On Tue, Jul 19, 2016 at 12:16:56PM -0700, Brenden Blanco wrote:
> For forwarding to be effective, XDP programs should be allowed to
> rewrite packet data.
>
> This requires that the drivers supporting XDP must all map the packet
> memory as TODEVICE or BIDIRECTIONAL before invoking the program.
>
> Signed-off-by: Brenden Blanco <bbla...@plumgrid.com>
> ---
> kernel/bpf/verifier.c | 17 ++++++++++++++++-
> 1 file changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index a8d67d0..f72f23b 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -653,6 +653,16 @@ static int check_map_access(struct verifier_env *env,
> u32 regno, int off,
>
> #define MAX_PACKET_OFF 0xffff
>
> +static bool may_write_pkt_data(enum bpf_prog_type type)
> +{
> + switch (type) {
> + case BPF_PROG_TYPE_XDP:
> + return true;
> + default:
> + return false;
> + }
> +}
> +
> static int check_packet_access(struct verifier_env *env, u32 regno, int off,
> int size)
> {
> @@ -806,10 +816,15 @@ static int check_mem_access(struct verifier_env *env,
> u32 regno, int off,
> err = check_stack_read(state, off, size, value_regno);
> }
> } else if (state->regs[regno].type == PTR_TO_PACKET) {
> - if (t == BPF_WRITE) {
> + if (t == BPF_WRITE && !may_write_pkt_data(env->prog->type)) {
> verbose("cannot write into packet\n");
> return -EACCES;
> }
> + if (t == BPF_WRITE && value_regno >= 0 &&
> + is_pointer_value(env, value_regno)) {
> + verbose("R%d leaks addr into packet\n", value_regno);
> + return -EACCES;
> + }
Like this extra security check :) though it's arguably overkill.
Acked-by: Alexei Starovoitov <a...@kernel.org>
