kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux-hardened/tools/testing/selftests
History
Jakub Kicinski 28e33f9d78 bpf: disallow arithmetic operations on context pointer 
Commit f1174f77b5 ("bpf/verifier: rework value tracking")
removed the crafty selection of which pointer types are
allowed to be modified.  This is OK for most pointer types
since adjust_ptr_min_max_vals() will catch operations on
immutable pointers.  One exception is PTR_TO_CTX which is
now allowed to be offseted freely.

The intent of aforementioned commit was to allow context
access via modified registers.  The offset passed to
->is_valid_access() verifier callback has been adjusted
by the value of the variable offset.

What is missing, however, is taking the variable offset
into account when the context register is used.  Or in terms
of the code adding the offset to the value passed to the
->convert_ctx_access() callback.  This leads to the following
eBPF user code:

     r1 += 68
     r0 = *(u32 *)(r1 + 8)
     exit

being translated to this in kernel space:

   0: (07) r1 += 68
   1: (61) r0 = *(u32 *)(r1 +180)
   2: (95) exit

Offset 8 is corresponding to 180 in the kernel, but offset
76 is valid too.  Verifier will "accept" access to offset
68+8=76 but then "convert" access to offset 8 as 180.
Effective access to offset 248 is beyond the kernel context.
(This is a __sk_buff example on a debug-heavy kernel -
packet mark is 8 -> 180, 76 would be data.)

Dereferencing the modified context pointer is not as easy
as dereferencing other types, because we have to translate
the access to reading a field in kernel structures which is
usually at a different offset and often of a different size.
To allow modifying the pointer we would have to make sure
that given eBPF instruction will always access the same
field or the fields accessed are "compatible" in terms of
offset and size...

Disallow dereferencing modified context pointers and add
to selftests the test case described here.

Fixes: f1174f77b5 ("bpf/verifier: rework value tracking")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-18 13:21:13 +01:00
..
bpf bpf: disallow arithmetic operations on context pointer 2017-10-18 13:21:13 +01:00
breakpoints selftests: breakpoints: re-order TEST_GEN_PROGS targets 2017-09-18 10:53:58 -06:00
capabilities selftests: capabilities: convert error output to TAP13 ksft framework 2017-08-14 11:31:15 -06:00
cpu-hotplug selftests/cpu-hotplug: Skip test when there is only one online cpu 2017-08-16 17:48:18 -06:00
cpufreq selftests: create cpufreq kconfig fragments 2017-04-27 08:42:18 -06:00
drivers/gpu drm/i915: Provide a hook for selftests 2017-02-13 20:45:21 +00:00
efivarfs selftests: remove duplicated all and clean target 2017-01-05 13:41:35 -07:00
exec selftests: enable O and KBUILD_OUTPUT 2017-01-05 13:42:22 -07:00
filesystems selftests: move dnotify_test from Documentation/filesystems 2016-09-20 09:09:00 -06:00
firmware test_firmware: add batched firmware tests 2017-08-10 13:58:41 -07:00
ftrace selftests/ftrace: multiple_kprobes: Also check for support 2017-09-18 10:55:55 -06:00
futex selftests: futex: Makefile: fix for loops in targets to run silently 2017-09-25 10:09:00 -06:00
gpio selftests: gpio: fix clean target to remove all generated files and dirs 2017-04-25 09:49:50 -06:00
ia64 selftests: move ia64 tests from Documentation/ia64 2016-09-20 09:58:12 -06:00
intel_pstate selftests/intel_pstate: No need to compile test progs in the run script 2017-09-18 10:54:53 -06:00
ipc selftests: ipc add missing generated file to .gitignore 2017-01-11 09:51:03 -07:00
kcmp tools/testing/selftests/kcmp/kcmp_test.c: add KCMP_EPOLL_TFD testing 2017-09-08 18:26:47 -07:00
kmod test_kmod: fix description for -s -and -c parameters 2017-08-18 15:32:01 -07:00
lib selftests: lib: Skip tests on missing test modules 2017-06-23 09:41:53 -06:00
locking locking/ww_mutex: Add ww_mutex to tools/testing/selftests 2017-01-14 11:37:17 +01:00
media_tests selftests: media_tests add a new video device test 2016-07-26 09:59:30 -06:00
membarrier selftests: membarrier: use ksft_* var arg msg api 2017-06-30 16:16:23 -06:00
memfd selftests/memfd: correct run_tests.sh permission 2017-09-25 10:09:06 -06:00
memory-hotplug selftests: fix memory-hotplug test 2017-06-30 10:06:23 -06:00
mount selftests: add default rules for c source file 2017-01-05 13:42:01 -07:00
mqueue selftests: mqueue: Use full path to run tests from Makefile 2017-09-25 10:08:59 -06:00
net selftests/net: msg_zerocopy enable build with older kernel headers 2017-09-19 14:12:29 -06:00
networking/timestamping selftests/net: rxtimestamp: Fix an off by one 2017-10-05 21:28:53 -07:00
nsfs selftests/nsfs: create kconfig fragments 2017-07-24 12:35:14 -06:00
ntb ntb: ntb_test: ensure the link is up before trying to configure the mws 2017-08-01 15:18:59 -04:00
powerpc selftests/powerpc: Force ptrace tests to build -fno-pie 2017-08-31 14:26:49 +10:00
prctl selftests: move prctl tests from Documentation/prctl 2016-09-20 09:09:09 -06:00
pstore selftests: pstore: add .gitignore for generated files 2017-08-02 13:50:29 -06:00
ptp selftests: ptp: include default header install path 2017-08-02 15:26:46 -06:00
ptrace selftests: remove duplicated all and clean target 2017-01-05 13:41:35 -07:00
rcutorture Merge branches 'doc.2017.08.17a', 'fixes.2017.08.17a', 'hotplug.2017.07.25b', 'misc.2017.08.17a', 'spin_unlock_wait_no.2017.08.17a', 'srcu.2017.07.27c' and 'torture.2017.07.24c' into HEAD 2017-08-17 08:10:04 -07:00
seccomp linux-kselftest-4.14-rc3-fixes 2017-09-27 10:51:08 -07:00
sigaltstack tools: fix testing/selftests/sigaltstack for s390x 2017-09-18 10:52:01 -06:00
size kselftest: convert get_size to use stricter TAP13 format 2017-06-14 18:23:27 -06:00
splice selftests: splice: add .gitignore for generated files 2017-08-02 13:50:48 -06:00
static_keys selftests: create test-specific kconfig fragments 2016-02-25 09:47:52 -07:00
sync selftests: sync: kselftest and kselftest-clean fail for make O=dir case 2017-09-21 07:55:40 -06:00
sysctl test_sysctl: fix sysctl.sh by making it executable 2017-08-07 15:13:36 -06:00
tc-testing tc-testing: add test for testing ife type 2017-08-29 15:14:18 -07:00
timers selftests: timers: set-timer-lat: Fix hang when testing unsupported alarms 2017-09-25 10:09:07 -06:00
user selftests: create test-specific kconfig fragments 2016-02-25 09:47:52 -07:00
vDSO selftests: move vDSO tests from Documentation/vDSO 2016-09-20 09:58:04 -06:00
vm userfaultfd: selftest: explicit failure if the SIGBUS test failed 2017-09-06 17:27:29 -07:00
watchdog selftests: watchdog: fix to use TEST_GEN_PROGS and remove clean 2017-09-21 07:55:38 -06:00
x86 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2017-09-11 18:34:47 -07:00
zram selftests: add EXTRA_CLEAN for clean target 2017-01-05 13:42:17 -07:00
.gitignore selftests: add gpio generated files to .gitignore 2017-04-25 09:49:38 -06:00
gen_kselftest_tar.sh selftests: Add tool to generate kselftest tar archive 2015-03-24 08:43:19 -06:00
kselftest.h selftests: kselftest framework: change skip exit code to 0 2017-08-25 10:02:00 -06:00
kselftest_harness.h selftests: Enhance kselftest_harness.h to print which assert failed 2017-09-05 19:21:33 -06:00
kselftest_install.sh
lib.mk selftests: lib.mk: copy test scripts and test files for make O=dir run 2017-09-21 07:55:40 -06:00
Makefile selftests: Makefile: fix for loops in targets to run silently 2017-09-25 10:08:59 -06:00