lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Sep 2021 07:59:56 -0400 From: Sasha Levin <sashal@...nel.org> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org Cc: Johan Almbladh <johan.almbladh@...finetworks.com>, Andrii Nakryiko <andrii@...nel.org>, Yonghong Song <yhs@...com>, Sasha Levin <sashal@...nel.org>, netdev@...r.kernel.org, bpf@...r.kernel.org Subject: [PATCH AUTOSEL 4.9 29/48] bpf: Fix off-by-one in tail call count limiting From: Johan Almbladh <johan.almbladh@...finetworks.com> [ Upstream commit b61a28cf11d61f512172e673b8f8c4a6c789b425 ] Before, the interpreter allowed up to MAX_TAIL_CALL_CNT + 1 tail calls. Now precisely MAX_TAIL_CALL_CNT is allowed, which is in line with the behavior of the x86 JITs. Signed-off-by: Johan Almbladh <johan.almbladh@...finetworks.com> Signed-off-by: Andrii Nakryiko <andrii@...nel.org> Acked-by: Yonghong Song <yhs@...com> Link: https://lore.kernel.org/bpf/20210728164741.350370-1-johan.almbladh@anyfinetworks.com Signed-off-by: Sasha Levin <sashal@...nel.org> --- kernel/bpf/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index df2ebce927ec..3e1d03512a4f 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -774,7 +774,7 @@ static unsigned int __bpf_prog_run(void *ctx, const struct bpf_insn *insn) if (unlikely(index >= array->map.max_entries)) goto out; - if (unlikely(tail_call_cnt > MAX_TAIL_CALL_CNT)) + if (unlikely(tail_call_cnt >= MAX_TAIL_CALL_CNT)) goto out; tail_call_cnt++; -- 2.30.2
Powered by blists - more mailing lists