bpf: fix pointer offsets in context for 32 bit

Currently, pointer offsets in three BPF context structures are broken in two scenarios: i) 32 bit compiled applications running on 64 bit kernels, and ii) LLVM compiled BPF programs running on 32 bit kernels. The latter is due to BPF target machine being strictly 64 bit. So in each of the cases the offsets will mismatch in verifier when checking / rewriting context access. Fix this by providing a helper macro __bpf_md_ptr() that will enforce padding up to 64 bit and proper alignment, and for context access a macro bpf_ctx_range_ptr() which will cover full 64 bit member range on 32 bit archs. For flow_keys, we additionally need to force the size check to sizeof(__u64) as with other pointer types. Fixes: d58e468b1112 ("flow_dissector: implements flow dissector BPF hook") Fixes: 4f738adba30a ("bpf: create tcp_bpf_ulp allowing BPF to monitor socket TX/RX data") Fixes: 2dbb9b9e6df6 ("bpf: Introduce BPF_PROG_TYPE_SK_REUSEPORT") Reported-by: David S. Miller <davem@davemloft.net> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: David S. Miller <davem@davemloft.net> Tested-by: David S. Miller <davem@davemloft.net> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Daniel Borkmann <daniel@iogearbox.net> 2018-11-30 19:18:53 -0500
committer: Alexei Starovoitov <ast@kernel.org> 2018-11-30 20:04:35 -0500
commit: b7df9ada9a7700dbcca1ba53d217c01e3d48179c (patch)
tree: ae0094e40a2e96aa1769113c1cbc6ba1c693fc04 /net
parent: c01ac66b38660f2b507ccd0b75d28e3002d56fbb (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/net/core/filter.c b/net/core/filter.c
index 9a1327eb25fa..6ee605da990f 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5435,8 +5435,8 @@ static bool bpf_skb_is_valid_access(int off, int size, enum bpf_access_type type
                if (size != size_default)
                        return false;
                break;
-        case bpf_ctx_range(struct __sk_buff, flow_keys):
+        case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
-                if (size != sizeof(struct bpf_flow_keys *))
+                if (size != sizeof(__u64))
                        return false;
                break;
        default:
@@ -5464,7 +5464,7 @@ static bool sk_filter_is_valid_access(int off, int size,
        case bpf_ctx_range(struct __sk_buff, data):
        case bpf_ctx_range(struct __sk_buff, data_meta):
        case bpf_ctx_range(struct __sk_buff, data_end):
-        case bpf_ctx_range(struct __sk_buff, flow_keys):
+        case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
        case bpf_ctx_range_till(struct __sk_buff, family, local_port):
                return false;
        }
@@ -5489,7 +5489,7 @@ static bool cg_skb_is_valid_access(int off, int size,
        switch (off) {
        case bpf_ctx_range(struct __sk_buff, tc_classid):
        case bpf_ctx_range(struct __sk_buff, data_meta):
-        case bpf_ctx_range(struct __sk_buff, flow_keys):
+        case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
                return false;
        case bpf_ctx_range(struct __sk_buff, data):
        case bpf_ctx_range(struct __sk_buff, data_end):
@@ -5530,7 +5530,7 @@ static bool lwt_is_valid_access(int off, int size,
        case bpf_ctx_range(struct __sk_buff, tc_classid):
        case bpf_ctx_range_till(struct __sk_buff, family, local_port):
        case bpf_ctx_range(struct __sk_buff, data_meta):
-        case bpf_ctx_range(struct __sk_buff, flow_keys):
+        case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
                return false;
        }
@@ -5756,7 +5756,7 @@ static bool tc_cls_act_is_valid_access(int off, int size,
        case bpf_ctx_range(struct __sk_buff, data_end):
                info->reg_type = PTR_TO_PACKET_END;
                break;
-        case bpf_ctx_range(struct __sk_buff, flow_keys):
+        case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
        case bpf_ctx_range_till(struct __sk_buff, family, local_port):
                return false;
        }
@@ -5958,7 +5958,7 @@ static bool sk_skb_is_valid_access(int off, int size,
        switch (off) {
        case bpf_ctx_range(struct __sk_buff, tc_classid):
        case bpf_ctx_range(struct __sk_buff, data_meta):
-        case bpf_ctx_range(struct __sk_buff, flow_keys):
+        case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
                return false;
        }
@@ -6039,7 +6039,7 @@ static bool flow_dissector_is_valid_access(int off, int size,
        case bpf_ctx_range(struct __sk_buff, data_end):
                info->reg_type = PTR_TO_PACKET_END;
                break;
-        case bpf_ctx_range(struct __sk_buff, flow_keys):
+        case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
                info->reg_type = PTR_TO_FLOW_KEYS;
                break;
        case bpf_ctx_range(struct __sk_buff, tc_classid):
author	Daniel Borkmann <daniel@iogearbox.net>	2018-11-30 19:18:53 -0500
committer	Alexei Starovoitov <ast@kernel.org>	2018-11-30 20:04:35 -0500
commit	b7df9ada9a7700dbcca1ba53d217c01e3d48179c (patch)
tree	ae0094e40a2e96aa1769113c1cbc6ba1c693fc04 /net
parent	c01ac66b38660f2b507ccd0b75d28e3002d56fbb (diff)

diff --git a/net/core/filter.c b/net/core/filter.c index 9a1327eb25fa..6ee605da990f 100644 --- a/net/core/filter.c +++ b/net/core/filter.c
@@ -5435,8 +5435,8 @@ static bool bpf_skb_is_valid_access(int off, int size, enum bpf_access_type type
5435	if (size != size_default)	5435	if (size != size_default)
5436	return false;	5436	return false;
5437	break;	5437	break;
5438	case bpf_ctx_range(struct __sk_buff, flow_keys):	5438	case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
5439	if (size != sizeof(struct bpf_flow_keys *))	5439	if (size != sizeof(__u64))
5440	return false;	5440	return false;
5441	break;	5441	break;
5442	default:	5442	default:
@@ -5464,7 +5464,7 @@ static bool sk_filter_is_valid_access(int off, int size,
5464	case bpf_ctx_range(struct __sk_buff, data):	5464	case bpf_ctx_range(struct __sk_buff, data):
5465	case bpf_ctx_range(struct __sk_buff, data_meta):	5465	case bpf_ctx_range(struct __sk_buff, data_meta):
5466	case bpf_ctx_range(struct __sk_buff, data_end):	5466	case bpf_ctx_range(struct __sk_buff, data_end):
5467	case bpf_ctx_range(struct __sk_buff, flow_keys):	5467	case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
5468	case bpf_ctx_range_till(struct __sk_buff, family, local_port):	5468	case bpf_ctx_range_till(struct __sk_buff, family, local_port):
5469	return false;	5469	return false;
5470	}	5470	}
@@ -5489,7 +5489,7 @@ static bool cg_skb_is_valid_access(int off, int size,
5489	switch (off) {	5489	switch (off) {
5490	case bpf_ctx_range(struct __sk_buff, tc_classid):	5490	case bpf_ctx_range(struct __sk_buff, tc_classid):
5491	case bpf_ctx_range(struct __sk_buff, data_meta):	5491	case bpf_ctx_range(struct __sk_buff, data_meta):
5492	case bpf_ctx_range(struct __sk_buff, flow_keys):	5492	case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
5493	return false;	5493	return false;
5494	case bpf_ctx_range(struct __sk_buff, data):	5494	case bpf_ctx_range(struct __sk_buff, data):
5495	case bpf_ctx_range(struct __sk_buff, data_end):	5495	case bpf_ctx_range(struct __sk_buff, data_end):
@@ -5530,7 +5530,7 @@ static bool lwt_is_valid_access(int off, int size,
5530	case bpf_ctx_range(struct __sk_buff, tc_classid):	5530	case bpf_ctx_range(struct __sk_buff, tc_classid):
5531	case bpf_ctx_range_till(struct __sk_buff, family, local_port):	5531	case bpf_ctx_range_till(struct __sk_buff, family, local_port):
5532	case bpf_ctx_range(struct __sk_buff, data_meta):	5532	case bpf_ctx_range(struct __sk_buff, data_meta):
5533	case bpf_ctx_range(struct __sk_buff, flow_keys):	5533	case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
5534	return false;	5534	return false;
5535	}	5535	}
5536		5536
@@ -5756,7 +5756,7 @@ static bool tc_cls_act_is_valid_access(int off, int size,
5756	case bpf_ctx_range(struct __sk_buff, data_end):	5756	case bpf_ctx_range(struct __sk_buff, data_end):
5757	info->reg_type = PTR_TO_PACKET_END;	5757	info->reg_type = PTR_TO_PACKET_END;
5758	break;	5758	break;
5759	case bpf_ctx_range(struct __sk_buff, flow_keys):	5759	case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
5760	case bpf_ctx_range_till(struct __sk_buff, family, local_port):	5760	case bpf_ctx_range_till(struct __sk_buff, family, local_port):
5761	return false;	5761	return false;
5762	}	5762	}
@@ -5958,7 +5958,7 @@ static bool sk_skb_is_valid_access(int off, int size,
5958	switch (off) {	5958	switch (off) {
5959	case bpf_ctx_range(struct __sk_buff, tc_classid):	5959	case bpf_ctx_range(struct __sk_buff, tc_classid):
5960	case bpf_ctx_range(struct __sk_buff, data_meta):	5960	case bpf_ctx_range(struct __sk_buff, data_meta):
5961	case bpf_ctx_range(struct __sk_buff, flow_keys):	5961	case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
5962	return false;	5962	return false;
5963	}	5963	}
5964		5964
@@ -6039,7 +6039,7 @@ static bool flow_dissector_is_valid_access(int off, int size,
6039	case bpf_ctx_range(struct __sk_buff, data_end):	6039	case bpf_ctx_range(struct __sk_buff, data_end):
6040	info->reg_type = PTR_TO_PACKET_END;	6040	info->reg_type = PTR_TO_PACKET_END;
6041	break;	6041	break;
6042	case bpf_ctx_range(struct __sk_buff, flow_keys):	6042	case bpf_ctx_range_ptr(struct __sk_buff, flow_keys):
6043	info->reg_type = PTR_TO_FLOW_KEYS;	6043	info->reg_type = PTR_TO_FLOW_KEYS;
6044	break;	6044	break;
6045	case bpf_ctx_range(struct __sk_buff, tc_classid):	6045	case bpf_ctx_range(struct __sk_buff, tc_classid):