Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp565522imu; Thu, 20 Dec 2018 01:28:11 -0800 (PST) X-Google-Smtp-Source: AFSGD/UN/GxBGLbPEeMsfj+oETst0yNKCOhWp+QlH1atIEozK8u6MGfr7DHvpXtu9oBRQ3ZEnpcw X-Received: by 2002:a62:3006:: with SMTP id w6mr23825046pfw.258.1545298091877; Thu, 20 Dec 2018 01:28:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545298091; cv=none; d=google.com; s=arc-20160816; b=cYUuZynnFCOh2OnM6SCbSfuB6mhQMyNAa1280sNQ77xN4Nl1YlRsBFoMrKN7oRe/gl 1w8bpHwwvzytHQA1V/wLWMxLn29pT1PqAQ4J6J0Sw9hn+7K1MXG78ovDCIrzuv99aaSz ixnpoaLVAhsOQ/wlE6L7kXKX7VA3r0KXDMxtaHMwCfXXA6geK9GU9un/xldOFzggJCgc jNe4keHLWfIGPweMRutcSl5OjUHRUQ79KJabo284RanszX3xhdN4BVgby7jwW5QVQExD Wc2SWcNzuwTaIWxXYOTMPjyQtx2bJygg8y0Yh/9kYB5KSYLEKwcIftJEFnzW+DSXcLRD f+mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=melVZaWhFoFAv6g8VCgQ6n5iolVAMgYuumuxNw65klw=; b=v4SlJQgFk0tSkUfGaBoPfSsgtYumaeHctbmD7Bc9YCAFLbMZ53r2MsbItUXzBr7vIQ nUNzmx88i/yFDNc7YzhxUGLneHV6W9CmVO1HItTqRTG0j+LUzZ0Sgkc+5NCHVW5Us1iq RFvmdc82PmJZDmPp+A2WxNstRZFYjRmvPpxbECSYqf3jJJdqcEkksd9XqfTdDpIkshr4 akptFR8bgb30g3IvtLof/xjPybdcuyF7KL6N6KYL4445y/CrQgN50RSO1CKEgLMItajC QrZatYS7Iq2pr6QOpeq5sDzYTr3GLYv350qY7OPQiiAUUBIjaPGUoFx8O5ZjoJHgV0DP /7Dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BffXtd9Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1si18388646plx.157.2018.12.20.01.27.56; Thu, 20 Dec 2018 01:28:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=BffXtd9Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731843AbeLTJYm (ORCPT + 99 others); Thu, 20 Dec 2018 04:24:42 -0500 Received: from mail.kernel.org ([198.145.29.99]:37436 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730428AbeLTJYk (ORCPT ); Thu, 20 Dec 2018 04:24:40 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5D55A217D9; Thu, 20 Dec 2018 09:24:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1545297879; bh=pjjKzhySXPSvHH/cV/xYlmDDv5YbG8FjW4npavzuL8E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=BffXtd9ZjNq9MyZh+Ar5KnGcPJIH/12S1y7peXn7nc2FxhbxVVk2CgSJflUggK5M7 mcyTS0nXeQy6ZD4fIkmGtNKhZvB9Ip+vUjJWLvq/68hcjztRZs/7qDT9UDpeMMs8li bccABhBhJrjWLD1/bfaXBt/VqlSZ6GPlIeir63U0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Anatoly Trosinenko , Alexei Starovoitov , Daniel Borkmann , Edward Cree , Sasha Levin Subject: [PATCH 4.9 50/61] bpf: check pending signals while verifying programs Date: Thu, 20 Dec 2018 10:18:50 +0100 Message-Id: <20181220085845.774712211@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20181220085843.743900603@linuxfoundation.org> References: <20181220085843.743900603@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit c3494801cd1785e2c25f1a5735fa19ddcf9665da ] Malicious user space may try to force the verifier to use as much cpu time and memory as possible. Hence check for pending signals while verifying the program. Note that suspend of sys_bpf(PROG_LOAD) syscall will lead to EAGAIN, since the kernel has to release the resources used for program verification. Reported-by: Anatoly Trosinenko Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Acked-by: Edward Cree Signed-off-by: Daniel Borkmann Signed-off-by: Sasha Levin --- kernel/bpf/verifier.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 1438b7396cb4..335c00209f74 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2919,6 +2919,9 @@ static int do_check(struct bpf_verifier_env *env) goto process_bpf_exit; } + if (signal_pending(current)) + return -EAGAIN; + if (need_resched()) cond_resched(); -- 2.19.1