Re: [PATCH bpf v5] bpf: verifier: prevent userspace memory access

[Alexei Starovoitov]

On Sun, Mar 24, 2024 at 12:35 PM Puranjay Mohan <puranjay12@xxxxxxxxx> wrote:
>
> Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> writes:
>
> > On Sun, Mar 24, 2024 at 11:54 AM Puranjay Mohan <puranjay12@xxxxxxxxx> wrote:
> >>
> >> +u64 bpf_arch_uaddress_limit(void)
> >> +{
> >> +       return max(TASK_SIZE_MAX + PAGE_SIZE, VSYSCALL_ADDR);
> >
> > This is broken. See my other email.
> > Sadly you didn't test it.
>
> Yes, sorry for this. I was relying on the CI for the test this time as
> thought it would work. I just realised this would reject all addresses!
>
> Given that the current x86-64 JIT just tests for TASK_SIZE_MAX +
> PAGE_SIZE can we go ahead with this and later fix it for VSYSCALL_ADDR
> as it is specific for x86-64?

This patch deletes a bunch of code from arch/x86/net/bpf_jit_comp.c.
If you're proposing to deal with vsyscall check in JIT then
very similar code in the same spot will be re-introduced.
So we should address all issues at once to avoid code churn.

> Also, I will spend some time figuring out the best way to do this, there
> should be some mathematical trick somewhere.

Let's think of it right now.

For the next patch you can reduce the cc list to avoid spamming all
mailing lists.
bpf@vger plus JIT folks for affected arches will be enough.