From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.9 24/34] bpf: check pending signals while verifying programs
Date: Wed, 12 Dec 2018 23:31:50 -0500 [thread overview]
Message-ID: <20181213043200.76295-24-sashal@kernel.org> (raw)
In-Reply-To: <20181213043200.76295-1-sashal@kernel.org>
From: Alexei Starovoitov <ast@kernel.org>
[ Upstream commit c3494801cd1785e2c25f1a5735fa19ddcf9665da ]
Malicious user space may try to force the verifier to use as much cpu
time and memory as possible. Hence check for pending signals
while verifying the program.
Note that suspend of sys_bpf(PROG_LOAD) syscall will lead to EAGAIN,
since the kernel has to release the resources used for program verification.
Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/verifier.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 1438b7396cb4..335c00209f74 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2919,6 +2919,9 @@ static int do_check(struct bpf_verifier_env *env)
goto process_bpf_exit;
}
+ if (signal_pending(current))
+ return -EAGAIN;
+
if (need_resched())
cond_resched();
--
2.19.1
next prev parent reply other threads:[~2018-12-13 4:31 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-13 4:31 [PATCH AUTOSEL 4.9 01/34] mac80211_hwsim: fix module init error paths for netlink Sasha Levin
2018-12-13 4:31 ` [PATCH AUTOSEL 4.9 07/34] bonding: fix 802.3ad state sent to partner when unbinding slave Sasha Levin
2018-12-13 4:31 ` [PATCH AUTOSEL 4.9 09/34] SUNRPC: Fix leak of krb5p encode pages Sasha Levin
2018-12-13 4:31 ` [PATCH AUTOSEL 4.9 10/34] SUNRPC: Fix a potential race in xprt_connect() Sasha Levin
2018-12-13 4:31 ` [PATCH AUTOSEL 4.9 19/34] net: phy: don't allow __set_phy_supported to add unsupported modes Sasha Levin
2018-12-13 4:31 ` [PATCH AUTOSEL 4.9 20/34] net: 8139cp: fix a BUG triggered by changing mtu with network traffic Sasha Levin
2018-12-13 4:31 ` [PATCH AUTOSEL 4.9 21/34] net: phy: Fix not to call phy_resume() if PHY is not attached Sasha Levin
2018-12-13 4:50 ` Yoshihiro Shimoda
2018-12-13 4:31 ` [PATCH AUTOSEL 4.9 22/34] mv88e6060: disable hardware level MAC learning Sasha Levin
2018-12-13 4:31 ` [PATCH AUTOSEL 4.9 23/34] net/mlx4_en: Fix build break when CONFIG_INET is off Sasha Levin
2018-12-13 4:31 ` Sasha Levin [this message]
2018-12-13 4:31 ` [PATCH AUTOSEL 4.9 27/34] ethernet: fman: fix wrong of_node_put() in probe function Sasha Levin
2018-12-13 4:31 ` [PATCH AUTOSEL 4.9 30/34] vhost/vsock: fix reset orphans race with close timeout Sasha Levin
2018-12-13 4:32 ` [PATCH AUTOSEL 4.9 34/34] net/mlx4_core: Correctly set PFC param if global pause is turned off Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181213043200.76295-24-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).