On Wed, Oct 24, 2018 at 1:06 PM Daniel Borkmann <[email protected]> wrote:
>
> Given this seems to be quite fragile and can easily slip through the
> cracks, lets make direct packet write more robust by requiring that
> future program types which allow for such write must provide a prologue
> callback. In case of XDP and sk_msg it's noop, thus add a generic noop
> handler there. The latter starts out with NULL data/data_end unconditionally
> when sg pages are shared.
>
> Signed-off-by: Daniel Borkmann <[email protected]>
> Acked-by: Alexei Starovoitov <[email protected]>
> ---
> kernel/bpf/verifier.c | 6 +++++-
> net/core/filter.c | 11 +++++++++++
> 2 files changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 5fc9a65..171a2c8 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -5709,7 +5709,11 @@ static int convert_ctx_accesses(struct
> bpf_verifier_env *env)
> bool is_narrower_load;
> u32 target_size;
>
> - if (ops->gen_prologue) {
> + if (ops->gen_prologue || env->seen_direct_write) {
> + if (!ops->gen_prologue) {
> + verbose(env, "bpf verifier is misconfigured\n");
> + return -EINVAL;
> + }
nit: how about this?
diff --git i/kernel/bpf/verifier.c w/kernel/bpf/verifier.c
index 6fbe7a8afed7..d35078024e35 100644
--- i/kernel/bpf/verifier.c
+++ w/kernel/bpf/verifier.c
@@ -5286,6 +5286,11 @@ static int convert_ctx_accesses(struct
bpf_verifier_env *env)
bool is_narrower_load;
u32 target_size;
+ if (!ops->gen_prologue && env->seen_direct_write) {
+ verbose(env, "bpf verifier is misconfigured\n");
+ return -EINVAL;
+ }
+
if (ops->gen_prologue) {
cnt = ops->gen_prologue(insn_buf, env->seen_direct_write,
env->prog);
