From: Daniel Borkmann
Date: Thu, 29 Jun 2017 03:04:59 +0200
> Leaking kernel addresses on unpriviledged is generally disallowed,
> for example, verifier rejects the following:
>
> 0: (b7) r0 = 0
> 1: (18) r2 = 0x897e82304400
> 3: (7b) *(u64 *)(r1 +48) = r2
> R2 leaks addr into ctx
>
On 29/06/17 02:04, Daniel Borkmann wrote:
> Leaking kernel addresses on unpriviledged is generally disallowed,
> for example, verifier rejects the following:
>
> 0: (b7) r0 = 0
> 1: (18) r2 = 0x897e82304400
> 3: (7b) *(u64 *)(r1 +48) = r2
> R2 leaks addr into ctx
>
> Doing pointer arith
On Thu, Jun 29, 2017 at 03:04:59AM +0200, Daniel Borkmann wrote:
> Leaking kernel addresses on unpriviledged is generally disallowed,
> for example, verifier rejects the following:
>
> 0: (b7) r0 = 0
> 1: (18) r2 = 0x897e82304400
> 3: (7b) *(u64 *)(r1 +48) = r2
> R2 leaks addr into ctx
On 6/28/17 6:04 PM, Daniel Borkmann wrote:
Prevent this by checking xadd src reg for pointer types. Also
add a couple of test cases related to this.
Fixes: 1be7f75d1668 ("bpf: enable non-root eBPF programs")
Fixes: 17a5267067f3 ("bpf: verifier (add verifier core)")
Signed-off-by: Daniel Borkmann
Leaking kernel addresses on unpriviledged is generally disallowed,
for example, verifier rejects the following:
0: (b7) r0 = 0
1: (18) r2 = 0x897e82304400
3: (7b) *(u64 *)(r1 +48) = r2
R2 leaks addr into ctx
Doing pointer arithmetic on them is also forbidden, so that they
don't turn i
