lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 26 Mar 2019 13:07:15 -0700
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     Paul Chaignon <paul.chaignon@...nge.com>
Cc:     Yonghong Song <yhs@...com>, Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
        bpf@...r.kernel.org, Jakub Kicinski <jakub.kicinski@...ronome.com>,
        xiao.han@...nge.com, paul.chaignon@...il.com,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>
Subject: Re: [PATCH bpf-next 0/2] bpf: remove incorrect 'verifier bug' warning

On Thu, Mar 21, 2019 at 10:33:06AM +0100, Paul Chaignon wrote:
> On Wed, Mar 20, 2019 at 11:31PM, Yonghong Song wrote:
> > On 3/20/19 5:57 AM, Paul Chaignon wrote:
> > > The BPF verifier checks the maximum number of call stack frames twice,
> > > first in the main CFG traversal (do_check) and then in a subsequent
> > > traversal (check_max_stack_depth).  If the second check fails, it logs a
> > > 'verifier bug' warning and errors out, as the number of call stack frames
> > > should have been verified already.
> > > 
> > > However, the second check may fail without indicating a verifier bug: if
> > > the excessive function calls reside in dead code, the main CFG traversal
> > > may not visit them; the subsequent traversal visits all instructions,
> > > including dead code.
> > > 
> > > This case raises the question of how invalid dead code should be treated.
> > 
> > Maybe we should do this check after dead code elimination to be 
> > consistent with do_check? There could some other kinds of illegal stuff
> 
> To be clear, are you suggesting we run check_max_stack_depth after the
> dead code elimination?  That would indeed solve this issue, but Jakub made
> the exact reverse change not so long ago, in 9b38c40 ("bpf: verifier:
> reorder stack size check with dead code sanitization").  I think the idea
> was to avoid having code modifications in between code checks.

I think it's fine fix as it is.
I've applied it to bpf tree, since the verifier shouldn't be warning like this.

As far as changing the order back I think it's good to keep 'too many frames'
check before dead code elimination.
'too many frames' is similar to 'too many instructions'.
The verifier rejects large programs before removing dead code.
So in that sense it's similar.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ