Re: [PATCH 03/26] bpfilter: reject kernel addresses

From: 'Christoph Hellwig'
Date: Thu Jul 23 2020 - 10:45:05 EST

Next message: Frederic Weisbecker: "Re: [PATCH] timers: Recalculate next timer interrupt only when necessary"
Previous message: David Laight: "RE: [PATCH 03/26] bpfilter: reject kernel addresses"
In reply to: David Laight: "RE: [PATCH 03/26] bpfilter: reject kernel addresses"
Next in thread: David Laight: "RE: [PATCH 03/26] bpfilter: reject kernel addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jul 23, 2020 at 02:42:11PM +0000, David Laight wrote:
> From: Christoph Hellwig
> > Sent: 23 July 2020 07:09
> >
> > The bpfilter user mode helper processes the optval address using
> > process_vm_readv. Don't send it kernel addresses fed under
> > set_fs(KERNEL_DS) as that won't work.
>
> What sort of operations is the bpf filter doing on the sockopt buffers?
>
> Any attempts to reject some requests can be thwarted by a second
> application thread modifying the buffer after the bpf filter has
> checked that it allowed.
>
> You can't do security by reading a user buffer twice.

I'm not saying that I approve of the design, but the current bpfilter
design uses process_vm_readv to access the buffer, which obviously does
not work with kernel buffers.

Next message: Frederic Weisbecker: "Re: [PATCH] timers: Recalculate next timer interrupt only when necessary"
Previous message: David Laight: "RE: [PATCH 03/26] bpfilter: reject kernel addresses"
In reply to: David Laight: "RE: [PATCH 03/26] bpfilter: reject kernel addresses"
Next in thread: David Laight: "RE: [PATCH 03/26] bpfilter: reject kernel addresses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]