Commit c3494801 authored by Alexei Starovoitov's avatar Alexei Starovoitov Committed by Daniel Borkmann

bpf: check pending signals while verifying programs

Malicious user space may try to force the verifier to use as much cpu
time and memory as possible. Hence check for pending signals
while verifying the program.
Note that suspend of sys_bpf(PROG_LOAD) syscall will lead to EAGAIN,
since the kernel has to release the resources used for program verification.
Reported-by: default avatarAnatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Acked-by: default avatarEdward Cree <ecree@solarflare.com>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parent 025dceb0
...@@ -5148,6 +5148,9 @@ static int do_check(struct bpf_verifier_env *env) ...@@ -5148,6 +5148,9 @@ static int do_check(struct bpf_verifier_env *env)
goto process_bpf_exit; goto process_bpf_exit;
} }
if (signal_pending(current))
return -EAGAIN;
if (need_resched()) if (need_resched())
cond_resched(); cond_resched();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment