On Thu, May 10, 2018 at 9:28 AM Borislav Petkov wrote:
> As someone already pointed out on IRC, arch/x86/include/asm/cpufeature.h
> is solely a kernel header so nothing but kernel should include it. So
> forget the userspace breakage "argument".
For what is worth, I have the same exact problem
On Wed, Apr 25, 2018 at 8:34 AM Daniel Borkmann
wrote:
> I've applied this fix to bpf tree, thanks Gianluca!
Thank you all for the quick review, really appreciated!
be safely translated into a 0xEB instruction with a jump offset
of -2.
Such fix brings the BPF program in the previous example to complete again
in ~9 passes.
Fixes: 2a5418a13fcf ("bpf: improve dead code sanitizing")
Signed-off-by: Gianluca Borello
---
Hi
Posting this as RFC since I
On Fri, Mar 2, 2018 at 12:42 PM, Alexei Starovoitov
wrote:
>
> good catch!
> I wonder why sched.h is using this flag insead of relying on #defines from
> autoconf.h
> It could have been using CONFIG_HAVE_CC_STACKPROTECTOR
> instead of CONFIG_CC_STACKPROTECTOR, no ?
>
Thanks for your reply Alexei
Hello,
While testing bpf-next, I noticed that I was reading garbage when
accessing some task_struct members, and the issue seems caused by the
recent commit 2bc2f688fdf8 ("Makefile: move stack-protector
availability out of Kconfig") which removes CONFIG_CC_STACKPROTECTOR
from autoconf.h.
When I c
first
test, without this fix instructions 16 and 17 are replaced with nops
instead of being rejected by the verifier.
The second test, instead, allows a program to make a potentially illegal
read from the stack.
Fixes: cc2b14d51053 ("bpf: teach verifier to recognize zero initialized stack&quo
On Tue, Nov 21, 2017 at 2:31 PM, Alexei Starovoitov
wrote:
>
> yeah sorry about this hack. Gianluca reported this issue as well.
> Yonghong fixed it for bpf_probe_read only. We will extend
> the fix to bpf_probe_read_str() and bpf_perf_event_output() asap.
> The above workaround gets too much into
ary since
strncpy_from_unsafe itself immediately returns if the size passed is 0.
Signed-off-by: Gianluca Borello
Acked-by: Alexei Starovoitov
Acked-by: Daniel Borkmann
---
kernel/trace/bpf_trace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/trace/bpf_trace
rf_event_output(ctx, &perf_map, 0, buf, len & 0x7fff);
No changes to the bpf_perf_event_output helper are necessary since it can
handle a case where size is 0, and an empty frame is pushed.
Reported-by: Arnaldo Carvalho de Melo
Signed-off-by: Gianluca Borello
Acked-by: Alexei Starovoitov
bpf_probe_read arg2 type to
ARG_CONST_SIZE_OR_ZERO")
Signed-off-by: Gianluca Borello
Acked-by: Alexei Starovoitov
Acked-by: Daniel Borkmann
Acked-by: Yonghong Song
---
kernel/trace/bpf_trace.c | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/kernel/trace/bpf_tr
battery of tests that explicitly test the
!ARG_PTR_TO_MEM_OR_NULL combination: all the current ones testing the
various variations are focused on bpf_csum_diff, so cover also
other helpers.
Signed-off-by: Gianluca Borello
Acked-by: Alexei Starovoitov
Acked-by: Daniel Borkmann
---
include/linux
for helpers that can receive a
tuple. By doing so, we can fix the semantics of the other helpers
that don't need and can just handle , allowing the code
to get rid of those checks.
Gianluca Borello (4):
bpf: introduce ARG_PTR_TO_MEM_OR_NULL
bpf: remove explicit handling of 0 for arg2 in bpf
ic void (*bpf_tail_call)(void *ctx, void *map, int index);
static int (*bpf_get_stackid)(void *ctx, void *map, int flags);
Fix this by removing the unused declaration of bpf_tail_call and moving
the declaration of bpf_get_stackid in bpf_trace.c, which is the only
place where it's needed.
Sig
de changes simply leverage the already existent
strncpy_from_unsafe() kernel function, which is safe to be called from a
bpf program as it is used in bpf_trace_printk().
Signed-off-by: Gianluca Borello
Acked-by: Alexei Starovoitov
Acked-by: Daniel Borkmann
---
include/uapi/linux/bpf.h | 15 +++
14 matches
Mail list logo
