Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp435409imu; Wed, 12 Dec 2018 20:50:22 -0800 (PST) X-Google-Smtp-Source: AFSGD/V31npGxCYOsyfZElIg9B3IEBzfzbTTLdZJVACEZ2oa79xpddjRdsj7JcRgEemVraQjubKD X-Received: by 2002:a17:902:7481:: with SMTP id h1mr22681437pll.341.1544676622374; Wed, 12 Dec 2018 20:50:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544676622; cv=none; d=google.com; s=arc-20160816; b=vRezheIa4q3TYjOFWhwjkRzFZvdHJkVHy2VXyF3OlYxmFZ6x9WE6JC871gtkpLSZi2 FgizsMLonBnJ+32U5A/NYApc7G2zWWixbBNgz9b0t1AdkZjxfzIBKLBr9rF9PGI70brK UbtIugBObcrLVCXxA0oJTpC6xC/TfzUKRBRsqHayvlJWtzgvzcdvugks0+EEiLzrOntU nudv75YJCY+ZPJHuh5tLiNqjzdPrVRJp5+6pdNKbuoogOZbyLTdS8ue5C42zWXv4P3xy 6jxwrY/QFqr/Etofgc6avWbERyc8qZpP79F4ZjjDVnl/Yp5wod1nBgg3MFQYtSdQ5L06 Mr8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=XTmt33D46Q+aM0vLz1VVeDS6MxjXq3GsoIVx0fEfwKg=; b=RueQK5XGLD4O3FISjCZ6oof83b5xvOtwIWlMN0t8pN3ZQ6hH5V8wBeH55ubNFbwzyS S9gw3CitvN9N9/uNWEIAKxmium43S3ulDN5e9gy+C17Ft8nUlQQ6+Uzb+++jH1yc8kaG /yNeQ9Gwxd30nnrbFCZC4LflABA3tZYwf7zP4mYllb95x1xpxnbtHMUY+pGZxgIpBTVC ZflQ/oS0AEQLu9bBaC/Xp18P6dghohRpgn79/YGap/xA8nAbGv9AJwwtr2mbJORcD3gN roF0tmwYvQuVA3I4QwbMVaNjPG3WmxKhWL3ZjY654EVoe8eazMhMPIyHmhJ313XzB06C pZow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XRk373K9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h191si691340pgc.302.2018.12.12.20.50.07; Wed, 12 Dec 2018 20:50:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=XRk373K9; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728810AbeLMEr3 (ORCPT + 99 others); Wed, 12 Dec 2018 23:47:29 -0500 Received: from mail.kernel.org ([198.145.29.99]:43130 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728121AbeLMEaM (ORCPT ); Wed, 12 Dec 2018 23:30:12 -0500 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 20A5B20873; Thu, 13 Dec 2018 04:30:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1544675411; bh=KW4z1bgq6eQp5xJ3wJyepnskVMAquAF/2ehkHFnMcw0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XRk373K9bZH9+iVLdoYXDRQmFd00WZMSWqgHv2+CJBIwJyhfqd38oIR+7tJRteqR6 cMLLRbpMQiGX0fLHjt7LLuXZ1kvXiJ0rVx7PGmCPk6KDWqJCgMos+ulGwiVPKXqFls ce4PVQ1BapQf4XPvairuavyIiY+7AqmjeLy3WZp8= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Sasha Levin , netdev@vger.kernel.org Subject: [PATCH AUTOSEL 4.19 50/73] bpf: check pending signals while verifying programs Date: Wed, 12 Dec 2018 23:28:15 -0500 Message-Id: <20181213042838.75160-50-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181213042838.75160-1-sashal@kernel.org> References: <20181213042838.75160-1-sashal@kernel.org> MIME-Version: 1.0 X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alexei Starovoitov [ Upstream commit c3494801cd1785e2c25f1a5735fa19ddcf9665da ] Malicious user space may try to force the verifier to use as much cpu time and memory as possible. Hence check for pending signals while verifying the program. Note that suspend of sys_bpf(PROG_LOAD) syscall will lead to EAGAIN, since the kernel has to release the resources used for program verification. Reported-by: Anatoly Trosinenko Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Acked-by: Edward Cree Signed-off-by: Daniel Borkmann Signed-off-by: Sasha Levin --- kernel/bpf/verifier.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 5780876ac81a..a320e6587dd3 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -4792,6 +4792,9 @@ static int do_check(struct bpf_verifier_env *env) goto process_bpf_exit; } + if (signal_pending(current)) + return -EAGAIN; + if (need_resched()) cond_resched(); -- 2.19.1