summaryrefslogtreecommitdiffstats
path: root/Kbuild
diff options
context:
space:
mode:
authorDaniel Borkmann <daniel@iogearbox.net>2018-01-26 23:33:38 +0100
committerAlexei Starovoitov <ast@kernel.org>2018-01-26 16:42:05 -0800
commit5e581dad4fec0e6d062740dc35b8dc248b39d224 (patch)
tree534845527ccef6977576db77a02f96956f329b7f /Kbuild
parent2a5418a13fcfbb1f13a847eedb9a8e30a9ead765 (diff)
downloadlinux-5e581dad4fec0e6d062740dc35b8dc248b39d224.tar.gz
linux-5e581dad4fec0e6d062740dc35b8dc248b39d224.tar.bz2
linux-5e581dad4fec0e6d062740dc35b8dc248b39d224.zip
bpf: make unknown opcode handling more robust
Recent findings by syzcaller fixed in 7891a87efc71 ("bpf: arsh is not supported in 32 bit alu thus reject it") triggered a warning in the interpreter due to unknown opcode not being rejected by the verifier. The 'return 0' for an unknown opcode is really not optimal, since with BPF to BPF calls, this would go untracked by the verifier. Do two things here to improve the situation: i) perform basic insn sanity check early on in the verification phase and reject every non-uapi insn right there. The bpf_opcode_in_insntable() table reuses the same mapping as the jumptable in ___bpf_prog_run() sans the non-public mappings. And ii) in ___bpf_prog_run() we do need to BUG in the case where the verifier would ever create an unknown opcode due to some rewrites. Note that JITs do not have such issues since they would punt to interpreter in these situations. Moreover, the BPF_JIT_ALWAYS_ON would also help to avoid such unknown opcodes in the first place. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'Kbuild')
0 files changed, 0 insertions, 0 deletions