diff options
author | Daniel Borkmann <daniel@iogearbox.net> | 2018-10-24 22:05:49 +0200 |
---|---|---|
committer | Alexei Starovoitov <ast@kernel.org> | 2018-10-25 17:02:06 -0700 |
commit | b09928b976280d64060d7bee146d7df5c5a29bef (patch) | |
tree | 56255e6f507f2685a1ff991502711cdbe5de20e9 /kernel | |
parent | d3f66e4116aff8dd0d5bd4067295b9ddb5e2c29c (diff) | |
download | linux-b09928b976280d64060d7bee146d7df5c5a29bef.tar.bz2 |
bpf: make direct packet write unclone more robust
Given this seems to be quite fragile and can easily slip through the
cracks, lets make direct packet write more robust by requiring that
future program types which allow for such write must provide a prologue
callback. In case of XDP and sk_msg it's noop, thus add a generic noop
handler there. The latter starts out with NULL data/data_end unconditionally
when sg pages are shared.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/bpf/verifier.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 5fc9a658af0e..171a2c88e77d 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5709,7 +5709,11 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) bool is_narrower_load; u32 target_size; - if (ops->gen_prologue) { + if (ops->gen_prologue || env->seen_direct_write) { + if (!ops->gen_prologue) { + verbose(env, "bpf verifier is misconfigured\n"); + return -EINVAL; + } cnt = ops->gen_prologue(insn_buf, env->seen_direct_write, env->prog); if (cnt >= ARRAY_SIZE(insn_buf)) { |