Re: [PATCH bpf] bpf: do not allow root to mangle valid pointers

Wed, 20 Dec 2017 18:21:08 -0800 

On 12/19/2017 05:15 AM, Alexei Starovoitov wrote:
> Do not allow root to convert valid pointers into unknown scalars.
> In particular disallow:
>  ptr &= reg
>  ptr <<= reg
>  ptr += ptr
> and explicitly allow:
>  ptr -= ptr
> since pkt_end - pkt == length
> 
> 1.
> This minimizes amount of address leaks root can do.
> In the future may need to further tighten the leaks with kptr_restrict.
> 
> 2.
> If program has such pointer math it's likely a user mistake and
> when verifier complains about it right away instead of many instructions
> later on invalid memory access it's easier for users to fix their progs.
> 
> 3.
> when register holding a pointer cannot change to scalar it allows JITs to
> optimize better. Like 32-bit archs could use single register for pointers
> instead of a pair required to hold 64-bit scalars.
> 
> 4.
> reduces architecture dependent behavior. Since code:
> r1 = r10;
> r1 &= 0xff;
> if (r1 ...)
> will behave differently arm64 vs x64 and offloaded vs native.
> 
> A significant chunk of ptr mangling was allowed by
> commit f1174f77b50c ("bpf/verifier: rework value tracking")
> yet some of it was allowed even earlier.
> 
> Signed-off-by: Alexei Starovoitov <a...@kernel.org>

Series applied to bpf tree, thanks Alexei!

Reply via email to