projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e582615) | patch
bpf: fix matching of data/data_end in verifier
authorAlexei Starovoitov <ast@fb.com>
Thu, 16 Jun 2016 01:25:38 +0000 (18:25 -0700)
committerDavid S. Miller <davem@davemloft.net>
Thu, 16 Jun 2016 06:37:54 +0000 (23:37 -0700)
commit19de99f70b87fcc3338da52a89c439b088cbff71
tree43b5ff80043ee9ea62e09fe568502c9d68a188eetree | snapshot (tar.gz zip)
parente582615ad33dbd39623084a02e95567b116e1eeacommit | diff
bpf: fix matching of data/data_end in verifier

The ctx structure passed into bpf programs is different depending on bpf
program type. The verifier incorrectly marked ctx->data and ctx->data_end
access based on ctx offset only. That caused loads in tracing programs
int bpf_prog(struct pt_regs *ctx) { .. ctx->ax .. }
to be incorrectly marked as PTR_TO_PACKET which later caused verifier
to reject the program that was actually valid in tracing context.
Fix this by doing program type specific matching of ctx offsets.

Fixes: 969bf05eb3ce ("bpf: direct packet access")
Reported-by: Sasha Goldshtein <goldshtn@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/bpf.h diff | blob | blame | history
kernel/bpf/verifier.c diff | blob | blame | history
kernel/trace/bpf_trace.c diff | blob | blame | history
net/core/filter.c diff | blob | blame | history