bpf: Reject kfunc calls that overflow insn->imm - drm-misc - Kernel DRM miscellaneous fixes and cross-tree changes

diff options

author	Hou Tao <houtao1@huawei.com>	2022-02-15 14:57:32 +0800
committer	Alexei Starovoitov <ast@kernel.org>	2022-02-15 10:05:11 -0800
commit	8cbf062a250ed52148badf6f3ffd03657dd4a3f0 (patch)
tree	b34a52c2bdad8b49f7de4ae951d6f56271f17407 /tools/lib/bpf
parent	d2b94f33e43727c17ed2816c1bfa10e6bc4f4be3 (diff)

bpf: Reject kfunc calls that overflow insn->imm

Now kfunc call uses s32 to represent the offset between the address of kfunc and __bpf_call_base, but it doesn't check whether or not s32 will be overflowed. The overflow is possible when kfunc is in module and the offset between module and kernel is greater than 2GB. Take arm64 as an example, before commit b2eed9b58811 ("arm64/kernel: kaslr: reduce module randomization range to 2 GB"), the offset between module symbol and __bpf_call_base will in 4GB range due to KASLR and may overflow s32. So add an extra checking to reject these invalid kfunc calls. Signed-off-by: Hou Tao <houtao1@huawei.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20220215065732.3179408-1-houtao1@huawei.com

Diffstat (limited to 'tools/lib/bpf')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: