From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sasha Levin Subject: [PATCH AUTOSEL 4.9 24/34] bpf: check pending signals while verifying programs Date: Wed, 12 Dec 2018 23:31:50 -0500 Message-ID: <20181213043200.76295-24-sashal@kernel.org> References: <20181213043200.76295-1-sashal@kernel.org> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Cc: Alexei Starovoitov , Daniel Borkmann , Sasha Levin , netdev@vger.kernel.org To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Return-path: In-Reply-To: <20181213043200.76295-1-sashal@kernel.org> Sender: linux-kernel-owner@vger.kernel.org List-Id: netdev.vger.kernel.org From: Alexei Starovoitov [ Upstream commit c3494801cd1785e2c25f1a5735fa19ddcf9665da ] Malicious user space may try to force the verifier to use as much cpu time and memory as possible. Hence check for pending signals while verifying the program. Note that suspend of sys_bpf(PROG_LOAD) syscall will lead to EAGAIN, since the kernel has to release the resources used for program verification. Reported-by: Anatoly Trosinenko Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Acked-by: Edward Cree Signed-off-by: Daniel Borkmann Signed-off-by: Sasha Levin --- kernel/bpf/verifier.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 1438b7396cb4..335c00209f74 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2919,6 +2919,9 @@ static int do_check(struct bpf_verifier_env *env) goto process_bpf_exit; } + if (signal_pending(current)) + return -EAGAIN; + if (need_resched()) cond_resched(); -- 2.19.1