From patchwork Thu Nov 2 11:05:52 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 117773 Delivered-To: patch@linaro.org Received: by 10.80.245.45 with SMTP id t42csp1915805edm; Thu, 2 Nov 2017 04:06:37 -0700 (PDT) X-Google-Smtp-Source: ABhQp+RipeJRH43+gtdg6gA1va3C6+VfL68dCZ1gfJoYTsai7VqhyOD1yPltGfIuuN2RnLhvoLur X-Received: by 10.84.233.10 with SMTP id j10mr178604plk.14.1509620797004; Thu, 02 Nov 2017 04:06:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509620796; cv=none; d=google.com; s=arc-20160816; b=DK+nzRdgeF2O5koUPfWEw5CW4cWYmG82f/v33kcrQcmE/iydGssX+2v2AkIPiErUGh AC/YOOhW+Ue5CCOZadX5SYIdaFiMnk/XTClcqBqxVmkvqHjulHRHupynQu27EDvjYnE3 UYsMJ2UvlOFDI2yJA+e2LXaee8kHglXl2YT1kR4nTL0bifPhkfpsSJZQCnAq4cThCfag mykoh8i8lIoUbEwGLU+RHZ50ED5WOjyHGClDHSLWVeiDDSm83XgKDyw/qbEk7fhzztfx yHatdwAA5/B22GGfeMynPkayZXNgJVJR8wAwumptK5Lz39Ls+ZWdiqc9WvMr277axCM/ JtBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=m76nNQetfq3pIimK6D99RqpN8zzTcRyKGQlL06G+ojY=; b=QXfzei3i36T1PBduMVeFOs7Rt3j8f2o55UkS+rcceg8zhopp3bwxsf3dlG35JA8J+n n01RZZJW17tgKUTimZ3RpgdpavabP3B6WkU6DxoSJh+Mk6zMjNuqhioSSn5uNCr8eY0G Ex9uKMgUNYDFViUokHabbq1VeJTnEoMwaPnqT5+Lt8FIlpsDpvqtQbcOj8+FgKmU4L2y kxx1X50AnL/yGaZpENNIN9Na3z+TAFO0VOfY8pvstY4YFJJBwRiB87sZ/BNpPw5Ph8es +5iWYoO2rxJzm7zWYClXEmM6E5LqZhsha6C8a1F2Nk+B+ykaFiMWXjXKvDWclboDEbXK 9q2g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bd7si1912527plb.577.2017.11.02.04.06.36; Thu, 02 Nov 2017 04:06:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755586AbdKBLGe (ORCPT + 26 others); Thu, 2 Nov 2017 07:06:34 -0400 Received: from mout.kundenserver.de ([212.227.126.134]:62654 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933207AbdKBLGb (ORCPT ); Thu, 2 Nov 2017 07:06:31 -0400 Received: from wuerfel.lan ([109.193.157.232]) by mrelayeu.kundenserver.de (mreue001 [212.227.15.129]) with ESMTPA (Nemesis) id 0Lj9jT-1dZUjP12VD-00dWhF; Thu, 02 Nov 2017 12:06:08 +0100 From: Arnd Bergmann To: Alexei Starovoitov , Daniel Borkmann Cc: Arnd Bergmann , "David S. Miller" , Edward Cree , John Fastabend , Jakub Kicinski , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/2] [net-next] bpf: fix out-of-bounds access warning in bpf_check Date: Thu, 2 Nov 2017 12:05:52 +0100 Message-Id: <20171102110558.2746221-2-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20171102110558.2746221-1-arnd@arndb.de> References: <20171102110558.2746221-1-arnd@arndb.de> X-Provags-ID: V03:K0:Cy6kUwfelhs2OndXjG11KT9FUP/hGSYJOJ0G++sVhKJ5orVLvb1 0e8YwGaRvS+CBHJdoN86QGzV3pEU90SkCViLOkKuIeocZVDtjFhWk3anT5UNhFVDzZGHLxQ gVdEQOHScGGH2PBZDnaWCLRBYX3vu/qAN4OET2xcq9MXxLXOMMtQcpd08/PJUREHK69MDna tQUnv1iBrxA3/mEMFHyAA== X-UI-Out-Filterresults: notjunk:1; V01:K0:PGC/pb3SDxo=:tBt/45dkh8QWBPb0pW9TZv nSlxPq66En/hlMFjhtSzYrEKSMJ7eKb1xbqzICRscbuM8kR7x0ITfIb+AuR6capan1t+UTOiA wsQaaL6+qRwGI1AsL8PwzCZY/xmJ2KRB5UGl7Ip3wF58HXvFTcC3vGufbcyYCcAfo/nrXETxS w0XTcJw6lPk8ciodFNn5VN6osV4qa6Jc/RkJ7Hudr1iEGyIArCy5bs8sje2y4fdzuAuMKcXd4 9ixgdr4y70she+kpnXPlkHIBAL8l4RVmTci1YuSnw2cbvnSv5XqE7GhYBm7Y1VZexh+sRsFkO 9/RVJDP/sgsHp7A+0HgFGreqjXRd9A6TJh1OgeLwheuFDsbDRno1l+xZe5EW4yJ7LHk0v87Si 0u/VsF9nnWXI4MjciCURQcD+Yx/5wUq7fhuNxfGt5Xs4TXe06xyv8Na6gShigQ54Nrl0CgrIz GsScGTmKg0x6LXOv8qtEJyqr4TkMpa5KFsZjzFMM3VJfOyAacWbGCFUXvD1c4G9z6xSUcCcLH w7uHfw2p9VzmCFrbpuf+wSejSbayg1AwkQ+K1rUmfyu2ZFW9F4OO6zO4+mATyJmos7boYuF5t f6up6+2co2ED1aLlOEEnmuqBno608lbXocTXBxkfkVJ9wue3nIv5QS57NGBrnE65X6D2bxD/8 03ocogHgoCurjqPEpUlv4ntUMIWTjVzwW7b1JI3Sf2euZhbvMRdqx4MZ9AyfFp/eQWTE0K87O 2EiHX2TyzXFnzQ7APEaDSgVKYKEAm61DEutPIw== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The bpf_verifer_ops array is generated dynamically and may be empty depending on configuration, which then causes an out of bounds access: kernel/bpf/verifier.c: In function 'bpf_check': kernel/bpf/verifier.c:4320:29: error: array subscript is above array bounds [-Werror=array-bounds] This adds a check to the start of the function as a workaround. I would assume that the function is never called in that configuration, so the warning is probably harmless. Fixes: 00176a34d9e2 ("bpf: remove the verifier ops from program structure") Signed-off-by: Arnd Bergmann --- Since there hasn't been a linux-next release in two weeks, I'm not entirely sure this is still needed, but from looking of the net-next contents it seems it is. I did not check any other trees that might have a fix already. --- kernel/bpf/verifier.c | 4 ++++ 1 file changed, 4 insertions(+) -- 2.9.0 Acked-by: Alexei Starovoitov Acked-by: Daniel Borkmann diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 750aff880ecb..debb60ad08ee 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -4447,6 +4447,10 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr) struct bpf_verifer_log *log; int ret = -EINVAL; + /* no program is valid */ + if (ARRAY_SIZE(bpf_verifier_ops) == 0) + return -EINVAL; + /* 'struct bpf_verifier_env' can be global, but since it's not small, * allocate/free it every time bpf_check() is called */