bpf: Use correct permission flag for mixed signed bounds arithmetic
[ Upstream commit9601148392
] Fix CVE: CVE-2021-46908 We forbid adding unknown scalars with mixed signed bounds due to the spectre v1 masking mitigation. Hence this also needs bypass_spec_v1 flag instead of allow_ptr_leaks. Fixes:2c78ee898d
("bpf: Implement CAP_BPF") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: John Fastabend <john.fastabend@gmail.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Haisu Wang <haisuwang@tencent.com> Signed-off-by: Jianping Liu <frankjpliu@tencent.com>
This commit is contained in:
parent
88c84e098a
commit
effb291aab
|
@ -5609,7 +5609,7 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
|
||||||
return -EACCES;
|
return -EACCES;
|
||||||
case PTR_TO_MAP_KEY:
|
case PTR_TO_MAP_KEY:
|
||||||
case PTR_TO_MAP_VALUE:
|
case PTR_TO_MAP_VALUE:
|
||||||
if (!env->allow_ptr_leaks && !known && (smin_val < 0) != (smax_val < 0)) {
|
if (!env->bypass_spec_v1 && !known && (smin_val < 0) != (smax_val < 0)) {
|
||||||
verbose(env, "R%d has unknown scalar with mixed signed bounds, pointer arithmetic with it prohibited for !root\n",
|
verbose(env, "R%d has unknown scalar with mixed signed bounds, pointer arithmetic with it prohibited for !root\n",
|
||||||
dst);
|
dst);
|
||||||
return -EACCES;
|
return -EACCES;
|
||||||
|
|
Loading…
Reference in New Issue