iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8cbf062a25
linux/kernel/bpf
History
Hou Tao 8cbf062a25 bpf: Reject kfunc calls that overflow insn->imm 
Now kfunc call uses s32 to represent the offset between the address of
kfunc and __bpf_call_base, but it doesn't check whether or not s32 will
be overflowed. The overflow is possible when kfunc is in module and the
offset between module and kernel is greater than 2GB. Take arm64 as an
example, before commit b2eed9b588 ("arm64/kernel: kaslr: reduce module
randomization range to 2 GB"), the offset between module symbol and
__bpf_call_base will in 4GB range due to KASLR and may overflow s32.

So add an extra checking to reject these invalid kfunc calls.

Signed-off-by: Hou Tao <houtao1@huawei.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20220215065732.3179408-1-houtao1@huawei.com
2022-02-15 10:05:11 -08:00
..
preload bpf: Convert bpf_preload.ko to use light skeleton. 2022-02-10 23:31:51 +01:00
arraymap.c bpf: generalise tail call map compatibility check 2022-01-21 14:14:03 -08:00
bloom_filter.c bpf: Add missing map_get_next_key method to bloom filter map. 2021-12-29 09:38:31 -08:00
bpf_inode_storage.c bpf: Allow bpf_local_storage to be used by sleepable programs 2021-12-29 17:54:40 -08:00
bpf_iter.c bpf: Add support for bpf iterator programs to use sleepable helpers 2022-01-24 19:55:40 -08:00
bpf_local_storage.c bpf: Allow bpf_local_storage to be used by sleepable programs 2021-12-29 17:54:40 -08:00
bpf_lru_list.c bpf_lru_list: Read double-checked variable once without lock 2021-02-10 15:54:26 -08:00
bpf_lru_list.h bpf: Fix a typo "inacitve" -> "inactive" 2020-04-06 21:54:10 +02:00
bpf_lsm.c bpf: Fix renaming task_getsecid_subj->current_getsecid_subj. 2022-01-24 20:20:51 -08:00
bpf_struct_ops_types.h bpf: Add dummy BPF STRUCT_OPS for test purpose 2021-11-01 14:10:00 -07:00
bpf_struct_ops.c bpf: Rename btf_member accessors. 2021-12-02 11:18:34 -08:00
bpf_task_storage.c bpf: Allow bpf_local_storage to be used by sleepable programs 2021-12-29 17:54:40 -08:00
btf.c bpf: Implement bpf_core_types_are_compat(). 2022-02-04 11:26:26 -08:00
cgroup.c cgroup/bpf: fast path skb BPF filtering 2022-01-27 10:15:00 -08:00
core.c bpf: Fix bpf_prog_pack build for ppc64_defconfig 2022-02-10 18:59:32 -08:00
cpumap.c bpf: generalise tail call map compatibility check 2022-01-21 14:14:03 -08:00
devmap.c bpf: generalise tail call map compatibility check 2022-01-21 14:14:03 -08:00
disasm.c bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause 2021-09-02 14:49:23 +02:00
disasm.h bpf: Relicense disassembler as GPL-2.0-only OR BSD-2-Clause 2021-09-02 14:49:23 +02:00
dispatcher.c bpf: Remove bpf_image tree 2020-03-13 12:49:52 -07:00
hashtab.c bpf: Replace callers of BPF_CAST_CALL with proper function typedef 2021-09-28 16:27:18 -07:00
helpers.c bpf: make bpf_copy_from_user_task() gpl only 2022-01-31 12:44:37 -08:00
inode.c bpf: Convert bpf_preload.ko to use light skeleton. 2022-02-10 23:31:51 +01:00
Kconfig bpf: Disallow unprivileged bpf by default 2021-11-01 17:06:47 +01:00
local_storage.c bpf: Use struct_size() helper 2021-12-21 15:35:48 -08:00
lpm_trie.c bpf: Fix typo in a comment in bpf lpm_trie. 2021-12-30 18:42:34 -08:00
Makefile bpf: Prepare relo_core.c for kernel duty. 2021-12-02 11:18:34 -08:00
map_in_map.c bpf: Remember BTF of inner maps. 2021-07-15 22:31:10 +02:00
map_in_map.h bpf: Add map_meta_equal map ops 2020-08-28 15:41:30 +02:00
map_iter.c bpf: Introduce MEM_RDONLY flag 2021-12-18 13:27:41 -08:00
mmap_unlock_work.h bpf: Introduce helper bpf_find_vma 2021-11-07 11:54:51 -08:00
net_namespace.c net: Add includes masked by netdevice.h including uapi/bpf.h 2021-12-29 20:03:05 -08:00
offload.c bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill 2020-02-17 16:53:49 +01:00
percpu_freelist.c bpf: Use raw_spin_trylock() for pcpu_freelist_push/pop in NMI 2020-10-06 00:04:11 +02:00
percpu_freelist.h bpf: Use raw_spin_trylock() for pcpu_freelist_push/pop in NMI 2020-10-06 00:04:11 +02:00
prog_iter.c bpf: Refactor bpf_iter_reg to have separate seq_info member 2020-07-25 20:16:32 -07:00
queue_stack_maps.c bpf: Eliminate rlimit-based memory accounting for queue_stack_maps maps 2020-12-02 18:32:46 -08:00
reuseport_array.c bpf: Use struct_size() helper 2021-12-21 15:35:48 -08:00
ringbuf.c bpf: Use VM_MAP instead of VM_ALLOC for ringbuf 2022-02-02 23:15:24 -08:00
stackmap.c bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack() 2022-01-15 12:21:23 +11:00
syscall.c bpf: Convert bpf_preload.ko to use light skeleton. 2022-02-10 23:31:51 +01:00
sysfs_btf.c bpf: Load and verify kernel module BTFs 2020-11-10 15:25:53 -08:00
task_iter.c bpf: Introduce btf_tracing_ids 2021-11-12 10:19:09 -08:00
tnum.c bpf, tnums: Provably sound, faster, and more precise algorithm for tnum_mul 2021-06-01 13:34:15 +02:00
trampoline.c Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2022-02-09 18:40:56 -08:00
verifier.c bpf: Reject kfunc calls that overflow insn->imm 2022-02-15 10:05:11 -08:00