diff options
| author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-08-02 09:53:19 -0400 |
|---|---|---|
| committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-08-02 09:53:19 -0400 |
| commit | fe06eda9cfa431b199c1b6203d8bbe44e7e47c69 (patch) | |
| tree | 2b181f985a1fc3aaf2f94c2e22fff344dabbc02a | |
| parent | b7274c6e077388435e63e61459bdf8e997515d0d (diff) | |
| download | longterm-queue-4.12-fe06eda9cfa431b199c1b6203d8bbe44e7e47c69.tar.gz | |
bpf: borrow 4.9.x version of backport from stable-queue
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
| -rw-r--r-- | queue/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch | 51 |
1 files changed, 32 insertions, 19 deletions
diff --git a/queue/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch b/queue/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch index 25178f6..bafa97f 100644 --- a/queue/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch +++ b/queue/bpf-fix-incorrect-sign-extension-in-check_alu_op.patch @@ -1,9 +1,17 @@ -From 95a762e2c8c942780948091f8f2a4f32fce1ac6f Mon Sep 17 00:00:00 2001 +From foo@baz Fri Dec 22 16:57:35 CET 2017 +From: Daniel Borkmann <daniel@iogearbox.net> +Date: Fri, 22 Dec 2017 16:29:05 +0100 +Subject: bpf: fix incorrect sign extension in check_alu_op() +To: gregkh@linuxfoundation.org +Cc: ast@kernel.org, daniel@iogearbox.net, jannh@google.com, stable@vger.kernel.org +Message-ID: <20171222152905.3455-5-daniel@iogearbox.net> + +From: Daniel Borkmann <daniel@iogearbox.net> + + From: Jann Horn <jannh@google.com> -Date: Mon, 18 Dec 2017 20:11:54 -0800 -Subject: [PATCH] bpf: fix incorrect sign extension in check_alu_op() -commit 95a762e2c8c942780948091f8f2a4f32fce1ac6f upstream. +[ Upstream commit 95a762e2c8c942780948091f8f2a4f32fce1ac6f ] Distinguish between BPF_ALU64|BPF_MOV|BPF_K (load 32-bit immediate, sign-extended to 64-bit) @@ -23,26 +31,31 @@ Signed-off-by: Jann Horn <jannh@google.com> Acked-by: Edward Cree <ecree@solarflare.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +--- + kernel/bpf/verifier.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) -diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c -index 625e358ca765..c086010ae51e 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c -@@ -2408,7 +2408,13 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn) +@@ -1790,10 +1790,17 @@ static int check_alu_op(struct bpf_verif + /* case: R = imm * remember the value we stored into this reg */ - regs[insn->dst_reg].type = SCALAR_VALUE; -- __mark_reg_known(regs + insn->dst_reg, insn->imm); -+ if (BPF_CLASS(insn->code) == BPF_ALU64) { -+ __mark_reg_known(regs + insn->dst_reg, -+ insn->imm); -+ } else { -+ __mark_reg_known(regs + insn->dst_reg, -+ (u32)insn->imm); -+ } ++ u64 imm; ++ ++ if (BPF_CLASS(insn->code) == BPF_ALU64) ++ imm = insn->imm; ++ else ++ imm = (u32)insn->imm; ++ + regs[insn->dst_reg].type = CONST_IMM; +- regs[insn->dst_reg].imm = insn->imm; +- regs[insn->dst_reg].max_value = insn->imm; +- regs[insn->dst_reg].min_value = insn->imm; ++ regs[insn->dst_reg].imm = imm; ++ regs[insn->dst_reg].max_value = imm; ++ regs[insn->dst_reg].min_value = imm; } } else if (opcode > BPF_END) { --- -2.15.0 - |