bpf: reset id on spilled regs in clear_all_pkt_pointers
authorDaniel Borkmann <daniel@iogearbox.net>
Sat, 10 Jun 2017 22:50:43 +0000 (00:50 +0200)
committerDavid S. Miller <davem@davemloft.net>
Sat, 10 Jun 2017 23:05:45 +0000 (19:05 -0400)
Right now, we don't reset the id of spilled registers in case of
clear_all_pkt_pointers(). Given pkt_pointers are highly likely to
contain an id, do so by reusing __mark_reg_unknown_value().

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
kernel/bpf/verifier.c

index d195d825515aac119f5c13637cabe41d3b25a26d..519a6144d3d3a90f3a28b2eddc85adba9943d267 100644 (file)
@@ -1346,8 +1346,8 @@ static void clear_all_pkt_pointers(struct bpf_verifier_env *env)
                if (reg->type != PTR_TO_PACKET &&
                    reg->type != PTR_TO_PACKET_END)
                        continue;
-               reg->type = UNKNOWN_VALUE;
-               reg->imm = 0;
+               __mark_reg_unknown_value(state->spilled_regs,
+                                        i / BPF_REG_SIZE);
        }
 }