• Eric Dumazet's avatar
    filter: add a security check at install time · 2d5311e4
    Eric Dumazet authored
    We added some security checks in commit 57fe93b3
    (filter: make sure filters dont read uninitialized memory) to close a
    potential leak of kernel information to user.
    This added a potential extra cost at run time, while we can perform a
    check of the filter itself, to make sure a malicious user doesnt try to
    abuse us.
    This patch adds a check_loads() function, whole unique purpose is to
    make this check, allocating a temporary array of mask. We scan the
    filter and propagate a bitmask information, telling us if a load M(K) is
    allowed because a previous store M(K) is guaranteed. (So that
    sk_run_filter() can possibly not read unitialized memory)
    Note: this can uncover application bug, denying a filter attach,
    previously allowed.
    Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
    Cc: Dan Rosenberg <drosenberg@vsecurity.com>
    Cc: Changli Gao <xiaosuo@gmail.com>
    Acked-by: default avatarChangli Gao <xiaosuo@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>