileged eBPF programs > which could use pointers in their context. > > Signed-off-by: Mickaël Salaün > Cc: Alexei Starovoitov > Cc: Daniel Borkmann Seems okay to me: Acked-by: Daniel Borkmann