Message ID | 1368833499.3301.126.camel@edumazet-glaptop |
---|---|
State | Changes Requested, archived |
Delegated to: | David Miller |
Headers | show |
On Fri, 2013-05-17 at 16:31 -0700, Eric Dumazet wrote: > Do not leak starting address of BPF JIT code, as it might help > intruders to perform an attack. [] > diff --git a/include/linux/filter.h b/include/linux/filter.h [] > @@ -58,10 +58,11 @@ extern void bpf_jit_free(struct sk_filter *fp); > static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen, > u32 pass, void *image) > { > - pr_err("flen=%u proglen=%u pass=%u image=%p\n", > - flen, proglen, pass, image); > + /* Do not output address (image) for security reason */ > + pr_err("flen=%u proglen=%u pass=%u image=10\n", > + flen, proglen, pass); [] Are stable equivalents for versions before commit 79617801ea0 necessary? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 2013-05-17 at 16:42 -0700, Joe Perches wrote: > Are stable equivalents for versions before commit 79617801ea0 > necessary? > I do not think so. In order to get these messages printed, the admin had to specifically do echo 2 >/proc/sys/net/core/bpf_jit_enable And quite frankly I doubt anybody would need to do such thing, but netdev guys writing/patching BPF JIT And even with these messages printed, you need some bug in the kernel allowing an exploit. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 2013-05-17 at 16:31 -0700, Eric Dumazet wrote: > From: Eric Dumazet <edumazet@google.com> > > Do not leak starting address of BPF JIT code, as it might help > intruders to perform an attack. > > Signed-off-by: Eric Dumazet <edumazet@google.com> > Cc: Daniel Borkmann <dborkman@redhat.com> > --- > include/linux/filter.h | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/include/linux/filter.h b/include/linux/filter.h > index c050dcc..08cda1c 100644 > --- a/include/linux/filter.h > +++ b/include/linux/filter.h > @@ -58,10 +58,11 @@ extern void bpf_jit_free(struct sk_filter *fp); > static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen, > u32 pass, void *image) > { > - pr_err("flen=%u proglen=%u pass=%u image=%p\n", > - flen, proglen, pass, image); > + /* Do not output address (image) for security reason */ > + pr_err("flen=%u proglen=%u pass=%u image=10\n", Not "%pK"? Ben. > + flen, proglen, pass); > if (image) > - print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_ADDRESS, > + print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET, > 16, 1, image, proglen, false); > } > #define SK_RUN_FILTER(FILTER, SKB) (*FILTER->bpf_func)(SKB, FILTER->insns)
From: Ben Hutchings <bhutchings@solarflare.com> Date: Sat, 18 May 2013 02:11:18 +0100 > On Fri, 2013-05-17 at 16:31 -0700, Eric Dumazet wrote: >> @@ -58,10 +58,11 @@ extern void bpf_jit_free(struct sk_filter *fp); >> static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen, >> u32 pass, void *image) >> { >> - pr_err("flen=%u proglen=%u pass=%u image=%p\n", >> - flen, proglen, pass, image); >> + /* Do not output address (image) for security reason */ >> + pr_err("flen=%u proglen=%u pass=%u image=10\n", > > Not "%pK"? Yes, that's the acceptable way to deal with this issue. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Sat, 2013-05-18 at 02:11 +0100, Ben Hutchings wrote: > Not "%pK"? > Yes, thanks for the suggestion. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/linux/filter.h b/include/linux/filter.h index c050dcc..08cda1c 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -58,10 +58,11 @@ extern void bpf_jit_free(struct sk_filter *fp); static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen, u32 pass, void *image) { - pr_err("flen=%u proglen=%u pass=%u image=%p\n", - flen, proglen, pass, image); + /* Do not output address (image) for security reason */ + pr_err("flen=%u proglen=%u pass=%u image=10\n", + flen, proglen, pass); if (image) - print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_ADDRESS, + print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET, 16, 1, image, proglen, false); } #define SK_RUN_FILTER(FILTER, SKB) (*FILTER->bpf_func)(SKB, FILTER->insns)