| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20151204.163753.594151588498690658.davem@davemloft.net> Date: Fri, 04 Dec 2015 16:37:53 -0500 (EST) From: David Miller <davem@...emloft.net> To: alexei.starovoitov@...il.com Cc: dvyukov@...gle.com, ast@...nel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, syzkaller@...glegroups.com, kcc@...gle.com, glider@...gle.com, sasha.levin@...cle.com, edumazet@...gle.com, ryabinin.a.a@...il.com Subject: Re: bpf: undefined shift in __bpf_prog_run From: Alexei Starovoitov <alexei.starovoitov@...il.com> Date: Fri, 4 Dec 2015 12:35:23 -0800 > On Fri, Dec 04, 2015 at 08:48:57PM +0100, Dmitry Vyukov wrote: >> >> For example, a compiler can assume that result of left shift is larger >> or equal to first operand, which in turn can allow it to elide some >> bounds check in code, which in turn can lead to an exploit. I am not >> saying that this particular pattern is present in the code, what I >> want to say is that such undefined behaviors can lead to very >> unpredictable and unexpected consequences. > > Within bpf it cannot. > shift is not used in any memory or bounds operations. > so reg <<= 1234 cannot be exploited. +1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists