[PATCH net-next 3/7] ebpf: check first for MAXINSNS in bpf_prog_load

[RFC PATCH net-next 0/7] eBPF support for cls_bpf · Daniel Borkmann <daniel@iogearbox.net> · 2015-02-11
[PATCH net-next 1/7] ebpf: remove kernel test stubs · Daniel Borkmann <daniel@iogearbox.net> · 2015-02-11
Re: [PATCH net-next 1/7] ebpf: remove kernel test stubs · Alexei Starovoitov <hidden> · 2015-02-11
[PATCH net-next 2/7] ebpf: constify various function pointer structs · Daniel Borkmann <daniel@iogearbox.net> · 2015-02-11
Re: [PATCH net-next 2/7] ebpf: constify various function pointer structs · Alexei Starovoitov <hidden> · 2015-02-11
[PATCH net-next 3/7] ebpf: check first for MAXINSNS in bpf_prog_load · Daniel Borkmann <daniel@iogearbox.net> · 2015-02-11
Re: [PATCH net-next 3/7] ebpf: check first for MAXINSNS in bpf_prog_load · Alexei Starovoitov <hidden> · 2015-02-11
Re: [PATCH net-next 3/7] ebpf: check first for MAXINSNS in bpf_prog_load · Daniel Borkmann <daniel@iogearbox.net> · 2015-02-12
[PATCH net-next 4/7] ebpf: extend program type/subsystem registration · Daniel Borkmann <daniel@iogearbox.net> · 2015-02-11
[PATCH net-next 5/7] ebpf: export BPF_PSEUDO_MAP_FD to uapi · Daniel Borkmann <daniel@iogearbox.net> · 2015-02-11
Re: [PATCH net-next 5/7] ebpf: export BPF_PSEUDO_MAP_FD to uapi · Alexei Starovoitov <hidden> · 2015-02-11
[PATCH net-next 6/7] ebpf: remove CONFIG_BPF_SYSCALL ifdefs in socket filter code · Daniel Borkmann <daniel@iogearbox.net> · 2015-02-11
[PATCH net-next 7/7] cls_bpf: add initial eBPF support for programmable classifiers · Daniel Borkmann <daniel@iogearbox.net> · 2015-02-11

STALE4129d

Revisions (2)

2015-02-11 rfc current
2015-02-27 v1 [diff vs current]

From: Daniel Borkmann <daniel@iogearbox.net>
Date: 2015-02-11 00:15:34
Subsystem: bpf [core], bpf [general] (safe dynamic programs and tools), the rest · Maintainers: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko, Eduard Zingerman, Kumar Kartikeya Dwivedi, Linus Torvalds

Just minor ... before doing all the copying work, we may want
to check for instruction count earlier. Also, we may want to
warn the user in case we would otherwise need to truncate the
license information.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
 kernel/bpf/syscall.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 536edc2..73b105c 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c

@@ -473,25 +473,26 @@ static int bpf_prog_load(union bpf_attr *attr)
 {
 	enum bpf_prog_type type = attr->prog_type;
 	struct bpf_prog *prog;
-	int err;
 	char license[128];
 	bool is_gpl;
+	int err;
 
 	if (CHECK_ATTR(BPF_PROG_LOAD))
 		return -EINVAL;
+	if (attr->insn_cnt >= BPF_MAXINSNS)
+		return -EINVAL;
 
 	/* copy eBPF program license from user space */
-	if (strncpy_from_user(license, u64_to_ptr(attr->license),
-			      sizeof(license) - 1) < 0)
-		return -EFAULT;
-	license[sizeof(license) - 1] = 0;
+	err = strncpy_from_user(license, u64_to_ptr(attr->license),
+				sizeof(license));
+	if (err == sizeof(license))
+		err = -ERANGE;
+	if (err < 0)
+		return err;
 
 	/* eBPF programs must be GPL compatible to use GPL-ed functions */
 	is_gpl = license_is_gpl_compatible(license);
 
-	if (attr->insn_cnt >= BPF_MAXINSNS)
-		return -EINVAL;
-
 	/* plain bpf_prog allocation */
 	prog = bpf_prog_alloc(bpf_prog_size(attr->insn_cnt), GFP_USER);
 	if (!prog)

-- 
1.9.3

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help