lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220823215804.2177-1-kuniyu@amazon.com> Date: Tue, 23 Aug 2022 14:58:04 -0700 From: Kuniyuki Iwashima <kuniyu@...zon.com> To: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org> CC: Kuniyuki Iwashima <kuniyu@...zon.com>, Kuniyuki Iwashima <kuni1840@...il.com>, <bpf@...r.kernel.org>, <netdev@...r.kernel.org> Subject: [PATCH v3 bpf] bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl, WRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limit is long, so we need to add a paired READ_ONCE() to avoid load-tearing. Fixes: ede95a63b5e8 ("bpf: add bpf_jit_limit knob to restrict unpriv allocations") Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com> --- v3: * Update changelog to clarify paired WRITE_ONCE() and motivation as load-tearing. v2: https://lore.kernel.org/netdev/20220823181247.90349-1-kuniyu@amazon.com/ * Drop other 3 patches (No change for this patch) v1: https://lore.kernel.org/bpf/20220818042339.82992-1-kuniyu@amazon.com/ --- kernel/bpf/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index c1e10d088dbb..3d9eb3ae334c 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -971,7 +971,7 @@ pure_initcall(bpf_jit_charge_init); int bpf_jit_charge_modmem(u32 size) { - if (atomic_long_add_return(size, &bpf_jit_current) > bpf_jit_limit) { + if (atomic_long_add_return(size, &bpf_jit_current) > READ_ONCE(bpf_jit_limit)) { if (!bpf_capable()) { atomic_long_sub(size, &bpf_jit_current); return -EPERM; -- 2.30.2
Powered by blists - more mailing lists