linux

mirror of https://github.com/torvalds/linux synced 2024-10-20 18:28:21 +00:00

History

John Fastabend bc1b4f013b bpf: sk_msg, improve offset chk in _is_valid_access The check for max offset in sk_msg_is_valid_access uses sizeof() which is incorrect because it would allow accessing possibly past the end of the struct in the padded case. Further, it doesn't preclude accessing any padding that may be added in the middle of a struct. All told this makes it fragile to rely on. To fix this explicitly check offsets with fields using the bpf_ctx_range() and bpf_ctx_range_till() macros. For reference the current structure layout looks as follows (reported by pahole) struct sk_msg_md { union { void * data; /* 8 / }; / 0 8 / union { void data_end; /* 8 / }; / 8 8 / __u32 family; / 16 4 / __u32 remote_ip4; / 20 4 / __u32 local_ip4; / 24 4 / __u32 remote_ip6[4]; / 28 16 / __u32 local_ip6[4]; / 44 16 / __u32 remote_port; / 60 4 / / --- cacheline 1 boundary (64 bytes) --- / __u32 local_port; / 64 4 / __u32 size; / 68 4 / / size: 72, cachelines: 2, members: 10 / / last cacheline: 8 bytes */ }; So there should be no padding at the moment but fixing this now prevents future errors. Reported-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>		2018-12-20 23:47:08 +01:00
..
6lowpan
9p	Merge branch 'work.afs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2018-11-03 10:35:52 -07:00
802
8021q	net: core: dev: Add extack argument to dev_change_flags()	2018-12-06 13:26:07 -08:00
appletalk
atm	Revert "net: simplify sock_poll_wait"	2018-10-23 10:57:06 -07:00
ax25
batman-adv	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-11-19 10:55:00 -08:00
bluetooth	net: core: dev: Add extack argument to dev_open()	2018-12-06 13:26:06 -08:00
bpf	Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next	2018-12-10 18:00:43 -08:00
bpfilter	net: bpfilter: Set user mode helper's command line	2018-10-22 19:37:36 -07:00
bridge	bridge: Add br_fdb_clear_offload()	2018-12-07 12:59:08 -08:00
caif	Revert "net: simplify sock_poll_wait"	2018-10-23 10:57:06 -07:00
can	can: raw: check for CAN FD capable netdev in raw_sendmsg()	2018-11-09 17:19:34 +01:00
ceph	libceph: fall back to sendmsg for slab pages	2018-11-19 17:59:47 +01:00
core	bpf: sk_msg, improve offset chk in _is_valid_access	2018-12-20 23:47:08 +01:00
dcb
dccp	net: Convert protocol error handlers from void to int	2018-11-08 17:13:08 -08:00
decnet	net/decnet: add missing indentation	2018-11-16 19:42:49 -08:00
dns_resolver
dsa	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-12-09 21:43:31 -08:00
ethernet	net: ethernet: provide nvmem_get_mac_address()	2018-12-03 15:40:30 -08:00
hsr
ieee802154
ife
ipv4	net: Add netif_is_gretap()/netif_is_ip6gretap()	2018-12-10 15:53:04 -08:00
ipv6	net: Add netif_is_gretap()/netif_is_ip6gretap()	2018-12-10 15:53:04 -08:00
iucv	iucv: Remove SKB list assumptions.	2018-11-10 16:55:11 -08:00
kcm
key
l2tp	l2tp: fix a sock refcnt leak in l2tp_tunnel_register	2018-11-14 22:49:31 -08:00
l3mdev	l3mdev: add function to retreive upper master	2018-12-03 14:15:26 -08:00
lapb
llc	llc: do not use sk_eat_skb()	2018-10-22 19:59:20 -07:00
mac80211	mac80211: ignore NullFunc frames in the duplicate detection	2018-12-05 12:34:49 +01:00
mac802154
mpls
ncsi	net/ncsi: Add NCSI Mellanox OEM command	2018-11-27 16:37:20 -08:00
netfilter	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-11-28 22:10:54 -08:00
netlabel
netlink
netrom
nfc	Merge branch 'work.tty-ioctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2018-10-24 14:43:41 +01:00
nsh
openvswitch	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-12-09 21:43:31 -08:00
packet	packet: copy user buffers before orphan or clone	2018-11-23 11:08:03 -08:00
phonet
psample
qrtr
rds
rfkill
rose
rxrpc	rxrpc: Fix life check	2018-11-15 11:35:40 -08:00
sched	net/sched: Remove egdev mechanism	2018-12-10 15:54:34 -08:00
sctp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-12-09 21:43:31 -08:00
smc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-11-24 17:01:43 -08:00
strparser
sunrpc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2018-12-09 21:43:31 -08:00
switchdev	switchdev: Replace port obj add/del SDO with a notification	2018-11-23 18:02:24 -08:00
tipc	tipc: fix node keep alive interval calculation	2018-12-05 20:52:31 -08:00
tls	bpf: helper to pop data from messages	2018-11-28 22:07:57 +01:00
unix	Revert "net: simplify sock_poll_wait"	2018-10-23 10:57:06 -07:00
vmw_vsock
wimax
wireless	cfg80211: Fix busy loop regression in ieee80211_ie_split_ric()	2018-12-05 12:51:29 +01:00
x25	net/x25: handle call collisions	2018-11-29 14:25:36 -08:00
xdp	xsk: simplify AF_XDP socket teardown	2018-12-19 21:45:17 +01:00
xfrm	Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2018-11-03 18:25:17 -07:00
compat.c
Kconfig
Makefile
socket.c	socket: do a generic_file_splice_read when proto_ops has no splice_read	2018-11-17 21:34:11 -08:00
sysctl_net.c