summaryrefslogtreecommitdiff
path: root/arch/x86/net
diff options
context:
space:
mode:
authorAlexei Starovoitov <ast@fb.com>2018-01-30 03:37:38 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2018-02-03 17:04:24 +0100
commit1367d854b97493bfb1f3d24cf89ba60cb7f059ea (patch)
tree2a612816f9e237171cf41fc796f40f8d523dc4b0 /arch/x86/net
parentb392225467b8066538dfa200dc925c844b76880b (diff)
bpf: fix branch pruning logic
[ Upstream commit c131187db2d3fa2f8bf32fdf4e9a4ef805168467 ] when the verifier detects that register contains a runtime constant and it's compared with another constant it will prune exploration of the branch that is guaranteed not to be taken at runtime. This is all correct, but malicious program may be constructed in such a way that it always has a constant comparison and the other branch is never taken under any conditions. In this case such path through the program will not be explored by the verifier. It won't be taken at run-time either, but since all instructions are JITed the malicious program may cause JITs to complain about using reserved fields, etc. To fix the issue we have to track the instructions explored by the verifier and sanitize instructions that are dead at run time with NOPs. We cannot reject such dead code, since llvm generates it for valid C code, since it doesn't do as much data flow analysis as the verifier does. Fixes: 17a5267067f3 ("bpf: verifier (add verifier core)") Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'arch/x86/net')
0 files changed, 0 insertions, 0 deletions