]> git.baikalelectronics.ru Git - kernel.git/commit
bpf: check pending signals while verifying programs
authorAlexei Starovoitov <ast@kernel.org>
Tue, 4 Dec 2018 06:46:04 +0000 (22:46 -0800)
committerDaniel Borkmann <daniel@iogearbox.net>
Tue, 4 Dec 2018 16:22:02 +0000 (17:22 +0100)
commitf1f8fffd14fe7ce7cae8ca219a527d4854b66cd8
treef3bedbb2deb12948d7765aaac8f4a2e8000fdd73
parent55ae0be2df5c8e79693ddc65389f788aef630053
bpf: check pending signals while verifying programs

Malicious user space may try to force the verifier to use as much cpu
time and memory as possible. Hence check for pending signals
while verifying the program.
Note that suspend of sys_bpf(PROG_LOAD) syscall will lead to EAGAIN,
since the kernel has to release the resources used for program verification.

Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
kernel/bpf/verifier.c