diff options
| author | Daniel Borkmann <daniel@iogearbox.net> | 2018-10-24 16:05:47 -0400 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2018-10-25 20:02:06 -0400 |
| commit | 80b0d86a176cab6201719b8dfd806902b0c6e046 (patch) | |
| tree | 83740a6f5a2d27764c8cd5833546cd3e9cdaf8c8 /kernel/bpf/helpers.c | |
| parent | d5563d367c2ce48ea3d675c77f7109f37311943d (diff) | |
bpf: fix direct packet write into pop/peek helpers
Commit f1a2e44a3aec ("bpf: add queue and stack maps") probably just
copy-pasted .pkt_access for bpf_map_{pop,peek}_elem() helpers, but
this is buggy in this context since it would allow writes into cloned
skbs which is invalid. Therefore, disable .pkt_access for the two.
Fixes: f1a2e44a3aec ("bpf: add queue and stack maps")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Mauricio Vasquez B <mauricio.vasquez@polito.it>
Acked-by: Mauricio Vasquez B<mauricio.vasquez@polito.it>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'kernel/bpf/helpers.c')
| -rw-r--r-- | kernel/bpf/helpers.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index ab0d5e3f9892..a74972b07e74 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c | |||
| @@ -99,7 +99,6 @@ BPF_CALL_2(bpf_map_pop_elem, struct bpf_map *, map, void *, value) | |||
| 99 | const struct bpf_func_proto bpf_map_pop_elem_proto = { | 99 | const struct bpf_func_proto bpf_map_pop_elem_proto = { |
| 100 | .func = bpf_map_pop_elem, | 100 | .func = bpf_map_pop_elem, |
| 101 | .gpl_only = false, | 101 | .gpl_only = false, |
| 102 | .pkt_access = true, | ||
| 103 | .ret_type = RET_INTEGER, | 102 | .ret_type = RET_INTEGER, |
| 104 | .arg1_type = ARG_CONST_MAP_PTR, | 103 | .arg1_type = ARG_CONST_MAP_PTR, |
| 105 | .arg2_type = ARG_PTR_TO_UNINIT_MAP_VALUE, | 104 | .arg2_type = ARG_PTR_TO_UNINIT_MAP_VALUE, |
| @@ -113,7 +112,6 @@ BPF_CALL_2(bpf_map_peek_elem, struct bpf_map *, map, void *, value) | |||
| 113 | const struct bpf_func_proto bpf_map_peek_elem_proto = { | 112 | const struct bpf_func_proto bpf_map_peek_elem_proto = { |
| 114 | .func = bpf_map_pop_elem, | 113 | .func = bpf_map_pop_elem, |
| 115 | .gpl_only = false, | 114 | .gpl_only = false, |
| 116 | .pkt_access = true, | ||
| 117 | .ret_type = RET_INTEGER, | 115 | .ret_type = RET_INTEGER, |
| 118 | .arg1_type = ARG_CONST_MAP_PTR, | 116 | .arg1_type = ARG_CONST_MAP_PTR, |
| 119 | .arg2_type = ARG_PTR_TO_UNINIT_MAP_VALUE, | 117 | .arg2_type = ARG_PTR_TO_UNINIT_MAP_VALUE, |