* [dpdk-dev] [Bug 298] BPF: eval_call() is messing bounds of return types different of RTE_BPF_ARG_RAW
@ 2019-06-27 14:58 bugzilla
2019-07-05 19:16 ` bugzilla
0 siblings, 1 reply; 2+ messages in thread
From: bugzilla @ 2019-06-27 14:58 UTC (permalink / raw)
To: dev
https://bugs.dpdk.org/show_bug.cgi?id=298
Bug ID: 298
Summary: BPF: eval_call() is messing bounds of return types
different of RTE_BPF_ARG_RAW
Product: DPDK
Version: 19.08
Hardware: All
OS: All
Status: CONFIRMED
Severity: normal
Priority: Normal
Component: other
Assignee: dev@dpdk.org
Reporter: michel@digirati.com.br
Target Milestone: ---
Created attachment 42
--> https://bugs.dpdk.org/attachment.cgi?id=42&action=edit
Patch eval_call() in lib/librte_bpf/bpf_validate.c
eval_call() in lib/librte_bpf/bpf_validate.c calls eval_max_bound() on the BPF
return value for all types. This makes the verifier fails when a BPF helper
function returns a pointer that is later dereferenced. The error message when
this happens should be similar to this one: evaluate: memory boundary violation
at pc: 7.
evaluate() in the same file only calls eval_max_bound() on the parameter of the
BPF program when its type is RTE_BPF_ARG_RAW. Based on this knowledge, I tested
the attached patch and it works. But I'm not knowledgable enough on librte_bpf
to know if this is the correct way to solve this problem.
--
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-07-05 19:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-27 14:58 [dpdk-dev] [Bug 298] BPF: eval_call() is messing bounds of return types different of RTE_BPF_ARG_RAW bugzilla
2019-07-05 19:16 ` bugzilla
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).