From patchwork Sat May 18 02:57:37 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 244728 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id B84D62C0095 for ; Sat, 18 May 2013 12:57:43 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758546Ab3ERC5j (ORCPT ); Fri, 17 May 2013 22:57:39 -0400 Received: from mail-da0-f46.google.com ([209.85.210.46]:37702 "EHLO mail-da0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758543Ab3ERC5j (ORCPT ); Fri, 17 May 2013 22:57:39 -0400 Received: by mail-da0-f46.google.com with SMTP id e20so418822dak.19 for ; Fri, 17 May 2013 19:57:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:subject:from:to:cc:date:content-type:x-mailer :content-transfer-encoding:mime-version; bh=WaweMhyVlhQCQ7ra+H/LUMKjeoT2+p9YGeDua1jM+6k=; b=ZfGb+WJPt+Sze317QBZqIw6/VDqKQMHTjcjj3uD0BcNuiVcjg6RYe0uDRrkfZAqTc1 2WaOm3FvI3cz+L2IkQ4NYQqz5qAk8muko6Q1KNdSsz+lAoBAVWhQ3yiTEeSjZJfX13AE 24FYBDej8pMId/le+2yl5ckDJrK94E5VXF/K/bekDLypOtzuhBrqNbB4RVaT1DzV03sH Khik4CobMacKEtq3eRGqjqm8LL3X+O2rYsG5/r3+JPm31osajiproPvoL14sGZ+kE6vC yfWUnppOnaxKWnHaKEIvxDts2/DIFOlJf5FmblNuHtgewjdZODZR57UixXzhykajoLLt u2cQ== X-Received: by 10.68.130.34 with SMTP id ob2mr51846105pbb.134.1368845858508; Fri, 17 May 2013 19:57:38 -0700 (PDT) Received: from [172.26.54.178] ([172.26.54.178]) by mx.google.com with ESMTPSA id wi6sm13596140pbc.22.2013.05.17.19.57.37 for (version=SSLv3 cipher=RC4-SHA bits=128/128); Fri, 17 May 2013 19:57:37 -0700 (PDT) Message-ID: <1368845857.3301.148.camel@edumazet-glaptop> Subject: [PATCH net-next] filter: do not output bpf image address for security reason From: Eric Dumazet To: David Miller Cc: netdev , Ben Hutchings , Daniel Borkmann Date: Fri, 17 May 2013 19:57:37 -0700 X-Mailer: Evolution 3.2.3-0ubuntu6 Mime-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Eric Dumazet Do not leak starting address of BPF JIT code for non root users, as it might help intruders to perform an attack. Signed-off-by: Eric Dumazet Cc: Ben Hutchings Cc: Daniel Borkmann --- v2: use %pK as Ben suggestion include/linux/filter.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/include/linux/filter.h b/include/linux/filter.h index c050dcc..56a6b7f 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -58,10 +58,10 @@ extern void bpf_jit_free(struct sk_filter *fp); static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen, u32 pass, void *image) { - pr_err("flen=%u proglen=%u pass=%u image=%p\n", + pr_err("flen=%u proglen=%u pass=%u image=%pK\n", flen, proglen, pass, image); if (image) - print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_ADDRESS, + print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET, 16, 1, image, proglen, false); } #define SK_RUN_FILTER(FILTER, SKB) (*FILTER->bpf_func)(SKB, FILTER->insns)