leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2d1b50abf8
linux/arch/x86
History
Piotr Krysiuk 26f55a59dc bpf, x86: Validate computation of branch displacements for x86-32 
The branch displacement logic in the BPF JIT compilers for x86 assumes
that, for any generated branch instruction, the distance cannot
increase between optimization passes.

But this assumption can be violated due to how the distances are
computed. Specifically, whenever a backward branch is processed in
do_jit(), the distance is computed by subtracting the positions in the
machine code from different optimization passes. This is because part
of addrs[] is already updated for the current optimization pass, before
the branch instruction is visited.

And so the optimizer can expand blocks of machine code in some cases.

This can confuse the optimizer logic, where it assumes that a fixed
point has been reached for all machine code blocks once the total
program size stops changing. And then the JIT compiler can output
abnormal machine code containing incorrect branch displacements.

To mitigate this issue, we assert that a fixed point is reached while
populating the output image. This rejects any problematic programs.
The issue affects both x86-32 and x86-64. We mitigate separately to
ease backporting.

Signed-off-by: Piotr Krysiuk <piotras@gmail.com>
Reviewed-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2021-04-08 16:24:53 +02:00
..
boot EFI updates collected by Ard Biesheuvel: 2020-12-24 12:40:07 -08:00
configs module: remove EXPORT_UNUSED_SYMBOL* 2021-02-08 12:28:07 +01:00
crypto crypto: aesni - release FPU during skcipher walk API calls 2021-01-22 14:58:04 +11:00
entry x86/sev-es: Introduce ip_within_syscall_gap() helper 2021-03-08 14:22:17 +01:00
events perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT 2021-03-16 21:44:39 +01:00
hyperv iommu/hyperv: setup an IO-APIC IRQ remapping domain for root partition 2021-02-11 08:47:07 +00:00
ia32 x86/ia32_signal: Propagate __user annotation properly 2020-12-11 19:44:31 +01:00
include - Add the arch-specific mapping between physical and logical CPUs to fix 2021-03-21 11:04:20 -07:00
kernel - Add the arch-specific mapping between physical and logical CPUs to fix 2021-03-21 11:04:20 -07:00
kvm KVM: X86: Fix missing local pCPU when executing wbinvd on all dirty pCPUs 2021-03-18 13:55:34 -04:00
lib x86/sev-es: Use __copy_from_user_inatomic() 2021-03-09 12:37:54 +01:00
math-emu treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
mm x86: fix seq_file iteration for pat/memtype.c 2021-02-26 09:41:05 -08:00
net bpf, x86: Validate computation of branch displacements for x86-32 2021-04-08 16:24:53 +02:00
pci Simple Firmware Interface (SFI) support removal for v5.12-rc1 2021-02-24 10:35:29 -08:00
platform module: remove never implemented MODULE_SUPPORTED_DEVICE 2021-03-17 13:16:18 -07:00
power clang-lto for v5.12-rc1 (part2) 2021-02-23 15:13:45 -08:00
purgatory crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
ras treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
realmode x86/head/64: Don't call verify_cpu() on starting APs 2020-09-09 11:33:20 +02:00
tools Modules updates for v5.12 2021-02-23 10:15:33 -08:00
um um: remove process stub VMA 2021-02-12 21:37:38 +01:00
video
xen xen: branch for v5.12-rc3 2021-03-12 11:34:36 -08:00
.gitignore
Kbuild
Kconfig x86, kfence: enable KFENCE for x86 2021-02-26 09:41:02 -08:00
Kconfig.assembler
Kconfig.cpu treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Kconfig.debug x86, libnvdimm/test: Remove COPY_MC_TEST 2020-10-26 18:08:35 +01:00
Makefile clang-lto for v5.12-rc1 (part2) 2021-02-23 15:13:45 -08:00
Makefile_32.cpu
Makefile.um