Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1514860ybe; Wed, 11 Sep 2019 16:32:18 -0700 (PDT) X-Google-Smtp-Source: APXvYqy9KoDdPpRDm1AFgB2T8R7b62n40nSHhvh7902sppKPxSvev6H18Vt8NjNOZyGKj+gHfJ3j X-Received: by 2002:a17:906:1317:: with SMTP id w23mr31461420ejb.312.1568244738814; Wed, 11 Sep 2019 16:32:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568244738; cv=none; d=google.com; s=arc-20160816; b=zDsu2R2KZfLxbu+EnC8N41uMuk/xPqAtr+v/OMHwxlqxkfnoSlJXoUe2tO3Xq3+WRs mb9BoL273JHy45AAdZ5z4VRzOOtA3uzPStE7AjA4Xc04ZDOabSNaNXK2waP1ydaUY0R8 QtY6IRdINGQaSq/UqNYR5vDgLvbnrbdPg3GaSHHFIk0sS8COad0MN2nn/E158eFEaWvQ hxISCZ/GerR/UFGYO5vWqmi0HOWthU4SWLgq2Nq/9tDo81cecWUHx8OJXSSp87YPTDof jMGLxPeifIeNCFzE5k7TnmNGuVlQV8sKca6zLVcPnkr75ln0cpx3o+S0r3uz6qKbAuVn 38Cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=xR7hYe4cgaeRTX0oM2Y5DNYIJaqcoPBbVI2nTGUyj3I=; b=YCjWxGXMQGGQW8jLDKqnmD1uGd+FuiU51z71kINLp+ke54Tt6VdJVWfjFg3VWUZ1Hy IluFZJ95MUU7f0KCSvY0fAA1VuNajn38MSKte1LIAEO3Qxpo6Q3cfPzQWTtCmnRSr0l8 T/2zy+5641+5N5vf7vS5yb1s28b6+RHXAJpt7AjfiEybMIJYxCn4AODZJ6MFQke8eoHQ I7oVbvo/MXahzQepdoKkNecVxIVUvenragyh9yrDLZFPzx1J3oJU+gQf+rjXVY9pYC5Y 7VrS+ItyrxsMEysZ/w/bXzwh9IlaSyWykd1hYsPM6HzAj2tD11uS2botBRub5D+p8oW9 56Kg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="vtFM/wNP"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i18si11725500ejz.217.2019.09.11.16.31.25; Wed, 11 Sep 2019 16:32:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="vtFM/wNP"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730550AbfIKUaJ (ORCPT + 99 others); Wed, 11 Sep 2019 16:30:09 -0400 Received: from mail-vs1-f41.google.com ([209.85.217.41]:36471 "EHLO mail-vs1-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728808AbfIKUaI (ORCPT ); Wed, 11 Sep 2019 16:30:08 -0400 Received: by mail-vs1-f41.google.com with SMTP id v19so9520918vsv.3 for ; Wed, 11 Sep 2019 13:30:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xR7hYe4cgaeRTX0oM2Y5DNYIJaqcoPBbVI2nTGUyj3I=; b=vtFM/wNP1cbgEAHfwr2tSf+02EhyZPlQI2hH6LIOAujE4b2dV5EHR8S/+jHn7mNh7A dRrbfqGWSphPeXOKuDHFAF8dSowLXFxxGC4FbANYtLHrM3nrSZyQ9oaRw41A+IdO0sj4 1GAOBXo65OWgs2wVFbCoeMw+Yr371hSazFG6BZkeJuALvPJ1xKYzBUlq/rURdG4QGAn5 VpjVi4GSiISma6lDJL/8xgI99P1xYQK9Y2lIfMB5ekxjPDcR8AXmp+X5hpzQCI25CfEV UYmYj407XQ1sV9i0WKofsgpXso5FGO6+l/h7TjL9t2k3GdcZM7+HsiugG/KPZnyQn0qg st1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xR7hYe4cgaeRTX0oM2Y5DNYIJaqcoPBbVI2nTGUyj3I=; b=tiIGR/LUvu29gFLsoWVfgoxT5/LZhXxTD8fX0zfkwsU1ZtDxHSq/R3rDwHHXmwN3BS eOVA4z5Ma7iJoU2efjUSJr1VA9Nd/N/lpA/SemXaATqhnEcx6bbrsdVUJAFuF41eTpWm 2EdLeoImq0jDvGbnORqJn213c5RP+eONxuZGfaKHCA2hBWLfqq69dAoW64nQcDiCb/n8 qanjj7dlgqYy6JaGl6UlSpUdFl+MF+JFEjS6+/t5gCamvVleUGOZQRaCW+6YrM22U3py izEW5qN7KCjNvX6Bve4TFgNLFLwvzih91NU8PprmcN/j0+TJ7naorrrKoIGgDCLLrI9n BdEQ== X-Gm-Message-State: APjAAAUezHMFC/tgI/gxoJe7EJ6j7Q6Y9NYunTHgreG/SIdHxUbal/j4 /480rP8wKnh2YAeGDphVslsXhvyPGjHhaGVy09paUQ== X-Received: by 2002:a67:6d06:: with SMTP id i6mr21648978vsc.5.1568233807241; Wed, 11 Sep 2019 13:30:07 -0700 (PDT) MIME-Version: 1.0 References: <20190909223236.157099-1-samitolvanen@google.com> <4f4136f5-db54-f541-2843-ccb35be25ab4@fb.com> <20190910172253.GA164966@google.com> In-Reply-To: From: Sami Tolvanen Date: Wed, 11 Sep 2019 13:29:56 -0700 Message-ID: Subject: Re: [PATCH] bpf: validate bpf_func when BPF_JIT is enabled To: Yonghong Song Cc: Alexei Starovoitov , Daniel Borkmann , Kees Cook , Martin Lau , Song Liu , "netdev@vger.kernel.org" , "bpf@vger.kernel.org" , "linux-kernel@vger.kernel.org" , =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= , =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 11, 2019 at 12:43 AM Yonghong Song wrote: > How about this: > > if (!IS_ENABLED(CONFIG_BPF_JIT_ALWAYS_ON) && !prog->jited) > goto out; > > if (unlikely(hdr->magic != BPF_BINARY_HEADER_MAGIC || > !arch_bpf_jit_check_func(prog))) { > WARN(1, "attempt to jump to an invalid address"); > return 0; > } > out: > return prog->bpf_func(ctx, prog->insnsi); Sure, that does look cleaner. I'll use this in the next version. Thanks. Sami