tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Too many PMC implementations



On 26.08.2018 02:40, Kamil Rytarowski wrote:
> On 25.08.2018 21:32, David Holland wrote:
>>  > 2. There is no bpf_validate for Lua bytecode. In fact, Lua team abandoned
>>  >    an idea of bytecode validation few years ago. From Lua 5.3 manual:
>>  > 
>>  >    Lua does not check the consistency of binary chunks. Maliciously
>>  >    crafted binary chunks can crash the interpreter.
>>
>> Are we talking about installing untrusted/unprivileged kernel trace
>> logic? Because that seems like a bad idea, or at least a very hard
>> thing to get right... and if not, it doesn't matter if there's a
>> validator.
>>
>> (Also, isn't EBPF not really validatable either, or am I mixing it
>> up with something else?)
>>
> 
> For the record, eBPF has at least two stages of validation:
>  - CFG analysis to find infinite loops that would deadlock,
>  - a simulator that tries to verify whether code paths are meaningful.
> 
> eBPF tries to prevent uninitialized memory read and read-only variable
> write.
> 
> Additionally eBPF can restrict pointer arithmetics.
> 
> But right, it's much easier to restrict loading any code into the kernel
> to a privileged user.
> 

We do not allow loading Lua bytecode by default. This means that the
verification is done by the compiler and it's difficult to crash the
interpreter on accident.

$ sysctl -d kern.lua.bytecode
kern.lua.bytecode = 0

Attachment: signature.asc
Description: OpenPGP digital signature



Home | Main Index | Thread Index | Old Index