diff options
author | Alexei Starovoitov <ast@fb.com> | 2017-03-24 15:57:33 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-03-24 20:51:28 -0700 |
commit | b1977682a3858b5584ffea7cfb7bd863f68db18d (patch) | |
tree | f255d32b2a4e2b72811b36bbd04b27ef9fd2a947 /init | |
parent | 43a6684519ab0a6c52024b5e25322476cabad893 (diff) | |
download | op-kernel-dev-b1977682a3858b5584ffea7cfb7bd863f68db18d.zip op-kernel-dev-b1977682a3858b5584ffea7cfb7bd863f68db18d.tar.gz |
bpf: improve verifier packet range checks
llvm can optimize the 'if (ptr > data_end)' checks to be in the order
slightly different than the original C code which will confuse verifier.
Like:
if (ptr + 16 > data_end)
return TC_ACT_SHOT;
// may be followed by
if (ptr + 14 > data_end)
return TC_ACT_SHOT;
while llvm can see that 'ptr' is valid for all 16 bytes,
the verifier could not.
Fix verifier logic to account for such case and add a test.
Reported-by: Huapeng Zhou <hzhou@fb.com>
Fixes: 969bf05eb3ce ("bpf: direct packet access")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'init')
0 files changed, 0 insertions, 0 deletions