linux/kernel/bpf
Alexei Starovoitov 82abbf8d2f bpf: do not allow root to mangle valid pointers
Do not allow root to convert valid pointers into unknown scalars.
In particular disallow:
 ptr &= reg
 ptr <<= reg
 ptr += ptr
and explicitly allow:
 ptr -= ptr
since pkt_end - pkt == length

1.
This minimizes amount of address leaks root can do.
In the future may need to further tighten the leaks with kptr_restrict.

2.
If program has such pointer math it's likely a user mistake and
when verifier complains about it right away instead of many instructions
later on invalid memory access it's easier for users to fix their progs.

3.
when register holding a pointer cannot change to scalar it allows JITs to
optimize better. Like 32-bit archs could use single register for pointers
instead of a pair required to hold 64-bit scalars.

4.
reduces architecture dependent behavior. Since code:
r1 = r10;
r1 &= 0xff;
if (r1 ...)
will behave differently arm64 vs x64 and offloaded vs native.

A significant chunk of ptr mangling was allowed by
commit f1174f77b5 ("bpf/verifier: rework value tracking")
yet some of it was allowed even earlier.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2017-12-21 02:26:29 +01:00
..
Makefile bpf: offload: add infrastructure for loading programs for a specific netdev 2017-11-05 22:26:18 +09:00
arraymap.c perf/bpf: Extend the perf_event_read_local() interface, a.k.a. "bpf: perf event change needed for subsequent bpf helpers" 2017-10-27 10:31:56 +02:00
bpf_lru_list.c bpf: lru: Lower the PERCPU_NR_SCANS from 16 to 4 2017-04-17 13:55:52 -04:00
bpf_lru_list.h bpf: Only set node->ref = 1 if it has not been set 2017-09-01 09:57:39 -07:00
cgroup.c bpf, cgroup: implement eBPF-based device controller for cgroup v2 2017-11-05 23:26:51 +09:00
core.c bpf: set maximum number of attached progs to 64 for a single perf tp 2017-12-01 02:56:10 +01:00
cpumap.c bpf: cpumap micro-optimization in cpu_map_enqueue 2017-11-02 16:13:14 +09:00
devmap.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-10-22 13:39:14 +01:00
disasm.c bpf: move instruction printing into a separate file 2017-10-10 12:30:16 -07:00
disasm.h bpf: move instruction printing into a separate file 2017-10-10 12:30:16 -07:00
hashtab.c bpf: add schedule points to map alloc/free 2017-12-12 15:27:22 -08:00
helpers.c bpf: rename ARG_PTR_TO_STACK 2017-01-09 16:56:27 -05:00
inode.c bpf: Add file mode configuration into bpf maps 2017-10-20 13:32:59 +01:00
lpm_trie.c bpf: Add file mode configuration into bpf maps 2017-10-20 13:32:59 +01:00
map_in_map.c bpf: Add syscall lookup support for fd array and htab 2017-06-29 13:13:25 -04:00
map_in_map.h bpf: Add syscall lookup support for fd array and htab 2017-06-29 13:13:25 -04:00
offload.c bpf: offload: add a license header 2017-11-27 22:24:51 +01:00
percpu_freelist.c bpf: fix lockdep splat 2017-11-15 19:46:32 +09:00
percpu_freelist.h bpf: introduce percpu_freelist 2016-03-08 15:28:31 -05:00
sockmap.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-02 15:23:39 +09:00
stackmap.c bpf: Add file mode configuration into bpf maps 2017-10-20 13:32:59 +01:00
syscall.c bpf: revert report offload info to user space 2017-11-21 00:37:35 +01:00
tnum.c bpf/verifier: track signed and unsigned min/max values 2017-08-08 17:51:34 -07:00
verifier.c bpf: do not allow root to mangle valid pointers 2017-12-21 02:26:29 +01:00