Skip to content

Commit

Permalink
bpf: check pending signals while verifying programs
Browse files Browse the repository at this point in the history 
Malicious user space may try to force the verifier to use as much cpu
time and memory as possible. Hence check for pending signals
while verifying the program.
Note that suspend of sys_bpf(PROG_LOAD) syscall will lead to EAGAIN,
since the kernel has to release the resources used for program verification.

Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
  • Loading branch information
@borkmann
Alexei Starovoitov authored and borkmann committed Dec 4, 2018
1 parent 025dceb commit c349480
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions kernel/bpf/verifier.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5148,6 +5148,9 @@ static int do_check(struct bpf_verifier_env *env)
goto process_bpf_exit;
}

if (signal_pending(current))
return -EAGAIN;

if (need_resched())
cond_resched();

Expand Down

0 comments on commit c349480

Please sign in to comment.