diff options
| author | Arnd Bergmann <arnd@arndb.de> | 2017-11-02 12:05:52 +0100 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-11-03 14:20:22 +0900 |
| commit | eba0c929d1d0f16c4b03628b7bf8ce363b9e5c9a (patch) | |
| tree | 31b61a4bf69c68a925ffedd626ab3fef0c9b0ba2 /kernel/bpf/verifier.c | |
| parent | 7cce782ef32f5003c18ab8f9f586f2ed5ce2c33e (diff) | |
| download | op-kernel-dev-eba0c929d1d0f16c4b03628b7bf8ce363b9e5c9a.zip op-kernel-dev-eba0c929d1d0f16c4b03628b7bf8ce363b9e5c9a.tar.gz | |
bpf: fix out-of-bounds access warning in bpf_check
The bpf_verifer_ops array is generated dynamically and may be
empty depending on configuration, which then causes an out
of bounds access:
kernel/bpf/verifier.c: In function 'bpf_check':
kernel/bpf/verifier.c:4320:29: error: array subscript is above array bounds [-Werror=array-bounds]
This adds a check to the start of the function as a workaround.
I would assume that the function is never called in that configuration,
so the warning is probably harmless.
Fixes: 00176a34d9e2 ("bpf: remove the verifier ops from program structure")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel/bpf/verifier.c')
| -rw-r--r-- | kernel/bpf/verifier.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 5f3799d..ab5aa54 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -4474,6 +4474,10 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr) struct bpf_verifer_log *log; int ret = -EINVAL; + /* no program is valid */ + if (ARRAY_SIZE(bpf_verifier_ops) == 0) + return -EINVAL; + /* 'struct bpf_verifier_env' can be global, but since it's not small, * allocate/free it every time bpf_check() is called */ |
