diff options
author | Alexei Starovoitov <ast@kernel.org> | 2020-01-31 16:03:14 -0800 |
---|---|---|
committer | Daniel Borkmann <daniel@iogearbox.net> | 2020-02-04 00:06:07 +0100 |
commit | 257af63d7f84f0672aa6a24b5511871f00741f19 (patch) | |
tree | 2f7453642cf117d0550a4af58b15a1ae312d1139 /kernel | |
parent | a525b0881de7742617343f02df4073ddc1571237 (diff) | |
download | linux-257af63d7f84f0672aa6a24b5511871f00741f19.tar.bz2 |
bpf: Fix modifier skipping logic
Fix the way modifiers are skipped while walking pointers. Otherwise second
level dereferences of 'const struct foo *' will be rejected by the verifier.
Fixes: 9e15db66136a ("bpf: Implement accurate raw_tp context access via BTF")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20200201000314.261392-1-ast@kernel.org
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/bpf/btf.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index 8c9d8f266bef..805c43b083e9 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -3931,6 +3931,7 @@ again: if (btf_type_is_ptr(mtype)) { const struct btf_type *stype; + u32 id; if (msize != size || off != moff) { bpf_log(log, @@ -3939,12 +3940,9 @@ again: return -EACCES; } - stype = btf_type_by_id(btf_vmlinux, mtype->type); - /* skip modifiers */ - while (btf_type_is_modifier(stype)) - stype = btf_type_by_id(btf_vmlinux, stype->type); + stype = btf_type_skip_modifiers(btf_vmlinux, mtype->type, &id); if (btf_type_is_struct(stype)) { - *next_btf_id = mtype->type; + *next_btf_id = id; return PTR_TO_BTF_ID; } } |