mirror of
https://github.com/torvalds/linux.git
synced 2024-12-01 08:31:37 +00:00
bpf: Move check_ptr_off_reg before check_map_access
Some functions in next patch want to use this function, and those functions will be called by check_map_access, hence move it before check_map_access. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Joanne Koong <joannelkoong@gmail.com> Link: https://lore.kernel.org/bpf/20220415160354.1050687-3-memxor@gmail.com
This commit is contained in:
parent
42ba130807
commit
e9147b4422
@ -3469,6 +3469,44 @@ static int check_mem_region_access(struct bpf_verifier_env *env, u32 regno,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int __check_ptr_off_reg(struct bpf_verifier_env *env,
|
||||
const struct bpf_reg_state *reg, int regno,
|
||||
bool fixed_off_ok)
|
||||
{
|
||||
/* Access to this pointer-typed register or passing it to a helper
|
||||
* is only allowed in its original, unmodified form.
|
||||
*/
|
||||
|
||||
if (reg->off < 0) {
|
||||
verbose(env, "negative offset %s ptr R%d off=%d disallowed\n",
|
||||
reg_type_str(env, reg->type), regno, reg->off);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
if (!fixed_off_ok && reg->off) {
|
||||
verbose(env, "dereference of modified %s ptr R%d off=%d disallowed\n",
|
||||
reg_type_str(env, reg->type), regno, reg->off);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
if (!tnum_is_const(reg->var_off) || reg->var_off.value) {
|
||||
char tn_buf[48];
|
||||
|
||||
tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
|
||||
verbose(env, "variable %s access var_off=%s disallowed\n",
|
||||
reg_type_str(env, reg->type), tn_buf);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int check_ptr_off_reg(struct bpf_verifier_env *env,
|
||||
const struct bpf_reg_state *reg, int regno)
|
||||
{
|
||||
return __check_ptr_off_reg(env, reg, regno, false);
|
||||
}
|
||||
|
||||
/* check read/write into a map element with possible variable offset */
|
||||
static int check_map_access(struct bpf_verifier_env *env, u32 regno,
|
||||
int off, int size, bool zero_size_allowed)
|
||||
@ -3980,44 +4018,6 @@ static int get_callee_stack_depth(struct bpf_verifier_env *env,
|
||||
}
|
||||
#endif
|
||||
|
||||
static int __check_ptr_off_reg(struct bpf_verifier_env *env,
|
||||
const struct bpf_reg_state *reg, int regno,
|
||||
bool fixed_off_ok)
|
||||
{
|
||||
/* Access to this pointer-typed register or passing it to a helper
|
||||
* is only allowed in its original, unmodified form.
|
||||
*/
|
||||
|
||||
if (reg->off < 0) {
|
||||
verbose(env, "negative offset %s ptr R%d off=%d disallowed\n",
|
||||
reg_type_str(env, reg->type), regno, reg->off);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
if (!fixed_off_ok && reg->off) {
|
||||
verbose(env, "dereference of modified %s ptr R%d off=%d disallowed\n",
|
||||
reg_type_str(env, reg->type), regno, reg->off);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
if (!tnum_is_const(reg->var_off) || reg->var_off.value) {
|
||||
char tn_buf[48];
|
||||
|
||||
tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
|
||||
verbose(env, "variable %s access var_off=%s disallowed\n",
|
||||
reg_type_str(env, reg->type), tn_buf);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int check_ptr_off_reg(struct bpf_verifier_env *env,
|
||||
const struct bpf_reg_state *reg, int regno)
|
||||
{
|
||||
return __check_ptr_off_reg(env, reg, regno, false);
|
||||
}
|
||||
|
||||
static int __check_buffer_access(struct bpf_verifier_env *env,
|
||||
const char *buf_info,
|
||||
const struct bpf_reg_state *reg,
|
||||
|
Loading…
Reference in New Issue
Block a user