| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jun 2014 09:44:31 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Markos Chandras' <markos.chandras@...tec.com>,
"linux-mips@...ux-mips.org" <linux-mips@...ux-mips.org>
CC: "David S. Miller" <davem@...emloft.net>,
Daniel Borkmann <dborkman@...hat.com>,
Alexei Starovoitov <ast@...mgrid.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: RE: [PATCH 14/17] MIPS: bpf: Prevent kernel fall over for >=32bit
shifts
From: Markos Chandras
> Remove BUG_ON() if the shift immediate is >=32 to avoid
> kernel crashes due to malicious user input. Since the micro-assembler
> will not allow an immediate greater or equal to 32, we will use the
> maximum value which is 31. This will do the correct thing on either 32-
> or 64-bit cores since no 64-bit instructions are being used in JIT.
I'm not sure that bounding the shift to 31 bits 'is the correct thing'.
I'd have thought that emulating the large shift or masking the shift
to 5 bits are equally 'correct'.
...
> {
> /* sa is 5-bits long */
> - BUG_ON(sa >= BIT(5));
> + if (sa >= BIT(5))
> + sa = BIT(5) - 1;
> emit_instr(ctx, sll, dst, src, sa);
...
David
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists