Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp429388imu; Wed, 12 Dec 2018 20:39:54 -0800 (PST) X-Google-Smtp-Source: AFSGD/UX4lqaUWT/SzPU3LSULRqClLilq5DPocwQX8LUN4Z1DzsLHIJ+qBTEkd2qhbelR0VARDYk X-Received: by 2002:a63:3287:: with SMTP id y129mr20749032pgy.337.1544675994183; Wed, 12 Dec 2018 20:39:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544675994; cv=none; d=google.com; s=arc-20160816; b=hg5kqECpjfMLhyh+ZEUqDvJ6yyIj3DdshhkGpHjf6EbUWcQSRvktcJH105i4D8looQ 5hVTdTbfMstT6UNKDI2TJKvqxGRXG875dV4/xyn92MdRkvGkV/cLf5iwcugT/DaPBHkW T5MAzsFY0WtBVjZKk0GnZylLGcFfT47QHIEQqHD6ReV+puvx4mvaHSZatzDuE2bL5dTm 7DuCTUKCjW5zkO7u/tmfyGAjcZSKakfdRKfCdp80Uwq99hF6eCYD39Hw2P3bddu4mxRe uk+sI+UqW0lbeElEDwxSzbS8LAFed+BEqSkGwxeoHV2sKb0MI21qx3aZ0toiMJoLCPXO q8gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=cn1yxF6JxXdazOUoaM5fd8kqEj+dXrYP6UaRg7s2qiw=; b=AHPWWr6xvPrRhEnV8R/SW10pWgi3VOcep9u+OoWmAtHuXBHvvU9a7P/LC6MezWNWTJ Wb9+D4tkFniMTQFZ4UCRZiX/TGxL/FF4CW+5K7ywZH2IG7NVIB5bTfBbmxcP8lDP2kSK SP1Fgd/vJI+2Zc8IoPHV4ZDMW08U3qCQm9NK3MYsP3W12hPryL4cszUo1UtQ0knBX9uK 935qYafcey3ofmbIPeHxZ5hOlgbahLjj2morpUrR2P2BkqSb/2CEpAU92EyMa9S7c+wA eL+ylgmjoTNvYP1Bi0Yko3ez+8hGk0o9wIwgQ+jSGIivqPiGwb0AaENeQyqHjGwYTNF/ nBOA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fCeUdQtZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v10si688550plg.82.2018.12.12.20.39.39; Wed, 12 Dec 2018 20:39:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fCeUdQtZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729171AbeLMEcp (ORCPT + 99 others); Wed, 12 Dec 2018 23:32:45 -0500 Received: from mail.kernel.org ([198.145.29.99]:45578 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726465AbeLMEcl (ORCPT ); Wed, 12 Dec 2018 23:32:41 -0500 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A461520672; Thu, 13 Dec 2018 04:32:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1544675561; bh=mSPnV8odF5xAoHtLwP67okvSv65+I4DGhocXF0boKkg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fCeUdQtZ5nuyp/xHE7UJVpFyPvpWSxO2gn/0Xabamka/3Fgx+NRj88PoVfzPEIbot F7jc+RK7C5On6uCJ2yOsmf2YsHx6hJecIM1yC+1yy67kt02RsM77u2SWlOKsh7jovV bTl940htvUJWiidHtHJ3cV/az/nq0QasGevGTetQ= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Sasha Levin , netdev@vger.kernel.org Subject: [PATCH AUTOSEL 4.9 24/34] bpf: check pending signals while verifying programs Date: Wed, 12 Dec 2018 23:31:50 -0500 Message-Id: <20181213043200.76295-24-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181213043200.76295-1-sashal@kernel.org> References: <20181213043200.76295-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alexei Starovoitov [ Upstream commit c3494801cd1785e2c25f1a5735fa19ddcf9665da ] Malicious user space may try to force the verifier to use as much cpu time and memory as possible. Hence check for pending signals while verifying the program. Note that suspend of sys_bpf(PROG_LOAD) syscall will lead to EAGAIN, since the kernel has to release the resources used for program verification. Reported-by: Anatoly Trosinenko Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Acked-by: Edward Cree Signed-off-by: Daniel Borkmann Signed-off-by: Sasha Levin --- kernel/bpf/verifier.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 1438b7396cb4..335c00209f74 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2919,6 +2919,9 @@ static int do_check(struct bpf_verifier_env *env) goto process_bpf_exit; } + if (signal_pending(current)) + return -EAGAIN; + if (need_resched()) cond_resched(); -- 2.19.1