Skip to content

Commit e67b8a6

Browse files
ecree-solarflaredavem330
ecree-solarflare
authored and
davem330
committed
bpf/verifier: reject BPF_ALU64|BPF_END
Neither ___bpf_prog_run nor the JITs accept it. Also adds a new test case. Fixes: 17a5267 ("bpf: verifier (add verifier core)") Signed-off-by: Edward Cree <[email protected]> Acked-by: Alexei Starovoitov <[email protected]> Acked-by: Daniel Borkmann <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent 8c7c19a commit e67b8a6

File tree

2 files changed

+18
-1
lines changed

2 files changed

+18
-1
lines changed

kernel/bpf/verifier.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2292,7 +2292,8 @@ static int check_alu_op(struct bpf_verifier_env *env, struct bpf_insn *insn)
22922292
}
22932293
} else {
22942294
if (insn->src_reg != BPF_REG_0 || insn->off != 0 ||
2295-
(insn->imm != 16 && insn->imm != 32 && insn->imm != 64)) {
2295+
(insn->imm != 16 && insn->imm != 32 && insn->imm != 64) ||
2296+
BPF_CLASS(insn->code) == BPF_ALU64) {
22962297
verbose("BPF_END uses reserved fields\n");
22972298
return -EINVAL;
22982299
}

tools/testing/selftests/bpf/test_verifier.c

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6629,6 +6629,22 @@ static struct bpf_test tests[] = {
66296629
.result = REJECT,
66306630
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
66316631
},
6632+
{
6633+
"invalid 64-bit BPF_END",
6634+
.insns = {
6635+
BPF_MOV32_IMM(BPF_REG_0, 0),
6636+
{
6637+
.code = BPF_ALU64 | BPF_END | BPF_TO_LE,
6638+
.dst_reg = BPF_REG_0,
6639+
.src_reg = 0,
6640+
.off = 0,
6641+
.imm = 32,
6642+
},
6643+
BPF_EXIT_INSN(),
6644+
},
6645+
.errstr = "BPF_END uses reserved fields",
6646+
.result = REJECT,
6647+
},
66326648
};
66336649

66346650
static int probe_filter_length(const struct bpf_insn *fp)

0 commit comments

Comments
 (0)