Message ID | 1418362428-15067-1-git-send-email-sasha.levin@oracle.com |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
On Thu, Dec 11, 2014 at 9:33 PM, Sasha Levin <sasha.levin@oracle.com> wrote: > diff --git a/net/core/filter.c b/net/core/filter.c > index 8cc3c03..ec9baea 100644 > --- a/net/core/filter.c > +++ b/net/core/filter.c > @@ -1103,8 +1103,8 @@ int sk_attach_bpf(u32 ufd, struct sock *sk) > return -EPERM; > > prog = bpf_prog_get(ufd); > - if (!prog) > - return -EINVAL; > + if (IS_ERR(prog)) > + return PTR_ERR(prog); thank you for the fix, but the same fix is already applied to net-next and pushed all the way to: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=198bf1b046e370a7d3987b195cff5f1efebec3ac sorry for the headache that this bug caused. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/core/filter.c b/net/core/filter.c index 8cc3c03..ec9baea 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1103,8 +1103,8 @@ int sk_attach_bpf(u32 ufd, struct sock *sk) return -EPERM; prog = bpf_prog_get(ufd); - if (!prog) - return -EINVAL; + if (IS_ERR(prog)) + return PTR_ERR(prog); if (prog->aux->prog_type != BPF_PROG_TYPE_SOCKET_FILTER) { /* valid fd, but invalid program type */
Commit "net: sock: allow eBPF programs to be attached to sockets" didn't correctly handle the case where there is a failure getting the prog from a given fd. This allows for easy NULL ptr deref from userspace. Signed-off-by: Sasha Levin <sasha.levin@oracle.com> --- net/core/filter.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)