git.baikalelectronics.ru Git - kernel.git/commit

author	Daniel Borkmann <daniel@iogearbox.net>
	Mon, 10 Jan 2022 14:40:40 +0000 (14:40 +0000)
committer	Daniel Borkmann <daniel@iogearbox.net>
	Wed, 19 Jan 2022 00:21:34 +0000 (01:21 +0100)
commit	334e65347d8e35c44e5855a6c609fd542dc05fdc
tree	6132c63fd118dc7a9a2f5e636f00d7f217cfad1f	tree \| snapshot
parent	8a37ab4e566223ee3c5d77e0af3fc85d5c04db30	commit \| diff

bpf: Generally fix helper register offset check

Right now the assertion on check_ptr_off_reg() is only enforced for register
types PTR_TO_CTX (and open coded also for PTR_TO_BTF_ID), however, this is
insufficient since many other PTR_TO_* register types such as PTR_TO_FUNC do
not handle/expect register offsets when passed to helper functions.

Given this can slip-through easily when adding new types, make this an explicit
allow-list and reject all other current and future types by default if this is
encountered.

Also, extend check_ptr_off_reg() to handle PTR_TO_BTF_ID as well instead of
duplicating it. For PTR_TO_BTF_ID, reg->off is used for BTF to match expected
BTF ids if struct offset is used. This part still needs to be allowed, but the
dynamic off from the tnum must be rejected.

Fixes: 1ddf7323058b ("bpf: Add bpf_for_each_map_elem() helper")
Fixes: c43edca94f4c ("bpf: Introduce bpf_per_cpu_ptr()")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>