Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 4d54f7df authored by Daniel Borkmann's avatar Daniel Borkmann Committed by Greg Kroah-Hartman
Browse files

bpf/verifier: fix bounds calculation on BPF_RSH 




From: Edward Cree <ecree@solarflare.com>

[ Upstream commit 4374f256ce8182019353c0c639bb8d0695b4c941 ]

Incorrect signed bounds were being computed.
If the old upper signed bound was positive and the old lower signed bound was
negative, this could cause the new upper signed bound to be too low,
leading to security issues.

Fixes: b03c9f9f ("bpf/verifier: track signed and unsigned min/max values")
Reported-by: default avatarJann Horn <jannh@google.com>
Signed-off-by: default avatarEdward Cree <ecree@solarflare.com>
Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
[jannh@google.com: changed description to reflect bug impact]
Signed-off-by: default avatarJann Horn <jannh@google.com>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 82a9d62f
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment