projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 82a9d62) | patch
bpf/verifier: fix bounds calculation on BPF_RSH
authorDaniel Borkmann <daniel@iogearbox.net>
Fri, 22 Dec 2017 15:23:04 +0000 (16:23 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 25 Dec 2017 13:26:32 +0000 (14:26 +0100)
commit4d54f7df5131d67f653f674003ec5f52c9818b53
treeedbfb5cb93942aa781cd9da58a9ae8f6275752a3tree | snapshot (tar.gz zip)
parent82a9d62f603f0cb5549c4ca554f06e70510b7296commit | diff
bpf/verifier: fix bounds calculation on BPF_RSH

From: Edward Cree <ecree@solarflare.com>

[ Upstream commit 4374f256ce8182019353c0c639bb8d0695b4c941 ]

Incorrect signed bounds were being computed.
If the old upper signed bound was positive and the old lower signed bound was
negative, this could cause the new upper signed bound to be too low,
leading to security issues.

Fixes: b03c9f9fdc37 ("bpf/verifier: track signed and unsigned min/max values")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Edward Cree <ecree@solarflare.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
[jannh@google.com: changed description to reflect bug impact]
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
kernel/bpf/verifier.c diff | blob | blame | history