OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/core
History
Eric Dumazet 2d5311e4e8 filter: add a security check at install time 
We added some security checks in commit 57fe93b374
(filter: make sure filters dont read uninitialized memory) to close a
potential leak of kernel information to user.

This added a potential extra cost at run time, while we can perform a
check of the filter itself, to make sure a malicious user doesnt try to
abuse us.

This patch adds a check_loads() function, whole unique purpose is to
make this check, allocating a temporary array of mask. We scan the
filter and propagate a bitmask information, telling us if a load M(K) is
allowed because a previous store M(K) is guaranteed. (So that
sk_run_filter() can possibly not read unitialized memory)

Note: this can uncover application bug, denying a filter attach,
previously allowed.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Changli Gao <xiaosuo@gmail.com>
Acked-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2010-12-06 12:59:09 -08:00
..
Makefile net: support time stamping in phy devices. 2010-07-18 19:15:26 -07:00
datagram.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
dev.c net: Fix too optimistic NETIF_F_HW_CSUM features 2010-12-06 12:59:04 -08:00
dev_addr_lists.c net: include linux/proc_fs.h in dev_addr_lists.c 2010-04-07 16:46:36 -07:00
drop_monitor.c drop_monitor: use genl_register_family_with_ops() 2010-07-26 20:59:42 -07:00
dst.c net/dst: dst_dev_event() called after other notifiers 2010-11-09 12:17:16 -08:00
ethtool.c net: Fix too optimistic NETIF_F_HW_CSUM features 2010-12-06 12:59:04 -08:00
fib_rules.c fib_rules: __rcu annotates ctarget 2010-10-27 11:37:32 -07:00
filter.c filter: add a security check at install time 2010-12-06 12:59:09 -08:00
flow.c net: return operator cleanup 2010-09-23 14:33:39 -07:00
gen_estimator.c pkt_sched: remov unnecessary bh_disable 2010-09-10 12:47:59 -07:00
gen_stats.c net/core: EXPORT_SYMBOL cleanups 2010-07-12 12:57:55 -07:00
iovec.c net: Limit socket I/O iovec total length to INT_MAX. 2010-10-28 11:47:52 -07:00
kmap_skb.h [PATCH] severing skbuff.h -> highmem.h 2006-12-04 02:00:29 -05:00
link_watch.c net/core: EXPORT_SYMBOL cleanups 2010-07-12 12:57:55 -07:00
neighbour.c net/neighbour: cancel_delayed_work() + flush_scheduled_work() -> cancel_delayed_work_sync() 2010-10-21 04:25:48 -07:00
net-sysfs.c net sched: use xps information for qdisc NUMA affinity 2010-12-01 12:47:42 -08:00
net-sysfs.h xps: Add CONFIG_XPS 2010-11-28 18:24:14 -08:00
net-traces.c netdev: Add tracepoints to netdev layer 2010-09-07 17:51:33 +02:00
net_namespace.c net_ns: add __rcu annotations 2010-10-25 14:18:27 -07:00
netevent.c net/core: EXPORT_SYMBOL cleanups 2010-07-12 12:57:55 -07:00
netpoll.c net: add netif_tx_queue_frozen_or_stopped 2010-11-28 10:47:18 -08:00
pktgen.c net: add netif_tx_queue_frozen_or_stopped 2010-11-28 10:47:18 -08:00
request_sock.c tcp: Add timewait recycling bits to ipv6 connect code. 2010-12-02 12:14:29 -08:00
rtnetlink.c rtnl: make link af-specific updates atomic 2010-11-27 22:56:08 -08:00
scm.c scm: lower SCM_MAX_FD 2010-11-24 11:16:43 -08:00
skbuff.c net: don't reallocate skb->head unless the current one hasn't the needed extra size or is shared 2010-12-03 10:59:47 -08:00
sock.c net: avoid limits overflow 2010-11-10 12:12:00 -08:00
stream.c net: Fix the condition passed to sk_wait_event() 2010-10-03 20:41:32 -07:00
sysctl_net_core.c rps: add __rcu annotations 2010-10-25 14:18:27 -07:00
timestamping.c filter: optimize sk_run_filter 2010-11-19 09:49:59 -08:00
user_dma.c net/core/user_dma.c: Use frag list abstraction interfaces. 2009-06-09 00:19:10 -07:00
utils.c net: return operator cleanup 2010-09-23 14:33:39 -07:00