Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp2088491rwe; Fri, 2 Sep 2022 08:19:06 -0700 (PDT) X-Google-Smtp-Source: AA6agR7PHPHkf6FFFa3QfM6xjSg5SscBAZ3SNRHI1x1aa7kD3mJZ8HkM7VnKn2Pj28o8pQeKXACA X-Received: by 2002:a17:907:a07c:b0:73d:dc49:e8e7 with SMTP id ia28-20020a170907a07c00b0073ddc49e8e7mr26265627ejc.393.1662131946051; Fri, 02 Sep 2022 08:19:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662131946; cv=none; d=google.com; s=arc-20160816; b=uRFToC4+00Vnk5Sm55gTiv0k/xzZNgmk+QyKF+FlslgIChxGgCXmTEwpg6PVwjcCVG 068C2vyslJ8v5jhAac63uBS0EpSinZ6lo2D1+qDkURSuxL3q9GEMW0+wMJrflD5SZ5vH PP/diTa3++9w+Sf7mu1REli0z+bHB5mOLzVJ8m55xSpi1AILvNS3AcMec2gDNzRCqlGe 1ylC1Qon3FPyncGTrtzBRg0IQwzhIuSRpl5WiYY7jxP5/nc7hz3eFu8xEIqTEWikrtrs UWo0fnTMDQ/saSuxQHiPn94uh2mMmGqOn6j5IOHuFmHKmYJFp+LD5NN/4ceBL9BP8cx5 9VMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=m9H4hZLZlPw2twB6mJVHjb9j7Ki7D0BzgAsMvG/DKOg=; b=m5pPbzsuJKjHg0vVLpfv72JYMpeH1xbwGGoNc1S8vLfZu+3J+hJ6tap4oaenCFu1qW uyeSy7IvasMgPX66qWrtu5jLp5dhQxB8x/QXusLkteOy078UfTwothXnyukatnZxegy4 qtVyzdDIvyvR50YKWe3TqSUiTZH0AM+dbez3tuyqOaBj2LFJXbTNMwHEIBAv+ZTuwaxl Vxi3VsgZrhlg4TgfiyAHay2SsdCsgrUDvNOr7E1fXDFzDkFyInaqFUobyAtqeid5yf4U 6wcAHBWL4rYI3UP08i39XgdPMJCThci7F/5OD4VEAKOWqVWchvSJoSl4/V0EExiiF+XO oOFw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j22-20020a1709064b5600b0073317fc9d6fsi1791500ejv.917.2022.09.02.08.18.39; Fri, 02 Sep 2022 08:19:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236941AbiIBOr4 (ORCPT + 99 others); Fri, 2 Sep 2022 10:47:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48184 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236330AbiIBOrd (ORCPT ); Fri, 2 Sep 2022 10:47:33 -0400 Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9199D2B15 for ; Fri, 2 Sep 2022 07:08:02 -0700 (PDT) Received: from sslproxy01.your-server.de ([78.46.139.224]) by www62.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1oU65Y-000C5F-GN; Fri, 02 Sep 2022 14:48:00 +0200 Received: from [85.1.206.226] (helo=linux-4.home) by sslproxy01.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oU65Y-000B5y-7e; Fri, 02 Sep 2022 14:48:00 +0200 Subject: Re: [RFC bpf-next 1/2] bpf: tnums: warn against the usage of tnum_in(tnum_range(), ...) To: Shung-Hsi Yu Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Alexei Starovoitov , John Fastabend References: <20220831031907.16133-1-shung-hsi.yu@suse.com> <20220831031907.16133-2-shung-hsi.yu@suse.com> <0f6d7f97-8cd9-d513-368b-39706dd6b06a@iogearbox.net> From: Daniel Borkmann Message-ID: <615a2102-2244-f0be-6375-16cf795715ef@iogearbox.net> Date: Fri, 2 Sep 2022 14:47:59 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.6/26646/Fri Sep 2 09:55:25 2022) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/2/22 5:52 AM, Shung-Hsi Yu wrote: > On Thu, Sep 01, 2022 at 05:00:58PM +0200, Daniel Borkmann wrote: >> On 8/31/22 5:19 AM, Shung-Hsi Yu wrote: >>> Commit a657182a5c51 ("bpf: Don't use tnum_range on array range checking >>> for poke descriptors") has shown that using tnum_range() as argument to >>> tnum_in() can lead to misleading code that looks like tight bound check >>> when in fact the actual allowed range is much wider. >>> >>> Document such behavior to warn against its usage in general, and suggest >>> some scenario where result can be trusted. >>> >>> Link: https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel@iogearbox.net/ >>> Link: https://www.openwall.com/lists/oss-security/2022/08/26/1 >>> Signed-off-by: Shung-Hsi Yu >> >> Any objections from your side if I merge this? Thanks for adding doc. :) > > There is a small typo I meant to fix with s/including/include below. > > Other than that, none at all, thanks! :) Fixed up and applied to bpf-next, thanks!