Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/kernel/bpf
History
Daniel Borkmann d3bd7413e0 bpf: fix sanitation of alu op with pointer / scalar type from different paths 
While 979d63d50c ("bpf: prevent out of bounds speculation on pointer
arithmetic") took care of rejecting alu op on pointer when e.g. pointer
came from two different map values with different map properties such as
value size, Jann reported that a case was not covered yet when a given
alu op is used in both "ptr_reg += reg" and "numeric_reg += reg" from
different branches where we would incorrectly try to sanitize based
on the pointer's limit. Catch this corner case and reject the program
instead.

Fixes: 979d63d50c ("bpf: prevent out of bounds speculation on pointer arithmetic")
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
 		2019-01-05 21:32:38 -08:00
..
Makefile
arraymap.c
bpf_lru_list.c
bpf_lru_list.h
btf.c bpf: log struct/union attribute for forward type 2018-12-19 00:47:56 +01:00
cgroup.c
core.c bpf: enable access to ax register also from verifier rewrite 2019-01-02 16:01:24 -08:00
cpumap.c bpf/cpumap: make sure frame_size for build_skb is aligned if headroom isn't 2018-12-20 23:19:12 +01:00
devmap.c
disasm.c
disasm.h
hashtab.c
helpers.c
inode.c
local_storage.c bpf: enable cgroup local storage map pretty print with kind_flag 2018-12-18 01:11:59 +01:00
lpm_trie.c
map_in_map.c
map_in_map.h
offload.c
percpu_freelist.c
percpu_freelist.h
queue_stack_maps.c
reuseport_array.c
stackmap.c
syscall.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
tnum.c
verifier.c bpf: fix sanitation of alu op with pointer / scalar type from different paths 2019-01-05 21:32:38 -08:00
xskmap.c