Inicio Explorar Axuda
Iniciar sesión
GfA
/
linux_kernel
5
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

Merge branch 'bpf-test-prog-fixes'

I say:

====================
Fix some bpf program testing framework bugs

This series fixes two issue:

1) Accidental user pointer dereference in bpf_test_finish()

2) The packet data given to the test programs is not aligned correctly

The first issue is fixed simply because we have a kernel side copy
of the datastructure in question already.  And the second bug is
a simple matter of applying NET_IP_ALIGN where needed.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller %!s(int64=8) %!d(string=hai) anos
pai
4e9c3a6671 586f852597
achega
a481649e1c
Modificáronse 1 ficheiros con 10 adicións e 9 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 10 9
      net/bpf/test_run.c

+ 10 - 9
net/bpf/test_run.c
Ver ficheiro 

@@ -49,10 +49,11 @@ static u32 bpf_test_run(struct bpf_prog *prog, void *ctx, u32 repeat, u32 *time)
 
 	return ret;
 
 }
 
 
-static int bpf_test_finish(union bpf_attr __user *uattr, const void *data,
 
+static int bpf_test_finish(const union bpf_attr *kattr,
 
+			   union bpf_attr __user *uattr, const void *data,
 
 			   u32 size, u32 retval, u32 duration)
 
 {
 
-	void __user *data_out = u64_to_user_ptr(uattr->test.data_out);
 
+	void __user *data_out = u64_to_user_ptr(kattr->test.data_out);
 
 	int err = -EFAULT;
 
 
 	if (data_out && copy_to_user(data_out, data, size))
 
@@ -99,7 +100,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
 
 	void *data;
 
 	int ret;
 
 
-	data = bpf_test_init(kattr, size, NET_SKB_PAD,
 
+	data = bpf_test_init(kattr, size, NET_SKB_PAD + NET_IP_ALIGN,
 
 			     SKB_DATA_ALIGN(sizeof(struct skb_shared_info)));
 
 	if (IS_ERR(data))
 
 		return PTR_ERR(data);
 
@@ -124,7 +125,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
 
 		return -ENOMEM;
 
 	}
 
 
-	skb_reserve(skb, NET_SKB_PAD);
 
+	skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN);
 
 	__skb_put(skb, size);
 
 	skb->protocol = eth_type_trans(skb, current->nsproxy->net_ns->loopback_dev);
 
 	skb_reset_network_header(skb);
 
@@ -140,7 +141,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
 
 	/* bpf program can never convert linear skb to non-linear */
 
 	if (WARN_ON_ONCE(skb_is_nonlinear(skb)))
 
 		size = skb_headlen(skb);
 
-	ret = bpf_test_finish(uattr, skb->data, size, retval, duration);
 
+	ret = bpf_test_finish(kattr, uattr, skb->data, size, retval, duration);
 
 	kfree_skb(skb);
 
 	return ret;
 
 }
 
@@ -155,18 +156,18 @@ int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr,
 
 	void *data;
 
 	int ret;
 
 
-	data = bpf_test_init(kattr, size, XDP_PACKET_HEADROOM, 0);
 
+	data = bpf_test_init(kattr, size, XDP_PACKET_HEADROOM + NET_IP_ALIGN, 0);
 
 	if (IS_ERR(data))
 
 		return PTR_ERR(data);
 
 
 	xdp.data_hard_start = data;
 
-	xdp.data = data + XDP_PACKET_HEADROOM;
 
+	xdp.data = data + XDP_PACKET_HEADROOM + NET_IP_ALIGN;
 
 	xdp.data_end = xdp.data + size;
 
 
 	retval = bpf_test_run(prog, &xdp, repeat, &duration);
 
-	if (xdp.data != data + XDP_PACKET_HEADROOM)
 
+	if (xdp.data != data + XDP_PACKET_HEADROOM + NET_IP_ALIGN)
 
 		size = xdp.data_end - xdp.data;
 
-	ret = bpf_test_finish(uattr, xdp.data, size, retval, duration);
 
+	ret = bpf_test_finish(kattr, uattr, xdp.data, size, retval, duration);
 
 	kfree(data);
 
 	return ret;
 
 }