The bpf VM did not correctly check the bounds of LoadMemShift
instructions, as it used a size of 0 instead of the correct 1.
A LoadMemShift instruction 1 past the end of the input resulted in a
runtime panic:
panic(0x5c1d40, 0x7cec00)
/usr/local/go/src/runtime/panic.go:522 +0x1b5
golang.org/x/net/bpf.loadMemShift(...)
/home/afabre/go/pkg/mod/golang.org/x/net@v0.0.0-20190603091049-60506f45cf65/bpf/vm_instructions.go:137
golang.org/x/net/bpf.(*VM).Run(0xc00000ec40, 0xc0000173c8, 0x2, 0x8, 0x2, 0xc0000173c8, 0x0)
/home/afabre/go/pkg/mod/golang.org/x/net@v0.0.0-20190603091049-60506f45cf65/bpf/vm.go:131 +0xb0a
Fix this, and rework the out of bounds tests for load instructions to:
* Use an offset one past the end of the input, to catch this
* Use a filter that returns 1, to catch cases were the out of bounds
load does not cause a panic, but does not cause the VM to return 0.
Change-Id: I1e68886915207a34f59765805f907f36dc031f70
Reviewed-on: https://go-review.googlesource.com/c/net/+/180979
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Matt Layher <mdlayher@gmail.com>
Add a JumpIfX instruction which implements conditional jumps using
RegA and RegX. This is in addition to the pre-existing JumpIf
instruction which uses RegA and K.
This instruction / addressing mode is not mentionned in the original BPF
paper, but is supported by tools like bpf_asm, and has recently been
added to the kernel's filter.txt.
Simplify some of the parsing logic, and add a separate helper for
checking for "fake" JumpIfs.
Add JumpIfX support to the BPF vm.
Update testdata with JumpIfX instructions, and add tests
for both the assembler/disassembler and vm.
Fixesgolang/go#27814
Change-Id: I0c3f6ac7eb5b4cd4d9c5af8784ee2e8d25195a0a
GitHub-Last-Rev: 39a88165b2
GitHub-Pull-Request: golang/net#20
Reviewed-on: https://go-review.googlesource.com/c/136895
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
The x/net package is currently broken for Go 1.9 (#19051) so
I am unable to use trybots for x/net/http2.
This disables the tests for the broken stuff and makes things compile
at least, so x/net trybots aren't broken for others.
Updates golang/go#19051
Change-Id: I67401d7ad32d855e99a417545328eb4e803287cc
Reviewed-on: https://go-review.googlesource.com/37401
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Matt Layher <mdlayher@gmail.com>
Reviewed-by: Martin Möhrmann <moehrmann@google.com>
The tree's pretty inconsistent about single space vs double space
after a period in documentation. Make it consistently a single space,
per earlier decisions, and changes in go repository. This means
contributors won't be confused by misleading precedence.
This CL was generated with:
perl -i -npe 's,^(\s*// .+[a-z]\.) +([A-Z]),$1 $2,' $(git grep -l -E '^\s*//(.+\.) +([A-Z])')
on top of copyright headers change in https://golang.org/cl/32878.
Follows https://golang.org/cl/20022.
Change-Id: I821e4a300122b4668aa31e12eaa914db615e5369
Reviewed-on: https://go-review.googlesource.com/32879
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
The "fake" jump conditions as well as the LoadExtension instructions
are now disassembled correctly. Therefore the workaround to reassemble
the disassembly is no longer necessary.
This simplification was annonced already in golang/go#18470.
Result of `go test -cover .` stays the same with this simplification.
$ go test -cover golang.org/x/net/bpf
ok golang.org/x/net/bpf 0.495s coverage: 92.3% of statements
Change-Id: I3f9eb46148287c76059437b773b80c4c99eb5b53
Reviewed-on: https://go-review.googlesource.com/34951
Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Matt Layher <mdlayher@gmail.com>
Load extension in BPF is an overload of the load absolute
instruction with a 'negative offset'. Disassemble load
absolute instructions to load extension, if the offset
is 'negative', respectively > (0xFFFFFFFF - 0x1000).
Fixesgolang/go#18469
Change-Id: I13af8f5af89ce26b13a35d2b06879dd6e1c7434e
Reviewed-on: https://go-review.googlesource.com/34771
Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Mikio Hara <mikioh.mikioh@gmail.com>
The instruction itself doesn't care what the bits it's twiddling represents,
even though the it was introduced to more efficiently manipulate IPv4 packets.
Change-Id: Ie65a6df4041ad2090060636ccf7128680fcf75b7
Reviewed-on: https://go-review.googlesource.com/21244
Reviewed-by: Mikio Hara <mikioh.mikioh@gmail.com>
