diff options
| author | David S. Miller <davem@davemloft.net> | 2018-09-16 17:47:03 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-09-16 17:47:03 -0700 |
| commit | 0376d5dce0aa174e5e4cd8b8644a9ea40b9657f9 (patch) | |
| tree | 34f587fc2cf619a587e323c52b53338f97636439 | |
| parent | 4bf9ffa0fb5744ed40d7348c24fa9ae398b1d603 (diff) | |
| parent | 4c3d795cb012a378855543a775408fba1ccff6f2 (diff) | |
| download | powerpc-0376d5dce0aa174e5e4cd8b8644a9ea40b9657f9.tar.gz | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Daniel Borkmann says:
====================
pull-request: bpf 2018-09-16
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) Fix end boundary calculation in BTF for the type section, from Martin.
2) Fix and revert subtraction of pointers that was accidentally allowed
for unprivileged programs, from Alexei.
3) Fix bpf_msg_pull_data() helper by using __GFP_COMP in order to avoid
a warning in linearizing sg pages into a single one for large allocs,
from Tushar.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | kernel/bpf/btf.c | 2 | ||||
| -rw-r--r-- | kernel/bpf/verifier.c | 2 | ||||
| -rw-r--r-- | net/core/filter.c | 3 |
3 files changed, 4 insertions, 3 deletions
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index 2590700237c13c..138f0302692ec4 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -1844,7 +1844,7 @@ static int btf_check_all_metas(struct btf_verifier_env *env) hdr = &btf->hdr; cur = btf->nohdr_data + hdr->type_off; - end = btf->nohdr_data + hdr->type_len; + end = cur + hdr->type_len; env->log_type_id = 1; while (cur < end) { diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 92246117d2b039..bb07e74b34a225 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -3163,7 +3163,7 @@ static int adjust_reg_min_max_vals(struct bpf_verifier_env *env, * an arbitrary scalar. Disallow all math except * pointer subtraction */ - if (opcode == BPF_SUB){ + if (opcode == BPF_SUB && env->allow_ptr_leaks) { mark_reg_unknown(env, regs, insn->dst_reg); return 0; } diff --git a/net/core/filter.c b/net/core/filter.c index aecdeba052d3f0..5e00f2b85a5681 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -2344,7 +2344,8 @@ BPF_CALL_4(bpf_msg_pull_data, if (unlikely(bytes_sg_total > copy)) return -EINVAL; - page = alloc_pages(__GFP_NOWARN | GFP_ATOMIC, get_order(copy)); + page = alloc_pages(__GFP_NOWARN | GFP_ATOMIC | __GFP_COMP, + get_order(copy)); if (unlikely(!page)) return -ENOMEM; p = page_address(page); |