https://bugs.dpdk.org/show_bug.cgi?id=298
Bug ID: 298
Summary: BPF: eval_call() is messing bounds of return types
different of RTE_BPF_ARG_RAW
Product: DPDK
Version: 19.08
Hardware: All
OS: All
Status: CONFIRMED
Severity: normal
Priority: Normal
Component: other
Assignee: dev@dpdk.org
Reporter: mic...@digirati.com.br
Target Milestone: ---
Created attachment 42
--> https://bugs.dpdk.org/attachment.cgi?id=42&action=edit
Patch eval_call() in lib/librte_bpf/bpf_validate.c
eval_call() in lib/librte_bpf/bpf_validate.c calls eval_max_bound() on the BPF
return value for all types. This makes the verifier fails when a BPF helper
function returns a pointer that is later dereferenced. The error message when
this happens should be similar to this one: evaluate: memory boundary violation
at pc: 7.
evaluate() in the same file only calls eval_max_bound() on the parameter of the
BPF program when its type is RTE_BPF_ARG_RAW. Based on this knowledge, I tested
the attached patch and it works. But I'm not knowledgable enough on librte_bpf
to know if this is the correct way to solve this problem.
--
You are receiving this mail because:
You are the assignee for the bug.
