| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Oct 2019 21:39:31 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: edumazet@...gle.com
Cc: ast@...nel.org, daniel@...earbox.net, netdev@...r.kernel.org,
eric.dumazet@...il.com, bpf@...r.kernel.org,
naveen.n.rao@...ux.ibm.com, sandipan@...ux.ibm.com,
benh@...nel.crashing.org, paulus@...ba.org, mpe@...erman.id.au,
kafai@...com, songliubraving@...com, yhs@...com
Subject: Re: [PATCH net] powerpc/bpf: fix tail call implementation
From: Eric Dumazet <edumazet@...gle.com>
Date: Thu, 31 Oct 2019 20:34:44 -0700
> We have seen many crashes on powerpc hosts while loading bpf programs.
>
> The problem here is that bpf_int_jit_compile() does a first pass
> to compute the program length.
>
> Then it allocates memory to store the generated program and
> calls bpf_jit_build_body() a second time (and a third time
> later)
>
> What I have observed is that the second bpf_jit_build_body()
> could end up using few more words than expected.
>
> If bpf_jit_binary_alloc() put the space for the program
> at the end of the allocated page, we then write on
> a non mapped memory.
>
> It appears that bpf_jit_emit_tail_call() calls
> bpf_jit_emit_common_epilogue() while ctx->seen might not
> be stable.
>
> Only after the second pass we can be sure ctx->seen wont be changed.
>
> Trying to avoid a second pass seems quite complex and probably
> not worth it.
>
> Fixes: ce0761419faef ("powerpc/bpf: Implement support for tail calls")
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
I am anticipating this will go via the bpf tree.
Powered by blists - more mailing lists