diff options
| author | David S. Miller <davem@davemloft.net> | 2016-06-15 23:37:55 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-06-15 23:37:55 -0700 |
| commit | 8c08c7325ec36c9d338cedebc4570b567fa9a740 (patch) | |
| tree | 742f85968aea27bc975164e839dbc00312d3184a /net | |
| parent | e582615ad33dbd39623084a02e95567b116e1eea (diff) | |
| parent | ad572d174787daa59e24b8b5c83028c09cdb5ddb (diff) | |
Merge branch 'bpf-fixes'
Alexei Starovoitov says:
====================
bpf fixes
Fixes for two bpf bugs:
1st bug reported by Sasha Goldshtein here:
https://github.com/iovisor/bcc/issues/570
2nd discovered by Daniel Borkmann by manual code analysis.
See patches for details.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/core/filter.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/net/core/filter.c b/net/core/filter.c index 68adb5f52110..c4b330c85c02 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -2085,7 +2085,8 @@ static bool __is_valid_access(int off, int size, enum bpf_access_type type) } static bool sk_filter_is_valid_access(int off, int size, - enum bpf_access_type type) + enum bpf_access_type type, + enum bpf_reg_type *reg_type) { switch (off) { case offsetof(struct __sk_buff, tc_classid): @@ -2108,7 +2109,8 @@ static bool sk_filter_is_valid_access(int off, int size, } static bool tc_cls_act_is_valid_access(int off, int size, - enum bpf_access_type type) + enum bpf_access_type type, + enum bpf_reg_type *reg_type) { if (type == BPF_WRITE) { switch (off) { @@ -2123,6 +2125,16 @@ static bool tc_cls_act_is_valid_access(int off, int size, return false; } } + + switch (off) { + case offsetof(struct __sk_buff, data): + *reg_type = PTR_TO_PACKET; + break; + case offsetof(struct __sk_buff, data_end): + *reg_type = PTR_TO_PACKET_END; + break; + } + return __is_valid_access(off, size, type); } |