1 files changed, 7 insertions, 34 deletions

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 668e07903c8f..eec9f90ba030 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -126,31 +126,6 @@
  * are set to NOT_INIT to indicate that they are no longer readable.
  */
 
-/* types of values stored in eBPF registers */
-enum bpf_reg_type {
-        NOT_INIT = 0,            /* nothing was written into register */
-        UNKNOWN_VALUE,           /* reg doesn't contain a valid pointer */
-        PTR_TO_CTX,              /* reg points to bpf_context */
-        CONST_PTR_TO_MAP,        /* reg points to struct bpf_map */
-        PTR_TO_MAP_VALUE,        /* reg points to map element value */
-        PTR_TO_MAP_VALUE_OR_NULL,/* points to map elem value or NULL */
-        FRAME_PTR,               /* reg == frame_pointer */
-        PTR_TO_STACK,            /* reg == frame_pointer + imm */
-        CONST_IMM,               /* constant integer value */
-
-        /* PTR_TO_PACKET represents:
-         * skb->data
-         * skb->data + imm
-         * skb->data + (u16) var
-         * skb->data + (u16) var + imm
-         * if (range > 0) then [ptr, ptr + range - off) is safe to access
-         * if (id > 0) means that some 'var' was added
-         * if (off > 0) menas that 'imm' was added
-         */
-        PTR_TO_PACKET,
-        PTR_TO_PACKET_END,       /* skb->data + headlen */
-};
-
 struct reg_state {
         enum bpf_reg_type type;
         union {
@@ -695,10 +670,10 @@ static int check_packet_access(struct verifier_env *env, u32 regno, int off,
 
 /* check access to 'struct bpf_context' fields */
 static int check_ctx_access(struct verifier_env *env, int off, int size,
-                            enum bpf_access_type t)
+                            enum bpf_access_type t, enum bpf_reg_type *reg_type)
 {
         if (env->prog->aux->ops->is_valid_access &&
-            env->prog->aux->ops->is_valid_access(off, size, t)) {
+            env->prog->aux->ops->is_valid_access(off, size, t, reg_type)) {
                 /* remember the offset of last byte accessed in ctx */
                 if (env->prog->aux->max_ctx_offset < off + size)
                         env->prog->aux->max_ctx_offset = off + size;
@@ -798,21 +773,19 @@ static int check_mem_access(struct verifier_env *env, u32 regno, int off,
                         mark_reg_unknown_value(state->regs, value_regno);
 
         } else if (reg->type == PTR_TO_CTX) {
+                enum bpf_reg_type reg_type = UNKNOWN_VALUE;
+
                 if (t == BPF_WRITE && value_regno >= 0 &&
                     is_pointer_value(env, value_regno)) {
                         verbose("R%d leaks addr into ctx\n", value_regno);
                         return -EACCES;
                 }
-                err = check_ctx_access(env, off, size, t);
+                err = check_ctx_access(env, off, size, t, &reg_type);
                 if (!err && t == BPF_READ && value_regno >= 0) {
                         mark_reg_unknown_value(state->regs, value_regno);
-                        if (off == offsetof(struct __sk_buff, data) &&
-                            env->allow_ptr_leaks)
+                        if (env->allow_ptr_leaks)
                                 /* note that reg.[id|off|range] == 0 */
-                                state->regs[value_regno].type = PTR_TO_PACKET;
-                        else if (off == offsetof(struct __sk_buff, data_end) &&
-                                 env->allow_ptr_leaks)
-                                state->regs[value_regno].type = PTR_TO_PACKET_END;
+                                state->regs[value_regno].type = reg_type;
                 }
 
         } else if (reg->type == FRAME_PTR || reg->type == PTR_TO_STACK) {