projects / linux-4.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d60d4e8) | patch
bpf: improve verifier packet range checks
authorAlexei Starovoitov <ast@fb.com>
Fri, 24 Mar 2017 22:57:33 +0000 (15:57 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 3 May 2017 15:36:35 +0000 (08:36 -0700)
commit0ea3c235779ac1eb132ba15e754995090e18a26b
treed89f14a8384d6225e315ec4595a8f692b7e345f6tree | snapshot
parentd60d4e8c1b73608b6af3bc384e88c062485fd95ecommit | diff
bpf: improve verifier packet range checks

[ Upstream commit b1977682a3858b5584ffea7cfb7bd863f68db18d ]

llvm can optimize the 'if (ptr > data_end)' checks to be in the order
slightly different than the original C code which will confuse verifier.
Like:
if (ptr + 16 > data_end)
  return TC_ACT_SHOT;
// may be followed by
if (ptr + 14 > data_end)
  return TC_ACT_SHOT;
while llvm can see that 'ptr' is valid for all 16 bytes,
the verifier could not.
Fix verifier logic to account for such case and add a test.

Reported-by: Huapeng Zhou <hzhou@fb.com>
Fixes: 969bf05eb3ce ("bpf: direct packet access")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
kernel/bpf/verifier.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.