diff options
author | Daniel Borkmann <daniel@iogearbox.net> | 2018-10-24 22:05:46 +0200 |
---|---|---|
committer | Alexei Starovoitov <ast@kernel.org> | 2018-10-25 17:02:06 -0700 |
commit | d5563d367c2ce48ea3d675c77f7109f37311943d (patch) | |
tree | e0e5d11319f153c2d31379f5c080f5d71dee35b2 /kernel/bpf/verifier.c | |
parent | 5d66fa7d9e9e9399ddfdc530f352dd6f7c724485 (diff) | |
download | lwn-d5563d367c2ce48ea3d675c77f7109f37311943d.tar.gz lwn-d5563d367c2ce48ea3d675c77f7109f37311943d.zip |
bpf: fix cg_skb types to hint access type in may_access_direct_pkt_data
Commit b39b5f411dcf ("bpf: add cg_skb_is_valid_access for
BPF_PROG_TYPE_CGROUP_SKB") added direct packet access for skbs in
cg_skb program types, however allowed access type was not added to
the may_access_direct_pkt_data() helper. Therefore the latter always
returns false. This is not directly an issue, it just means writes
are unconditionally disabled (which is correct) but also reads.
Latter is relevant in this function when BPF helpers may read direct
packet data which is unconditionally disabled then. Fix it by properly
adding BPF_PROG_TYPE_CGROUP_SKB to may_access_direct_pkt_data().
Fixes: b39b5f411dcf ("bpf: add cg_skb_is_valid_access for BPF_PROG_TYPE_CGROUP_SKB")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'kernel/bpf/verifier.c')
-rw-r--r-- | kernel/bpf/verifier.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index b0cc8f2ff95f..5fc9a658af0e 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -1393,6 +1393,7 @@ static bool may_access_direct_pkt_data(struct bpf_verifier_env *env, case BPF_PROG_TYPE_LWT_SEG6LOCAL: case BPF_PROG_TYPE_SK_REUSEPORT: case BPF_PROG_TYPE_FLOW_DISSECTOR: + case BPF_PROG_TYPE_CGROUP_SKB: if (t == BPF_WRITE) return false; /* fallthrough */ |