lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 2 Apr 2019 13:58:14 +0200
From:   Paul Chaignon <paul.chaignon@...nge.com>
To:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org,
        bpf@...r.kernel.org
Cc:     Xiao Han <xiao.han@...nge.com>, paul.chaignon@...il.com,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>
Subject: [PATCH bpf] bpf: report verifier bugs as warnings

Three checks for verifier bugs were introduced in commit f4d7e40 ("bpf:
introduce function calls (verification)").  The bugs were reported as
incorrect programs instead of kernel warnings as the present patch
implements.

Signed-off-by: Paul Chaignon <paul.chaignon@...nge.com>
---
 kernel/bpf/verifier.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 87221fda1321..12499e72b0d5 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1145,9 +1145,9 @@ static int mark_reg_read(struct bpf_verifier_env *env,
 		if (writes && state->live & REG_LIVE_WRITTEN)
 			break;
 		if (parent->live & REG_LIVE_DONE) {
-			verbose(env, "verifier BUG type %s var_off %lld off %d\n",
-				reg_type_str[parent->type],
-				parent->var_off.value, parent->off);
+			WARN_ONCE(1, "verifier bug type %s var_off %lld off %d\n",
+				  reg_type_str[parent->type],
+				  parent->var_off.value, parent->off);
 			return -EFAULT;
 		}
 		/* ... then we depend on parent's value */
@@ -2888,15 +2888,15 @@ static int check_func_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
 	target_insn = *insn_idx + insn->imm;
 	subprog = find_subprog(env, target_insn + 1);
 	if (subprog < 0) {
-		verbose(env, "verifier bug. No program starts at insn %d\n",
-			target_insn + 1);
+		WARN_ONCE(1, "verifier bug. No program starts at insn %d\n",
+			  target_insn + 1);
 		return -EFAULT;
 	}
 
 	caller = state->frame[state->curframe];
 	if (state->frame[state->curframe + 1]) {
-		verbose(env, "verifier bug. Frame %d already allocated\n",
-			state->curframe + 1);
+		WARN_ONCE(1, "verifier bug. Frame %d already allocated\n",
+			  state->curframe + 1);
 		return -EFAULT;
 	}
 
-- 
2.17.1

Powered by blists - more mailing lists