Re: [PATCH v4] bpf: core: fix shift-out-of-bounds in ___bpf_prog_run

From: Alexei Starovoitov
Date: Thu Jun 10 2021 - 13:54:08 EST

Next message: Sasha Levin: "Re: [PATCH AUTOSEL 5.12 03/43] spi: Fix spi device unregister flow"
Previous message: Vladimir Oltean: "Re: [PATCH][next] net: dsa: sja1105: Fix assigned yet unused return code rc"
In reply to: Kees Cook: "Re: [PATCH v4] bpf: core: fix shift-out-of-bounds in ___bpf_prog_run"
Next in thread: Eric Biggers: "Re: [PATCH v4] bpf: core: fix shift-out-of-bounds in ___bpf_prog_run"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 10, 2021 at 10:06 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> > > I guess the main question: what should happen if a bpf program writer
> > > does _not_ use compiler nor check_shl_overflow()?
>
> I think the BPF runtime needs to make such actions defined, instead of
> doing a blind shift. It needs to check the size of the shift explicitly
> when handling the shift instruction.

Such ideas were brought up in the past and rejected.
We're not going to sacrifice performance to make behavior a bit more
'defined'. CPUs are doing it deterministically. It's the C standard
that needs fixing.

> Sure, but the point of UBSAN is to find and alert about undefined
> behavior, so we still need to fix this.

No. The undefined behavior of C standard doesn't need "fixing" most of the time.

Next message: Sasha Levin: "Re: [PATCH AUTOSEL 5.12 03/43] spi: Fix spi device unregister flow"
Previous message: Vladimir Oltean: "Re: [PATCH][next] net: dsa: sja1105: Fix assigned yet unused return code rc"
In reply to: Kees Cook: "Re: [PATCH v4] bpf: core: fix shift-out-of-bounds in ___bpf_prog_run"
Next in thread: Eric Biggers: "Re: [PATCH v4] bpf: core: fix shift-out-of-bounds in ___bpf_prog_run"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]