From: Arnd Bergmann <arnd@arndb.de>
To: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>
Cc: Arnd Bergmann <arnd@arndb.de>,
"David S. Miller" <davem@davemloft.net>,
Edward Cree <ecree@solarflare.com>,
John Fastabend <john.fastabend@gmail.com>,
Jakub Kicinski <jakub.kicinski@netronome.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 2/2] [net-next] bpf: fix out-of-bounds access warning in bpf_check
Date: Thu, 2 Nov 2017 12:05:52 +0100 [thread overview]
Message-ID: <20171102110558.2746221-2-arnd@arndb.de> (raw)
In-Reply-To: <20171102110558.2746221-1-arnd@arndb.de>
The bpf_verifer_ops array is generated dynamically and may be
empty depending on configuration, which then causes an out
of bounds access:
kernel/bpf/verifier.c: In function 'bpf_check':
kernel/bpf/verifier.c:4320:29: error: array subscript is above array bounds [-Werror=array-bounds]
This adds a check to the start of the function as a workaround.
I would assume that the function is never called in that configuration,
so the warning is probably harmless.
Fixes: 00176a34d9e2 ("bpf: remove the verifier ops from program structure")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
Since there hasn't been a linux-next release in two weeks, I'm not
entirely sure this is still needed, but from looking of the net-next
contents it seems it is. I did not check any other trees that might
have a fix already.
---
kernel/bpf/verifier.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 750aff880ecb..debb60ad08ee 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -4447,6 +4447,10 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
struct bpf_verifer_log *log;
int ret = -EINVAL;
+ /* no program is valid */
+ if (ARRAY_SIZE(bpf_verifier_ops) == 0)
+ return -EINVAL;
+
/* 'struct bpf_verifier_env' can be global, but since it's not small,
* allocate/free it every time bpf_check() is called
*/
--
2.9.0
next prev parent reply other threads:[~2017-11-02 11:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-02 11:05 [PATCH 1/2] [net-next] bpf: fix link error without CONFIG_NET Arnd Bergmann
2017-11-02 11:05 ` Arnd Bergmann [this message]
2017-11-02 15:59 ` [PATCH 2/2] [net-next] bpf: fix out-of-bounds access warning in bpf_check Alexei Starovoitov
2017-11-02 16:14 ` Arnd Bergmann
2017-11-02 17:58 ` Jakub Kicinski
2017-11-02 18:47 ` Alexei Starovoitov
2017-11-02 22:35 ` Daniel Borkmann
2017-11-03 5:20 ` David Miller
2017-11-02 17:55 ` [PATCH 1/2] [net-next] bpf: fix link error without CONFIG_NET Jakub Kicinski
2017-11-02 18:48 ` Alexei Starovoitov
2017-11-02 22:32 ` Daniel Borkmann
2017-11-03 5:20 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171102110558.2746221-2-arnd@arndb.de \
--to=arnd@arndb.de \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=ecree@solarflare.com \
--cc=jakub.kicinski@netronome.com \
--cc=john.fastabend@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).