Alexei Starovoitov
83b570c004
bpf: Prevent memory disambiguation attack
commit af86ca4e30 upstream.
Detect code patterns where malicious 'speculative store bypass' can be used
and sanitize such patterns.
39: (bf) r3 = r10
40: (07) r3 += -216
41: (79) r8 = *(u64 *)(r7 +0) // slow read
42: (7a) *(u64 *)(r10 -72) = 0 // verifier inserts this instruction
43: (7b) *(u64 *)(r8 +0) = r3 // this store becomes slow due to r8
44: (79) r1 = *(u64 *)(r6 +0) // cpu speculatively executes this load
45: (71) r2 = *(u8 *)(r1 +0) // speculatively arbitrary 'load byte'
// is now sanitized
Above code after x86 JIT becomes:
e5: mov %rbp,%rdx
e8: add $0xffffffffffffff28,%rdx
ef: mov 0x0(%r13),%r14
f3: movq $0x0,-0x48(%rbp)
fb: mov %rdx,0x0(%r14)
ff: mov 0x0(%rbx),%rdi
103: movzbq 0x0(%rdi),%rsi
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
[bwh: Backported to 4.14:
- Add bpf_verifier_env parameter to check_stack_write()
- Look up stack slot_types with state->stack_slot_type[] rather than
state->stack[].slot_type[]
- Drop bpf_verifier_env argument to verbose()
- Adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2018-12-05 19:41:10 +01:00
..
2018-11-04 14:52:44 +01:00
2017-04-17 13:55:52 -04:00
2017-09-01 09:57:39 -07:00
2017-07-01 16:15:13 -07:00
2018-02-22 15:42:23 +01:00
2017-10-22 00:54:09 +01:00
2018-08-24 13:09:12 +02:00
2017-01-09 16:56:27 -05:00
2017-10-09 15:18:04 +02:00
2018-03-11 16:23:21 +01:00
2017-11-02 11:10:55 +01:00
2017-06-29 13:13:25 -04:00
2017-06-29 13:13:25 -04:00
2017-12-14 09:53:11 +01:00
2016-03-08 15:28:31 -05:00
2018-11-04 14:52:44 +01:00
2017-08-19 21:35:43 -07:00
2018-11-13 11:15:18 -08:00
2017-08-08 17:51:34 -07:00
2018-12-05 19:41:10 +01:00