Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Alexei Starovoitov says: ==================== pull-request: bpf 2020-05-29 The following pull-request contains BPF updates for your *net* tree. We've added 6 non-merge commits during the last 7 day(s) which contain a total of 4 files changed, 55 insertions(+), 34 deletions(-). The main changes are: 1) minor verifier fix for fmod_ret progs, from Alexei. 2) af_xdp overflow check, from Bjorn. 3) minor verifier fix for 32bit assignment, from John. 4) powerpc has non-overlapping addr space, from Petr. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
@@ -1168,14 +1168,14 @@ static void __reg_assign_32_into_64(struct bpf_reg_state *reg)
|
||||
* but must be positive otherwise set to worse case bounds
|
||||
* and refine later from tnum.
|
||||
*/
|
||||
if (reg->s32_min_value > 0)
|
||||
reg->smin_value = reg->s32_min_value;
|
||||
else
|
||||
reg->smin_value = 0;
|
||||
if (reg->s32_max_value > 0)
|
||||
if (reg->s32_min_value >= 0 && reg->s32_max_value >= 0)
|
||||
reg->smax_value = reg->s32_max_value;
|
||||
else
|
||||
reg->smax_value = U32_MAX;
|
||||
if (reg->s32_min_value >= 0)
|
||||
reg->smin_value = reg->s32_min_value;
|
||||
else
|
||||
reg->smin_value = 0;
|
||||
}
|
||||
|
||||
static void __reg_combine_32_into_64(struct bpf_reg_state *reg)
|
||||
@@ -10428,22 +10428,13 @@ static int check_struct_ops_btf_id(struct bpf_verifier_env *env)
|
||||
}
|
||||
#define SECURITY_PREFIX "security_"
|
||||
|
||||
static int check_attach_modify_return(struct bpf_verifier_env *env)
|
||||
static int check_attach_modify_return(struct bpf_prog *prog, unsigned long addr)
|
||||
{
|
||||
struct bpf_prog *prog = env->prog;
|
||||
unsigned long addr = (unsigned long) prog->aux->trampoline->func.addr;
|
||||
|
||||
/* This is expected to be cleaned up in the future with the KRSI effort
|
||||
* introducing the LSM_HOOK macro for cleaning up lsm_hooks.h.
|
||||
*/
|
||||
if (within_error_injection_list(addr) ||
|
||||
!strncmp(SECURITY_PREFIX, prog->aux->attach_func_name,
|
||||
sizeof(SECURITY_PREFIX) - 1))
|
||||
return 0;
|
||||
|
||||
verbose(env, "fmod_ret attach_btf_id %u (%s) is not modifiable\n",
|
||||
prog->aux->attach_btf_id, prog->aux->attach_func_name);
|
||||
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
@@ -10654,11 +10645,18 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
if (prog->expected_attach_type == BPF_MODIFY_RETURN) {
|
||||
ret = check_attach_modify_return(prog, addr);
|
||||
if (ret)
|
||||
verbose(env, "%s() is not modifiable\n",
|
||||
prog->aux->attach_func_name);
|
||||
}
|
||||
|
||||
if (ret)
|
||||
goto out;
|
||||
tr->func.addr = (void *)addr;
|
||||
prog->aux->trampoline = tr;
|
||||
|
||||
if (prog->expected_attach_type == BPF_MODIFY_RETURN)
|
||||
ret = check_attach_modify_return(env);
|
||||
out:
|
||||
mutex_unlock(&tr->mutex);
|
||||
if (ret)
|
||||
|
||||
Reference in New Issue
Block a user