From: Dave Hansen <dave.hansen@intel.com>
To: speck@linutronix.de
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Subject: [MODERATED] [PATCH 3/5] SSB extra v2 3
Date: Mon, 7 May 2018 16:18:44 -0700 [thread overview]
Message-ID: <=?utf-8?q?=3C15a559407274841456857d4b9c732c68aac52537=2E152573?= =?utf-8?q?4796=2Egit=2Edave=2Ehansen=40intel=2Ecom=3E?=> (raw)
In-Reply-To: <cover.1525734796.git.dave.hansen@intel.com>
In-Reply-To: <cover.1525734796.git.dave.hansen@intel.com>
From: Dave Hansen <dave.hansen@linux.intel.com>
When calling other programs, assume that those programs are not
trusted and mark the current program as needing mitigation.
This situation can obviously be improved by checking the calling
program to see if it needs mitigation. That step is left as an
exercise to the reader (the folks who have actually looked at
the BPF code for more than two days in their life).
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
---
kernel/bpf/verifier.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 5dd1dcb..ee454b6 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -5481,6 +5481,8 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env)
* the program array.
*/
prog->cb_access = 1;
+ prog->need_mitigation = 1;
+
env->prog->aux->stack_depth = MAX_BPF_STACK;
/* mark bpf_tail_call as different opcode to avoid
--
2.9.5
next prev parent reply other threads:[~2018-05-07 23:24 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-07 23:18 [MODERATED] [PATCH 0/5] SSB extra v2 0 Dave Hansen
2018-05-07 23:18 ` [MODERATED] [PATCH 1/5] SSB extra v2 1 Dave Hansen
2018-05-07 23:18 ` [MODERATED] [PATCH 2/5] SSB extra v2 2 Dave Hansen
2018-05-07 23:18 ` Dave Hansen [this message]
2018-05-07 23:18 ` [MODERATED] [PATCH 4/5] SSB extra v2 4 Dave Hansen
2018-05-07 23:18 ` [MODERATED] [PATCH 5/5] SSB extra v2 5 Dave Hansen
2018-05-08 0:36 ` [MODERATED] " Andi Kleen
2018-05-08 0:46 ` Dave Hansen
2018-05-09 15:36 ` Thomas Gleixner
2018-05-09 15:43 ` [MODERATED] " Dave Hansen
2018-05-09 15:55 ` Greg KH
2018-05-09 16:03 ` Dave Hansen
2018-05-09 16:05 ` Jiri Kosina
2018-05-09 16:36 ` Dave Hansen
2018-05-16 15:23 ` Jon Masters
2018-05-09 21:04 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='=?utf-8?q?=3C15a559407274841456857d4b9c732c68aac52537=2E152573?= =?utf-8?q?4796=2Egit=2Edave=2Ehansen=40intel=2Ecom=3E?=' \
--to=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.