提交 a481649e 编写于 作者: D David S. Miller

Merge branch 'bpf-test-prog-fixes'

I say:

====================
Fix some bpf program testing framework bugs

This series fixes two issue:

1) Accidental user pointer dereference in bpf_test_finish()

2) The packet data given to the test programs is not aligned correctly

The first issue is fixed simply because we have a kernel side copy
of the datastructure in question already.  And the second bug is
a simple matter of applying NET_IP_ALIGN where needed.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
...@@ -49,10 +49,11 @@ static u32 bpf_test_run(struct bpf_prog *prog, void *ctx, u32 repeat, u32 *time) ...@@ -49,10 +49,11 @@ static u32 bpf_test_run(struct bpf_prog *prog, void *ctx, u32 repeat, u32 *time)
return ret; return ret;
} }
static int bpf_test_finish(union bpf_attr __user *uattr, const void *data, static int bpf_test_finish(const union bpf_attr *kattr,
union bpf_attr __user *uattr, const void *data,
u32 size, u32 retval, u32 duration) u32 size, u32 retval, u32 duration)
{ {
void __user *data_out = u64_to_user_ptr(uattr->test.data_out); void __user *data_out = u64_to_user_ptr(kattr->test.data_out);
int err = -EFAULT; int err = -EFAULT;
if (data_out && copy_to_user(data_out, data, size)) if (data_out && copy_to_user(data_out, data, size))
...@@ -99,7 +100,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, ...@@ -99,7 +100,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
void *data; void *data;
int ret; int ret;
data = bpf_test_init(kattr, size, NET_SKB_PAD, data = bpf_test_init(kattr, size, NET_SKB_PAD + NET_IP_ALIGN,
SKB_DATA_ALIGN(sizeof(struct skb_shared_info))); SKB_DATA_ALIGN(sizeof(struct skb_shared_info)));
if (IS_ERR(data)) if (IS_ERR(data))
return PTR_ERR(data); return PTR_ERR(data);
...@@ -124,7 +125,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, ...@@ -124,7 +125,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
return -ENOMEM; return -ENOMEM;
} }
skb_reserve(skb, NET_SKB_PAD); skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN);
__skb_put(skb, size); __skb_put(skb, size);
skb->protocol = eth_type_trans(skb, current->nsproxy->net_ns->loopback_dev); skb->protocol = eth_type_trans(skb, current->nsproxy->net_ns->loopback_dev);
skb_reset_network_header(skb); skb_reset_network_header(skb);
...@@ -140,7 +141,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr, ...@@ -140,7 +141,7 @@ int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
/* bpf program can never convert linear skb to non-linear */ /* bpf program can never convert linear skb to non-linear */
if (WARN_ON_ONCE(skb_is_nonlinear(skb))) if (WARN_ON_ONCE(skb_is_nonlinear(skb)))
size = skb_headlen(skb); size = skb_headlen(skb);
ret = bpf_test_finish(uattr, skb->data, size, retval, duration); ret = bpf_test_finish(kattr, uattr, skb->data, size, retval, duration);
kfree_skb(skb); kfree_skb(skb);
return ret; return ret;
} }
...@@ -155,18 +156,18 @@ int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr, ...@@ -155,18 +156,18 @@ int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr,
void *data; void *data;
int ret; int ret;
data = bpf_test_init(kattr, size, XDP_PACKET_HEADROOM, 0); data = bpf_test_init(kattr, size, XDP_PACKET_HEADROOM + NET_IP_ALIGN, 0);
if (IS_ERR(data)) if (IS_ERR(data))
return PTR_ERR(data); return PTR_ERR(data);
xdp.data_hard_start = data; xdp.data_hard_start = data;
xdp.data = data + XDP_PACKET_HEADROOM; xdp.data = data + XDP_PACKET_HEADROOM + NET_IP_ALIGN;
xdp.data_end = xdp.data + size; xdp.data_end = xdp.data + size;
retval = bpf_test_run(prog, &xdp, repeat, &duration); retval = bpf_test_run(prog, &xdp, repeat, &duration);
if (xdp.data != data + XDP_PACKET_HEADROOM) if (xdp.data != data + XDP_PACKET_HEADROOM + NET_IP_ALIGN)
size = xdp.data_end - xdp.data; size = xdp.data_end - xdp.data;
ret = bpf_test_finish(uattr, xdp.data, size, retval, duration); ret = bpf_test_finish(kattr, uattr, xdp.data, size, retval, duration);
kfree(data); kfree(data);
return ret; return ret;
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册