diff options
Diffstat (limited to 'kernel/bpf/verifier.c')
| -rw-r--r-- | kernel/bpf/verifier.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index a28e09c7825d..594d341f04db 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c | |||
| @@ -1172,6 +1172,17 @@ static int check_ld_imm(struct verifier_env *env, struct bpf_insn *insn) | |||
| 1172 | return 0; | 1172 | return 0; |
| 1173 | } | 1173 | } |
| 1174 | 1174 | ||
| 1175 | static bool may_access_skb(enum bpf_prog_type type) | ||
| 1176 | { | ||
| 1177 | switch (type) { | ||
| 1178 | case BPF_PROG_TYPE_SOCKET_FILTER: | ||
| 1179 | case BPF_PROG_TYPE_SCHED_CLS: | ||
| 1180 | return true; | ||
| 1181 | default: | ||
| 1182 | return false; | ||
| 1183 | } | ||
| 1184 | } | ||
| 1185 | |||
| 1175 | /* verify safety of LD_ABS|LD_IND instructions: | 1186 | /* verify safety of LD_ABS|LD_IND instructions: |
| 1176 | * - they can only appear in the programs where ctx == skb | 1187 | * - they can only appear in the programs where ctx == skb |
| 1177 | * - since they are wrappers of function calls, they scratch R1-R5 registers, | 1188 | * - since they are wrappers of function calls, they scratch R1-R5 registers, |
| @@ -1194,8 +1205,8 @@ static int check_ld_abs(struct verifier_env *env, struct bpf_insn *insn) | |||
| 1194 | struct reg_state *reg; | 1205 | struct reg_state *reg; |
| 1195 | int i, err; | 1206 | int i, err; |
| 1196 | 1207 | ||
| 1197 | if (env->prog->aux->prog_type != BPF_PROG_TYPE_SOCKET_FILTER) { | 1208 | if (!may_access_skb(env->prog->aux->prog_type)) { |
| 1198 | verbose("BPF_LD_ABS|IND instructions are only allowed in socket filters\n"); | 1209 | verbose("BPF_LD_ABS|IND instructions not allowed for this program type\n"); |
| 1199 | return -EINVAL; | 1210 | return -EINVAL; |
| 1200 | } | 1211 | } |
| 1201 | 1212 | ||