From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Liu Jian <liujian56@huawei.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Song Liu <songliubraving@fb.com>
Subject: [PATCH 5.4 34/34] bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
Date: Fri, 3 Jun 2022 19:43:30 +0200 [thread overview]
Message-ID: <20220603173817.172203017@linuxfoundation.org> (raw)
In-Reply-To: <20220603173815.990072516@linuxfoundation.org>
From: Liu Jian <liujian56@huawei.com>
commit 45969b4152c1752089351cd6836a42a566d49bcf upstream.
The data length of skb frags + frag_list may be greater than 0xffff, and
skb_header_pointer can not handle negative offset. So, here INT_MAX is used
to check the validity of offset. Add the same change to the related function
skb_store_bytes.
Fixes: 05c74e5e53f6 ("bpf: add bpf_skb_load_bytes helper")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20220416105801.88708-2-liujian56@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/filter.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -1668,7 +1668,7 @@ BPF_CALL_5(bpf_skb_store_bytes, struct s
if (unlikely(flags & ~(BPF_F_RECOMPUTE_CSUM | BPF_F_INVALIDATE_HASH)))
return -EINVAL;
- if (unlikely(offset > 0xffff))
+ if (unlikely(offset > INT_MAX))
return -EFAULT;
if (unlikely(bpf_try_make_writable(skb, offset + len)))
return -EFAULT;
@@ -1703,7 +1703,7 @@ BPF_CALL_4(bpf_skb_load_bytes, const str
{
void *ptr;
- if (unlikely(offset > 0xffff))
+ if (unlikely(offset > INT_MAX))
goto err_clear;
ptr = skb_header_pointer(skb, offset, len, to);
next prev parent reply other threads:[~2022-06-03 17:52 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-03 17:42 [PATCH 5.4 00/34] 5.4.197-rc1 review Greg Kroah-Hartman
2022-06-03 17:42 ` [PATCH 5.4 01/34] lockdown: also lock down previous kgdb use Greg Kroah-Hartman
2022-06-03 17:42 ` [PATCH 5.4 02/34] x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests Greg Kroah-Hartman
2022-06-03 17:42 ` [PATCH 5.4 03/34] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 04/34] Input: goodix - fix spurious key release events Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 05/34] tcp: change source port randomizarion at connect() time Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 06/34] secure_seq: use the 64 bits of the siphash for port offset calculation Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 07/34] media: vim2m: Register video device after setting up internals Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 08/34] media: vim2m: initialize the media device earlier Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 09/34] ACPI: sysfs: Make sparse happy about address space in use Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 10/34] ACPI: sysfs: Fix BERT error region memory mapping Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 11/34] pinctrl: sunxi: fix f1c100s uart2 function Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 12/34] net: af_key: check encryption module availability consistency Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 13/34] net: ftgmac100: Disable hardware checksum on AST2600 Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 14/34] i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 15/34] drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 16/34] assoc_array: Fix BUG_ON during garbage collect Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 17/34] cfg80211: set custom regdomain after wiphy registration Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 18/34] drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 19/34] exec: Force single empty string when argv is empty Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 20/34] netfilter: conntrack: re-fetch conntrack after insertion Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 21/34] crypto: ecrdsa - Fix incorrect use of vli_cmp Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 22/34] zsmalloc: fix races between asynchronous zspage free and page migration Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 23/34] dm integrity: fix error code in dm_integrity_ctr() Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 24/34] dm crypt: make printing of the key constant-time Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 25/34] dm stats: add cond_resched when looping over entries Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 26/34] dm verity: set DM_TARGET_IMMUTABLE feature flag Greg Kroah-Hartman
2022-06-10 4:22 ` Oleksandr Tymoshenko
2022-06-10 5:15 ` Greg KH
2022-06-10 8:10 ` Oleksandr Tymoshenko
2022-06-10 15:11 ` Mike Snitzer
2022-06-13 9:13 ` Greg KH
2022-06-15 14:36 ` Guenter Roeck
2022-06-15 15:29 ` Mike Snitzer
2022-06-15 17:50 ` Guenter Roeck
2022-06-15 20:02 ` Mike Snitzer
2022-06-15 20:40 ` Guenter Roeck
2022-06-15 23:59 ` Guenter Roeck
2022-06-16 23:22 ` Guenter Roeck
2022-06-20 11:44 ` Greg KH
2022-06-21 16:35 ` [5.4.y PATCH v2] dm: remove special-casing of bio-based immutable singleton target on NVMe Mike Snitzer
2022-06-23 15:48 ` Greg KH
2022-06-03 17:43 ` [PATCH 5.4 27/34] raid5: introduce MD_BROKEN Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 28/34] HID: multitouch: Add support for Google Whiskers Touchpad Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 29/34] tpm: Fix buffer access in tpm2_get_tpm_pt() Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 30/34] tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 31/34] docs: submitting-patches: Fix crossref to The canonical patch format Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 32/34] NFS: Memory allocation failures are not server fatal errors Greg Kroah-Hartman
2022-06-03 17:43 ` [PATCH 5.4 33/34] NFSD: Fix possible sleep during nfsd4_release_lockowner() Greg Kroah-Hartman
2022-06-03 17:43 ` Greg Kroah-Hartman [this message]
2022-06-04 12:21 ` [PATCH 5.4 00/34] 5.4.197-rc1 review Sudip Mukherjee
2022-06-04 17:31 ` Naresh Kamboju
2022-06-04 18:54 ` Guenter Roeck
2022-06-06 1:08 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220603173817.172203017@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=daniel@iogearbox.net \
--cc=linux-kernel@vger.kernel.org \
--cc=liujian56@huawei.com \
--cc=songliubraving@fb.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox