bpf: Fix mask direction swap upon off reg sign change - linux - Linux Kernel (branches are rebased on master from time to time)

diff options

author	Daniel Borkmann <daniel@iogearbox.net>	2021-05-21 10:19:22 +0000
committer	Daniel Borkmann <daniel@iogearbox.net>	2021-05-25 22:08:53 +0200
commit	bb01a1bba579b4b1c5566af24d95f1767859771e (patch)
tree	2a55730fe2493fef3e9067069bed9a5a89bc5ae7 /COPYING
parent	3d0220f6861d713213b015b582e9f21e5b28d2e0 (diff)
download	linux-bb01a1bba579b4b1c5566af24d95f1767859771e.tar.bz2

bpf: Fix mask direction swap upon off reg sign change

Masking direction as indicated via mask_to_left is considered to be calculated once and then used to derive pointer limits. Thus, this needs to be placed into bpf_sanitize_info instead so we can pass it to sanitize_ptr_alu() call after the pointer move. Piotr noticed a corner case where the off reg causes masking direction change which then results in an incorrect final aux->alu_limit. Fixes: 7fedb63a8307 ("bpf: Tighten speculative pointer arithmetic mask") Reported-by: Piotr Krysiuk <piotras@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Piotr Krysiuk <piotras@gmail.com> Acked-by: Alexei Starovoitov <ast@kernel.org>

Diffstat (limited to 'COPYING')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: