summaryrefslogtreecommitdiffstats
path: root/kernel/bpf
diff options
context:
space:
mode:
authorDaniel Borkmann <daniel@iogearbox.net>2017-06-11 00:50:43 +0200
committerDavid S. Miller <davem@davemloft.net>2017-06-11 01:05:45 +0200
commit36e24c003091a11ec847291c9a1d36d2ec92b155 (patch)
treef9fa3bc275aeb97f131a5e0ed1a3207f8d69565f /kernel/bpf
parentbpf: reset id on CONST_IMM transition (diff)
downloadlinux-36e24c003091a11ec847291c9a1d36d2ec92b155.tar.xz
linux-36e24c003091a11ec847291c9a1d36d2ec92b155.zip
bpf: reset id on spilled regs in clear_all_pkt_pointers
Right now, we don't reset the id of spilled registers in case of clear_all_pkt_pointers(). Given pkt_pointers are highly likely to contain an id, do so by reusing __mark_reg_unknown_value(). Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel/bpf')
-rw-r--r--kernel/bpf/verifier.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index d195d825515a..519a6144d3d3 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1346,8 +1346,8 @@ static void clear_all_pkt_pointers(struct bpf_verifier_env *env)
if (reg->type != PTR_TO_PACKET &&
reg->type != PTR_TO_PACKET_END)
continue;
- reg->type = UNKNOWN_VALUE;
- reg->imm = 0;
+ __mark_reg_unknown_value(state->spilled_regs,
+ i / BPF_REG_SIZE);
}
}