redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/kernel/bpf
History
Jann Horn 10fdfea70d bpf: 32-bit RSH verification must truncate input before the ALU op 
commit b799207e1e upstream.

When I wrote commit 468f6eafa6 ("bpf: fix 32-bit ALU op verification"), I
assumed that, in order to emulate 64-bit arithmetic with 32-bit logic, it
is sufficient to just truncate the output to 32 bits; and so I just moved
the register size coercion that used to be at the start of the function to
the end of the function.

That assumption is true for almost every op, but not for 32-bit right
shifts, because those can propagate information towards the least
significant bit. Fix it by always truncating inputs for 32-bit ops to 32
bits.

Also get rid of the coerce_reg_to_size() after the ALU op, since that has
no effect.

Fixes: 468f6eafa6 ("bpf: fix 32-bit ALU op verification")
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-10-10 08:54:22 +02:00
..
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
arraymap.c bpf: add schedule points in percpu arrays management 2018-03-11 16:23:22 +01:00
bpf_lru_list.c bpf: lru: Lower the PERCPU_NR_SCANS from 16 to 4 2017-04-17 13:55:52 -04:00
bpf_lru_list.h bpf: Only set node->ref = 1 if it has not been set 2017-09-01 09:57:39 -07:00
cgroup.c bpf: BPF support for sock_ops 2017-07-01 16:15:13 -07:00
core.c kmemcheck: remove annotations 2018-02-22 15:42:23 +01:00
devmap.c bpf: devmap fix arithmetic overflow in bitmap_size calculation 2017-10-22 00:54:09 +01:00
hashtab.c bpf: hash map: decrement counter on error 2018-08-24 13:09:12 +02:00
helpers.c bpf: rename ARG_PTR_TO_STACK 2017-01-09 16:56:27 -05:00
inode.c netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1' 2017-10-09 15:18:04 +02:00
lpm_trie.c bpf: fix rcu lockdep warning for lpm_trie map_free callback 2018-03-11 16:23:21 +01:00
map_in_map.c bpf: Add syscall lookup support for fd array and htab 2017-06-29 13:13:25 -04:00
map_in_map.h bpf: Add syscall lookup support for fd array and htab 2017-06-29 13:13:25 -04:00
percpu_freelist.c bpf: fix lockdep splat 2017-12-14 09:53:11 +01:00
percpu_freelist.h bpf: introduce percpu_freelist 2016-03-08 15:28:31 -05:00
sockmap.c bpf: sockmap: write_space events need to be passed to TCP handler 2018-10-03 17:00:58 -07:00
stackmap.c bpf: Allow selecting numa node during map creation 2017-08-19 21:35:43 -07:00
syscall.c bpf: skip unnecessary capability check 2018-03-28 18:24:50 +02:00
tnum.c bpf/verifier: track signed and unsigned min/max values 2017-08-08 17:51:34 -07:00
verifier.c bpf: 32-bit RSH verification must truncate input before the ALU op 2018-10-10 08:54:22 +02:00