bpf, tnums: Warn against the usage of tnum_in(tnum_range(), ...) (dc84dbbc) · Commits · Mirrors / git.yoctoproject.org / linux-yocto

Commit dc84dbbc authored Aug 31, 2022 by

Shung-Hsi Yu Committed by Daniel Borkmann Sep 02, 2022

bpf, tnums: Warn against the usage of tnum_in(tnum_range(), ...)

Commit a657182a

 ("bpf: Don't use tnum_range on array range checking
for poke descriptors") has shown that using tnum_range() as argument to
tnum_in() can lead to misleading code that looks like tight bound check
when in fact the actual allowed range is much wider.

Document such behavior to warn against its usage in general, and suggest
some scenario where result can be trusted.

Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel@iogearbox.net
Link: https://www.openwall.com/lists/oss-security/2022/08/26/1
Link: https://lore.kernel.org/bpf/20220831031907.16133-3-shung-hsi.yu@suse.com
Link: https://lore.kernel.org/bpf/20220831031907.16133-2-shung-hsi.yu@suse.com

parent ef331a8d

Hide whitespace changes

Inline Side-by-side

Please register or to comment