| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <8ee01c195432e4c1ebaa79c20e91525c7af22384.1453405861.git.jpoimboe@redhat.com> Date: Thu, 21 Jan 2016 16:49:35 -0600 From: Josh Poimboeuf <jpoimboe@...hat.com> To: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org Cc: linux-kernel@...r.kernel.org, live-patching@...r.kernel.org, Michal Marek <mmarek@...e.cz>, Peter Zijlstra <peterz@...radead.org>, Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...en8.de>, Linus Torvalds <torvalds@...ux-foundation.org>, Andi Kleen <andi@...stfloor.org>, Pedro Alves <palves@...hat.com>, Namhyung Kim <namhyung@...il.com>, Bernd Petrovitsch <bernd@...rovitsch.priv.at>, Chris J Arges <chris.j.arges@...onical.com>, Andrew Morton <akpm@...ux-foundation.org>, Jiri Slaby <jslaby@...e.cz>, Arnaldo Carvalho de Melo <acme@...nel.org>, Alexei Starovoitov <ast@...nel.org>, netdev@...r.kernel.org Subject: [PATCH 31/33] bpf: Add __bpf_prog_run() to stacktool whitelist stacktool reports the following false positive warnings: stacktool: kernel/bpf/core.o: __bpf_prog_run()+0x5c: sibling call from callable instruction with changed frame pointer stacktool: kernel/bpf/core.o: __bpf_prog_run()+0x60: function has unreachable instruction stacktool: kernel/bpf/core.o: __bpf_prog_run()+0x64: function has unreachable instruction [...] It's confused by the following dynamic jump instruction in __bpf_prog_run():: jmp *(%r12,%rax,8) which corresponds to the following line in the C code: goto *jumptable[insn->code]; There's no way for stacktool to deterministically find all possible branch targets for a dynamic jump, so it can't verify this code. In this case the jumps all stay within the function, and there's nothing unusual going on related to the stack, so we can whitelist the function. Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com> Cc: Alexei Starovoitov <ast@...nel.org> Cc: netdev@...r.kernel.org --- kernel/bpf/core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 972d9a8..7108a96 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -27,6 +27,7 @@ #include <linux/random.h> #include <linux/moduleloader.h> #include <linux/bpf.h> +#include <linux/stacktool.h> #include <asm/unaligned.h> @@ -649,6 +650,7 @@ load_byte: WARN_RATELIMIT(1, "unknown opcode %02x\n", insn->code); return 0; } +STACKTOOL_IGNORE_FUNC(__bpf_prog_run); bool bpf_prog_array_compatible(struct bpf_array *array, const struct bpf_prog *fp) -- 2.4.3
Powered by blists - more mailing lists