git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit

author	Alexei Starovoitov <ast@fb.com>
	Fri, 24 Mar 2017 22:57:33 +0000 (15:57 -0700)
committer	Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
	Wed, 17 May 2017 16:38:34 +0000 (13:38 -0300)
commit	ff6caf60e923ca9f6af4ea1aeef38b11690d8fb6
tree	1973c581e382670692c231acbb32a6aa2281ccb9	tree
parent	502b452836d14f918c1c4a2dbc805b1268f1f15d	commit \| diff

bpf: improve verifier packet range checks

BugLink: http://bugs.launchpad.net/bugs/1688499
[ Upstream commit b1977682a3858b5584ffea7cfb7bd863f68db18d ]

llvm can optimize the 'if (ptr > data_end)' checks to be in the order
slightly different than the original C code which will confuse verifier.
Like:
if (ptr + 16 > data_end)
return TC_ACT_SHOT;
// may be followed by
if (ptr + 14 > data_end)
return TC_ACT_SHOT;
while llvm can see that 'ptr' is valid for all 16 bytes,
the verifier could not.
Fix verifier logic to account for such case and add a test.

Reported-by: Huapeng Zhou <hzhou@fb.com>
Fixes: 969bf05eb3ce ("bpf: direct packet access")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

kernel/bpf/verifier.c		diff \| blob \| blame \| history
tools/testing/selftests/bpf/test_verifier.c		diff \| blob \| blame \| history