From patchwork Fri Nov 16 12:53:26 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lorenz Bauer <lmb@cloudflare.com>
X-Patchwork-Id: 998940
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=pass (p=quarantine dis=none)
	header.from=cloudflare.com
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	secure) header.d=cloudflare.com header.i=@cloudflare.com
	header.b="OSbwcuZS"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 42xJ7x6pyNz9sBn
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 16 Nov 2018 23:53:49 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728044AbeKPXGE (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Fri, 16 Nov 2018 18:06:04 -0500
Received: from mail-wr1-f67.google.com ([209.85.221.67]:35737 "EHLO
	mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1727814AbeKPXGE (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 16 Nov 2018 18:06:04 -0500
Received: by mail-wr1-f67.google.com with SMTP id 96so7901138wrb.2
	for <netdev@vger.kernel.org>; Fri, 16 Nov 2018 04:53:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=cloudflare.com; s=google;
	h=from:to:cc:subject:date:message-id;
	bh=B8RNgUTlwxJDs8X0VmPPTpU/sL4ne7mLeIjjwDT3Ays=;
	b=OSbwcuZS30bBd2sKuvo0r60SlKkTAecIpHFZLy9vQupB6IL5wOkkvk+cnaEYLKWoUP
	Zs9XUxuicm/1Gl4K/ugJMqCZ5IQLS23qFqVd764MyJfBjMb818yAaCt1Od2AQDZ8KcjM
	PjPVTFUg2UJgasIBIsc3E1CEHbRCNJE0Du1Fg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=B8RNgUTlwxJDs8X0VmPPTpU/sL4ne7mLeIjjwDT3Ays=;
	b=FRb5jWFJAc0rStHAOKyItP6/twxkPAmECFYf3ZBQH8IUtjnET8DpBiRqgCO67UcLLn
	x18JTnQF/PH4tCy8HAvUKXq0NS+kO3RjrCbJjUxv0WPSoqFuMjccuLDe5h9H1rhWjM+d
	B0KD6vNwleCHT3shL8uEyoeM+Wp3hznK0S9iM4oaX5QPQuZqklmedGn9haa3KARg17VI
	64hC4INcse/5VvCaY6roguMPN1WS33zpcjlTcbvSp18T7RAVnNMfdu8xg76c6SgeKewT
	CN/4PtfI0552nebLo/ZQeazGgGHxrAcb0nEA/IWd7kuCvHT4dAMos4NnfcNYlri/eZex
	O1iQ==
X-Gm-Message-State: AGRZ1gKip/sQZ5w2xuLCXDwl2ZpXr4eDAoejL6slccSQWnpnTaatq1oU
	fS8y6TQ83ci03SyN9ThAGBEwmA==
X-Google-Smtp-Source: 
 AJdET5eYQJ1bxJzAbJIOAqjjGwIyfFavRcKmlAFqK3btaoWCvGXRWRjuxoVfC9R9jWK2Xhw8quTqCg==
X-Received: by 2002:adf:fac8:: with SMTP id
	a8-v6mr9354114wrs.202.1542372826312;
	Fri, 16 Nov 2018 04:53:46 -0800 (PST)
Received: from antares.cfops.it ([2a06:98c0:1000:8250:8d3f:fae8:3721:524a])
	by smtp.gmail.com with ESMTPSA id
	g16-v6sm26427365wrr.38.2018.11.16.04.53.45
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 16 Nov 2018 04:53:45 -0800 (PST)
From: Lorenz Bauer <lmb@cloudflare.com>
To: ast@kernel.org, daniel@iogearbox.net
Cc: netdev@vger.kernel.org, linux-api@vger.kernel.org,
	Lorenz Bauer <lmb@cloudflare.com>
Subject: [PATCH 0/3] Fix unsafe BPF_PROG_TEST_RUN interface
Date: Fri, 16 Nov 2018 12:53:26 +0000
Message-Id: <20181116125329.3974-1-lmb@cloudflare.com>
X-Mailer: git-send-email 2.17.1
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Right now, there is no safe way to use BPF_PROG_TEST_RUN with data_out.
This is because bpf_test_finish copies the output buffer to user space
without checking its size. This can lead to the kernel overwriting
data in user space after the buffer if xdp_adjust_head and friends are
in play.

Fix this by using bpf_attr.test.data_size_out as a size hint. The old
behaviour is retained if size_hint is zero.

Interestingly, do_test_single() in test_verifier.c already assumes
that this is the intended use of data_size_out, and sets it to the
output buffer size.

Lorenz Bauer (3):
  bpf: respect size hint to BPF_PROG_TEST_RUN if present
  libbpf: require size hint in bpf_prog_test_run
  selftests: add a test for bpf_prog_test_run output size

 net/bpf/test_run.c                       |  9 ++++-
 tools/lib/bpf/bpf.c                      |  4 ++-
 tools/testing/selftests/bpf/test_progs.c | 44 ++++++++++++++++++++++++
 3 files changed, 55 insertions(+), 2 deletions(-)