{"id":833301,"url":"http://patchwork.ozlabs.org/api/1.2/patches/833301/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/20171102110558.2746221-2-arnd@arndb.de/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/1.2/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20171102110558.2746221-2-arnd@arndb.de>","list_archive_url":null,"date":"2017-11-02T11:05:52","name":"[2/2,net-next] bpf: fix out-of-bounds access warning in bpf_check","commit_ref":null,"pull_url":null,"state":"accepted","archived":true,"hash":"944f6dc38ac61e0120bfc63d0cd05a044c2ec2ae","submitter":{"id":30,"url":"http://patchwork.ozlabs.org/api/1.2/people/30/?format=json","name":"Arnd Bergmann","email":"arnd@arndb.de"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/1.2/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/20171102110558.2746221-2-arnd@arndb.de/mbox/","series":[{"id":11477,"url":"http://patchwork.ozlabs.org/api/1.2/series/11477/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/list/?series=11477","date":"2017-11-02T11:05:52","name":"[1/2,net-next] bpf: fix link error without CONFIG_NET","version":1,"mbox":"http://patchwork.ozlabs.org/series/11477/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/833301/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/833301/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3ySMjJ2Pp5z9s9Y\n\tfor <patchwork-incoming@ozlabs.org>;\n\tThu,  2 Nov 2017 22:06:44 +1100 (AEDT)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1755565AbdKBLGd (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tThu, 2 Nov 2017 07:06:33 -0400","from mout.kundenserver.de ([212.227.126.134]:62654 \"EHLO\n\tmout.kundenserver.de\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S933207AbdKBLGb (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Thu, 2 Nov 2017 07:06:31 -0400","from wuerfel.lan ([109.193.157.232]) by mrelayeu.kundenserver.de\n\t(mreue001 [212.227.15.129]) with ESMTPA (Nemesis) id\n\t0Lj9jT-1dZUjP12VD-00dWhF; Thu, 02 Nov 2017 12:06:08 +0100"],"From":"Arnd Bergmann <arnd@arndb.de>","To":"Alexei Starovoitov <ast@kernel.org>,\n\tDaniel Borkmann <daniel@iogearbox.net>","Cc":"Arnd Bergmann <arnd@arndb.de>, \"David S. Miller\" <davem@davemloft.net>,\n\tEdward Cree <ecree@solarflare.com>,\n\tJohn Fastabend <john.fastabend@gmail.com>,\n\tJakub Kicinski <jakub.kicinski@netronome.com>,\n\tnetdev@vger.kernel.org, linux-kernel@vger.kernel.org","Subject":"[PATCH 2/2] [net-next] bpf: fix out-of-bounds access warning in\n\tbpf_check","Date":"Thu,  2 Nov 2017 12:05:52 +0100","Message-Id":"<20171102110558.2746221-2-arnd@arndb.de>","X-Mailer":"git-send-email 2.9.0","In-Reply-To":"<20171102110558.2746221-1-arnd@arndb.de>","References":"<20171102110558.2746221-1-arnd@arndb.de>","X-Provags-ID":"V03:K0:Cy6kUwfelhs2OndXjG11KT9FUP/hGSYJOJ0G++sVhKJ5orVLvb1\n\t0e8YwGaRvS+CBHJdoN86QGzV3pEU90SkCViLOkKuIeocZVDtjFhWk3anT5UNhFVDzZGHLxQ\n\tgVdEQOHScGGH2PBZDnaWCLRBYX3vu/qAN4OET2xcq9MXxLXOMMtQcpd08/PJUREHK69MDna\n\ttQUnv1iBrxA3/mEMFHyAA==","X-UI-Out-Filterresults":"notjunk:1; V01:K0:PGC/pb3SDxo=:tBt/45dkh8QWBPb0pW9TZv\n\tnSlxPq66En/hlMFjhtSzYrEKSMJ7eKb1xbqzICRscbuM8kR7x0ITfIb+AuR6capan1t+UTOiA\n\twsQaaL6+qRwGI1AsL8PwzCZY/xmJ2KRB5UGl7Ip3wF58HXvFTcC3vGufbcyYCcAfo/nrXETxS\n\tw0XTcJw6lPk8ciodFNn5VN6osV4qa6Jc/RkJ7Hudr1iEGyIArCy5bs8sje2y4fdzuAuMKcXd4\n\t9ixgdr4y70she+kpnXPlkHIBAL8l4RVmTci1YuSnw2cbvnSv5XqE7GhYBm7Y1VZexh+sRsFkO\n\t9/RVJDP/sgsHp7A+0HgFGreqjXRd9A6TJh1OgeLwheuFDsbDRno1l+xZe5EW4yJ7LHk0v87Si\n\t0u/VsF9nnWXI4MjciCURQcD+Yx/5wUq7fhuNxfGt5Xs4TXe06xyv8Na6gShigQ54Nrl0CgrIz\n\tGsScGTmKg0x6LXOv8qtEJyqr4TkMpa5KFsZjzFMM3VJfOyAacWbGCFUXvD1c4G9z6xSUcCcLH\n\tw7uHfw2p9VzmCFrbpuf+wSejSbayg1AwkQ+K1rUmfyu2ZFW9F4OO6zO4+mATyJmos7boYuF5t\n\tf6up6+2co2ED1aLlOEEnmuqBno608lbXocTXBxkfkVJ9wue3nIv5QS57NGBrnE65X6D2bxD/8\n\t03ocogHgoCurjqPEpUlv4ntUMIWTjVzwW7b1JI3Sf2euZhbvMRdqx4MZ9AyfFp/eQWTE0K87O\n\t2EiHX2TyzXFnzQ7APEaDSgVKYKEAm61DEutPIw==","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"The bpf_verifer_ops array is generated dynamically and may be\nempty depending on configuration, which then causes an out\nof bounds access:\n\nkernel/bpf/verifier.c: In function 'bpf_check':\nkernel/bpf/verifier.c:4320:29: error: array subscript is above array bounds [-Werror=array-bounds]\n\nThis adds a check to the start of the function as a workaround.\nI would assume that the function is never called in that configuration,\nso the warning is probably harmless.\n\nFixes: 00176a34d9e2 (\"bpf: remove the verifier ops from program structure\")\nSigned-off-by: Arnd Bergmann <arnd@arndb.de>\n---\nSince there hasn't been a linux-next release in two weeks, I'm not\nentirely sure this is still needed, but from looking of the net-next\ncontents it seems it is. I did not check any other trees that might\nhave a fix already.\n---\n kernel/bpf/verifier.c | 4 ++++\n 1 file changed, 4 insertions(+)","diff":"diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c\nindex 750aff880ecb..debb60ad08ee 100644\n--- a/kernel/bpf/verifier.c\n+++ b/kernel/bpf/verifier.c\n@@ -4447,6 +4447,10 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)\n \tstruct bpf_verifer_log *log;\n \tint ret = -EINVAL;\n \n+\t/* no program is valid */\n+\tif (ARRAY_SIZE(bpf_verifier_ops) == 0)\n+\t\treturn -EINVAL;\n+\n \t/* 'struct bpf_verifier_env' can be global, but since it's not small,\n \t * allocate/free it every time bpf_check() is called\n \t */\n","prefixes":["2/2","net-next"]}