linux-stable.git - Linux kernel stable tree

diff options

author	Yafang Shao <laoar.shao@gmail.com>	2023-08-23 02:07:02 +0000
committer	Alexei Starovoitov <ast@kernel.org>	2023-08-23 09:37:29 -0700
commit	d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2 (patch)
tree	42d97e175fd3cd19be6a8fb6c2de96afb9f0646f /tools
parent	29d67fdebc42af6466d1909c60fdd1ef4f3e5240 (diff)
download	linux-stable-d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2.tar.gz linux-stable-d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2.tar.bz2 linux-stable-d75e30dddf73449bc2d10bb8e2f1a2c446bc67a2.zip

bpf: Fix issue in verifying allow_ptr_leaks

After we converted the capabilities of our networking-bpf program from cap_sys_admin to cap_net_admin+cap_bpf, our networking-bpf program failed to start. Because it failed the bpf verifier, and the error log is "R3 pointer comparison prohibited". A simple reproducer as follows, SEC("cls-ingress") int ingress(struct __sk_buff *skb) { struct iphdr *iph = (void *)(long)skb->data + sizeof(struct ethhdr); if ((long)(iph + 1) > (long)skb->data_end) return TC_ACT_STOLEN; return TC_ACT_OK; } Per discussion with Yonghong and Alexei [1], comparison of two packet pointers is not a pointer leak. This patch fixes it. Our local kernel is 6.1.y and we expect this fix to be backported to 6.1.y, so stable is CCed. [1]. https://lore.kernel.org/bpf/CAADnVQ+Nmspr7Si+pxWn8zkE7hX-7s93ugwC+94aXSy4uQ9vBg@mail.gmail.com/ Suggested-by: Yonghong Song <yonghong.song@linux.dev> Suggested-by: Alexei Starovoitov <alexei.starovoitov@gmail.com> Signed-off-by: Yafang Shao <laoar.shao@gmail.com> Acked-by: Eduard Zingerman <eddyz87@gmail.com> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20230823020703.3790-2-laoar.shao@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>

Diffstat (limited to 'tools')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: