summaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
authorAlexei Starovoitov <ast@kernel.org>2017-12-18 20:12:00 -0800
committerDaniel Borkmann <daniel@iogearbox.net>2017-12-21 02:15:41 +0100
commitbb7f0f989ca7de1153bd128a40a71709e339fa03 (patch)
tree1667911dc70762b44fac20651cd8e23b73c257cf /tools
parent179d1c5602997fef5a940c6ddcf31212cbfebd14 (diff)
downloadlinux-bb7f0f989ca7de1153bd128a40a71709e339fa03.tar.bz2
bpf: fix integer overflows
There were various issues related to the limited size of integers used in the verifier: - `off + size` overflow in __check_map_access() - `off + reg->off` overflow in check_mem_access() - `off + reg->var_off.value` overflow or 32-bit truncation of `reg->var_off.value` in check_mem_access() - 32-bit truncation in check_stack_boundary() Make sure that any integer math cannot overflow by not allowing pointer math with large values. Also reduce the scope of "scalar op scalar" tracking. Fixes: f1174f77b50c ("bpf/verifier: rework value tracking") Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Diffstat (limited to 'tools')
0 files changed, 0 insertions, 0 deletions