Commit dd066823 authored Sep 12, 2018 by Alexei Starovoitov Committed by Daniel Borkmann Sep 12, 2018

bpf/verifier: disallow pointer subtraction



Subtraction of pointers was accidentally allowed for unpriv programs
by commit 82abbf8d. Revert that part of commit.

Fixes: 82abbf8d ("bpf: do not allow root to mangle valid pointers")
Reported-by: Jann Horn <jannh@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

parent 4b1c5d91

kernel/bpf/verifier.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -3163,7 +3163,7 @@ static int adjust_reg_min_max_vals(struct bpf_verifier_env *env,
		* an arbitrary scalar. Disallow all math except
		* pointer subtraction
		*/
		if (opcode == BPF_SUB){
		if (opcode == BPF_SUB && env->allow_ptr_leaks) {
		mark_reg_unknown(env, regs, insn->dst_reg);
		return 0;
		}