summaryrefslogtreecommitdiffstats
path: root/net/ipv4/fib_frontend.c
diff options
context:
space:
mode:
authorJosef Bacik <jbacik@fb.com>2016-11-14 21:45:36 +0100
committerDavid S. Miller <davem@davemloft.net>2016-11-16 19:21:45 +0100
commitf23cc643f9baec7f71f2b74692da3cf03abbbfda (patch)
tree7a4064ef679c1a0394386eaf5dc538c47c9007a7 /net/ipv4/fib_frontend.c
parentrtnetlink: fix rtnl message size computation for XDP (diff)
downloadlinux-f23cc643f9baec7f71f2b74692da3cf03abbbfda.tar.xz
linux-f23cc643f9baec7f71f2b74692da3cf03abbbfda.zip
bpf: fix range arithmetic for bpf map access
I made some invalid assumptions with BPF_AND and BPF_MOD that could result in invalid accesses to bpf map entries. Fix this up by doing a few things 1) Kill BPF_MOD support. This doesn't actually get used by the compiler in real life and just adds extra complexity. 2) Fix the logic for BPF_AND, don't allow AND of negative numbers and set the minimum value to 0 for positive AND's. 3) Don't do operations on the ranges if they are set to the limits, as they are by definition undefined, and allowing arithmetic operations on those values could make them appear valid when they really aren't. This fixes the testcase provided by Jann as well as a few other theoretical problems. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Josef Bacik <jbacik@fb.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/fib_frontend.c')
0 files changed, 0 insertions, 0 deletions