Received: by 2002:a4a:311b:0:0:0:0:0 with SMTP id k27-v6csp4285305ooa; Tue, 14 Aug 2018 04:01:52 -0700 (PDT) X-Google-Smtp-Source: AA+uWPzR5dROwYfRiV3JtsuaaznIEQndsYSRrMFkqYQq2EA7n6cLm+NJkk5l0kPENmti59VqY69w X-Received: by 2002:a63:8b44:: with SMTP id j65-v6mr20744209pge.248.1534244512240; Tue, 14 Aug 2018 04:01:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534244512; cv=none; d=google.com; s=arc-20160816; b=zvRtPuTPavJUdjYlfRgqqWeP2mpCYCQU+jjb57n4359m44PnpahVgHHnEM8k+XRBsr Nl3nwO5p8jQiAHVbeSxRfJ5H+pRRZFga8aGpsWM72aUWCp8UTfMGgxflnSUpnpQye55z S5nHmd17Cwr43XSpHDJFDyLTosW0/cDBfnhemhz2OUr0tdS2mc7JjJFETVqMOn8tDP87 djZnRalXrR28Wah795kardn1c2hQleRP61SE0V54jwm4Scx2k1J5c1ETxoBfduAGeJNL tJA53cIB7BatcXbjPkEiEzc8R5bgG/ZlgtDPjQ5H0RmCYUpXD53BbdPKC6Ppy45ApPa8 EXPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=S1/MEc2EWEtzyF5jb4PohyzRqaV0OpMdAfnac0ugAQE=; b=tqq7sXleqwrWdfwh7/qdg/Evy3BslS1kOjxo+rGZuyFVa9/ygnlz9tuCvvI122B0sh Z//g7hZe3IwrGOwF3wUQE8QRYIxScueWyUSYVBLLrEnbxZ+rzFei9zl1oBbrcLYyZkzk rPgn6KL5s4utTaTH9L2/Ac5cXij6rIAIUagHLRtnu+Ua56kUXT/vLLocVp/v69CouqDt 3rnCnQ8io4Q7S6BXpZ999eRqyUf5q302bmr4MI+wSMX9XSQlIIUAAwo45xSQJMN0rwE0 UvFDqK5nkp75P7fNC6GllbRY3qviZVxMQuKWUNVkPespffApTJX3uHNHbgpKUuP0b/Zm Vg+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=sXz+0ItS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=cloudflare.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a4-v6si11834331pff.1.2018.08.14.04.01.36; Tue, 14 Aug 2018 04:01:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=sXz+0ItS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731360AbeHNNqH (ORCPT + 99 others); Tue, 14 Aug 2018 09:46:07 -0400 Received: from mail-oi0-f68.google.com ([209.85.218.68]:32897 "EHLO mail-oi0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728314AbeHNNqH (ORCPT ); Tue, 14 Aug 2018 09:46:07 -0400 Received: by mail-oi0-f68.google.com with SMTP id 8-v6so32833615oip.0 for ; Tue, 14 Aug 2018 03:59:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=S1/MEc2EWEtzyF5jb4PohyzRqaV0OpMdAfnac0ugAQE=; b=sXz+0ItSxAeJJEykDdUUPml0pt59+xP8cw2yblfyjrA/UHVPL9ePDDHdglfNd9la93 TLfwEdN4+KngydLWC27OuewQmFL94dzCJGKJK5o0po6KexRiqz2Upnmo3jH1sIaYexGi b5ppcr8QC1V+8wCmoOfrBTUGIqcaGy8zxfa8U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=S1/MEc2EWEtzyF5jb4PohyzRqaV0OpMdAfnac0ugAQE=; b=Ov9ORalrhBfxHxbeYoDzbIFK13w/AXS3ociDK21fmRVTqCg5+MpWlsH03PIdcPfacH Q14trGYJUUikdVnnRR43Qmv3K+gqSqFBf7u1kbYkG7sd+MtH4Ap44TPcLFACnlGLmLyk ICn/FuqvT0lUPmxFQM2LbSx8Fi6YBOaEk/oCoYB6SeRCLjLrjG7c/of5uXBorI/u0g+v /CCRp3DHAFh/47aWXXe3NYUsy/NRxXSQHOjkgMUDwGA4Q+qSZBT+c8irIR9ggFW9ZjHU SEsOnSXjFHAc2k5K2BuQOyUpqrastfAvK3xqBAXtdU0Rerhn694pKHzt+gR2d2QAwcdb RzYQ== X-Gm-Message-State: AOUpUlEUkBPl2+cfgLt1wyIvtQRJhfHWoLxsjHCJzumPfB2sTRcBSj69 gqPNYj+UbrYpCqYNIqJrAhZILLAqkICf0SAItx02cg== X-Received: by 2002:aca:e6d4:: with SMTP id d203-v6mr20714269oih.311.1534244367657; Tue, 14 Aug 2018 03:59:27 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:16b8:0:0:0:0:0 with HTTP; Tue, 14 Aug 2018 03:59:27 -0700 (PDT) In-Reply-To: References: From: Lorenz Bauer Date: Tue, 14 Aug 2018 11:59:27 +0100 Message-ID: Subject: Re: PROBLEM: Using BPF_PROG_TEST_RUN with data_out != NULL is unsafe To: Daniel Borkmann Cc: ast@kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sorry for the late reply. On 4 April 2018 at 11:01, Daniel Borkmann wrote: > In case you point data_in and data_out to the same address, then the total buffer size therefore has to be > attr.test.data_size_in + 256 in order to not overrun anything while not being > aware of the BPF test program. The XDP_PACKET_HEADROOM is exposed to user space > in linux/bpf.h. Would it be possible to extend the API of BPF_PROG_TEST_RUN to allow user space to specify the length of the output buffer? The kernel could then either clamp output, or return an error. The current API seems fundamentally hard to use, and unsafe. It leads to kludges like [1] in a library I'm maintaining. 1: https://github.com/newtools/ebpf/blob/f4398602ca2a37b99a1f29df9a7e8adcc57be680/prog.go#L200-L204 -- Lorenz Bauer | Systems Engineer 25 Lavington St., London SE1 0NZ www.cloudflare.com