Message ID | 20200909171155.256601-8-lmb@cloudflare.com |
---|---|
State | Changes Requested |
Delegated to: | BPF Maintainers |
Headers | show |
Series | Make check_func_arg type checks table driven | expand |
On Wed, Sep 09, 2020 at 06:11:51PM +0100, Lorenz Bauer wrote: > Always check context access if the register we're operating on is > PTR_TO_CTX, rather than relying on ARG_PTR_TO_CTX. This allows > simplifying the arg_type checking section of the function. Acked-by: Martin KaFai Lau <kafai@fb.com>
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 43df3bae93aa..41643e179e14 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -3974,9 +3974,6 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, arg_type == ARG_PTR_TO_CTX_OR_NULL)) { if (type != expected_type) goto err_type; - err = check_ctx_reg(env, reg, regno); - if (err < 0) - return err; } } else if (arg_type == ARG_PTR_TO_SOCK_COMMON) { expected_type = PTR_TO_SOCK_COMMON; @@ -4060,6 +4057,10 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, regno); return -EACCES; } + } else if (type == PTR_TO_CTX) { + err = check_ctx_reg(env, reg, regno); + if (err < 0) + return err; } if (reg->ref_obj_id) {
Always check context access if the register we're operating on is PTR_TO_CTX, rather than relying on ARG_PTR_TO_CTX. This allows simplifying the arg_type checking section of the function. Signed-off-by: Lorenz Bauer <lmb@cloudflare.com> --- kernel/bpf/verifier.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)