OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net
History
Eric Dumazet 2d5311e4e8 filter: add a security check at install time 
We added some security checks in commit 57fe93b374
(filter: make sure filters dont read uninitialized memory) to close a
potential leak of kernel information to user.

This added a potential extra cost at run time, while we can perform a
check of the filter itself, to make sure a malicious user doesnt try to
abuse us.

This patch adds a check_loads() function, whole unique purpose is to
make this check, allocating a temporary array of mask. We scan the
filter and propagate a bitmask information, telling us if a load M(K) is
allowed because a previous store M(K) is guaranteed. (So that
sk_run_filter() can possibly not read unitialized memory)

Note: this can uncover application bug, denying a filter attach,
previously allowed.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Changli Gao <xiaosuo@gmail.com>
Acked-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2010-12-06 12:59:09 -08:00
..
9p net/9p: Return error on read with NULL buffer 2010-10-28 09:08:49 -05:00
802 net/802: add __rcu annotations 2010-10-25 13:09:44 -07:00
8021q 8021q: vlan device is lockless do not transfer real_num_{tx|rx}_queues 2010-11-28 10:47:19 -08:00
appletalk
atm net: use the macros defined for the members of flowi 2010-11-17 12:27:45 -08:00
ax25 net: ax25: fix information leak to userland 2010-11-10 10:14:33 -08:00
bluetooth Net: bluetooth: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:08 -08:00
bridge net: use the macros defined for the members of flowi 2010-11-17 12:27:45 -08:00
caif Net: caif: Makefile: Remove deprecated items 2010-11-22 08:16:09 -08:00
can Net: can: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:09 -08:00
ceph Net: ceph: Makefile: remove deprecated kbuild goal definitions 2010-11-22 08:16:10 -08:00
core filter: add a security check at install time 2010-12-06 12:59:09 -08:00
dcb
dccp dccp ccid-2: whitespace fix-up 2010-11-18 09:37:07 -08:00
decnet net: use the macros defined for the members of flowi 2010-11-17 12:27:45 -08:00
dns_resolver Net: dns_resolver: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:10 -08:00
dsa
econet Net: econet: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:11 -08:00
ethernet
ieee802154
ipv4 net: arp: use assignment 2010-12-06 12:59:09 -08:00
ipv6 ipv6: use ND_REACHABLE_TIME and ND_RETRANS_TIMER instead of magic number 2010-12-02 13:27:32 -08:00
ipx BKL: introduce CONFIG_BKL. 2010-10-21 15:44:13 +02:00
irda Net: irda: irnet: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:13 -08:00
iucv [S390] cleanup lowcore access from external interrupts 2010-10-25 16:10:19 +02:00
key
l2tp net: use the macros defined for the members of flowi 2010-11-17 12:27:45 -08:00
lapb Net: lapb: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:14 -08:00
llc
mac80211 mac80211: implement packet loss notification 2010-11-24 16:19:36 -05:00
netfilter Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-11-19 13:13:47 -08:00
netlabel
netlink netlink: fix netlink_change_ngroups() 2010-10-24 16:25:39 -07:00
netrom
packet af_packet: remove pgv.flags 2010-12-06 12:59:07 -08:00
phonet Net: phonet: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:14 -08:00
rds Net: rds: Makefile: Remove deprecated items 2010-11-22 08:16:15 -08:00
rfkill rfkill: remove dead code 2010-11-15 13:24:06 -05:00
rose Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-27 01:03:03 -07:00
rxrpc Net: rxrpc: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:15 -08:00
sched net sched: use xps information for qdisc NUMA affinity 2010-12-01 12:47:42 -08:00
sctp net: avoid limits overflow 2010-11-10 12:12:00 -08:00
sunrpc Net: sunrpc: auth_gss: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:16 -08:00
tipc tipc: Delete tipc_ownidentity() 2010-12-02 13:34:06 -08:00
unix af_unix: optimize unix_dgram_poll() 2010-11-08 13:50:09 -08:00
wanrouter Net: wanrouter: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:16 -08:00
wimax
wireless cfg80211: allow using CQM event to notify packet loss 2010-11-24 16:19:36 -05:00
x25 X25 remove bkl in call user data length ioctl 2010-11-28 11:12:22 -08:00
xfrm xfrm: make xfrm_bundle_ok local 2010-10-21 03:09:46 -07:00
Kconfig xps: Add CONFIG_XPS 2010-11-28 18:24:14 -08:00
Makefile ceph: factor out libceph from Ceph file system 2010-10-20 15:37:28 -07:00
TUNABLE
compat.c net: Limit socket I/O iovec total length to INT_MAX. 2010-10-28 11:47:52 -07:00
nonet.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
socket.c net: net_families __rcu annotations 2010-11-12 13:27:25 -08:00
sysctl_net.c