diff options
author | Paul Chaignon <paul.chaignon@orange.com> | 2019-03-20 13:58:27 +0100 |
---|---|---|
committer | Alexei Starovoitov <ast@kernel.org> | 2019-03-26 21:02:16 +0100 |
commit | 927cb78177ae3773d0d27404566a93cb8e88890c (patch) | |
tree | 468b520b36506fade213dc64431cf18cf10c6cc5 /kernel | |
parent | bpf: fix use after free in bpf_evict_inode (diff) | |
download | linux-927cb78177ae3773d0d27404566a93cb8e88890c.tar.xz linux-927cb78177ae3773d0d27404566a93cb8e88890c.zip |
bpf: remove incorrect 'verifier bug' warning
The BPF verifier checks the maximum number of call stack frames twice,
first in the main CFG traversal (do_check) and then in a subsequent
traversal (check_max_stack_depth). If the second check fails, it logs a
'verifier bug' warning and errors out, as the number of call stack frames
should have been verified already.
However, the second check may fail without indicating a verifier bug: if
the excessive function calls reside in dead code, the main CFG traversal
may not visit them; the subsequent traversal visits all instructions,
including dead code.
This case raises the question of how invalid dead code should be treated.
This patch implements the conservative option and rejects such code.
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
Tested-by: Xiao Han <xiao.han@orange.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/bpf/verifier.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index fd502c1f71eb..6c5a41f7f338 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -1897,8 +1897,9 @@ continue_func: } frame++; if (frame >= MAX_CALL_FRAMES) { - WARN_ONCE(1, "verifier bug. Call stack is too deep\n"); - return -EFAULT; + verbose(env, "the call stack of %d frames is too deep !\n", + frame); + return -E2BIG; } goto process_func; } |