1 From f7bd9e36ee4a4ce38e1cddd7effe6c0d9943285b Mon Sep 17 00:00:00 2001
2 From: Daniel Borkmann <daniel@iogearbox.net>
3 Date: Fri, 10 Jun 2016 21:19:07 +0200
4 Subject: bpf: reject wrong sized filters earlier
6 From: Daniel Borkmann <daniel@iogearbox.net>
8 commit f7bd9e36ee4a4ce38e1cddd7effe6c0d9943285b upstream.
10 Add a bpf_check_basics_ok() and reject filters that are of invalid
11 size much earlier, so we don't do any useless work such as invoking
12 bpf_prog_alloc(). Currently, rejection happens in bpf_check_classic()
13 only, but it's really unnecessarily late and they should be rejected
14 at earliest point. While at it, also clean up one bpf_prog_size() to
15 make it consistent with the remaining invocations.
17 Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
18 Acked-by: Alexei Starovoitov <ast@kernel.org>
19 Signed-off-by: David S. Miller <davem@davemloft.net>
20 Signed-off-by: Zubin Mithra <zsm@chromium.org>
21 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
23 net/core/filter.c | 23 +++++++++++++++--------
24 1 file changed, 15 insertions(+), 8 deletions(-)
26 --- a/net/core/filter.c
27 +++ b/net/core/filter.c
28 @@ -742,6 +742,17 @@ static bool chk_code_allowed(u16 code_to
29 return codes[code_to_probe];
32 +static bool bpf_check_basics_ok(const struct sock_filter *filter,
37 + if (flen == 0 || flen > BPF_MAXINSNS)
44 * bpf_check_classic - verify socket filter code
45 * @filter: filter to verify
46 @@ -762,9 +773,6 @@ static int bpf_check_classic(const struc
50 - if (flen == 0 || flen > BPF_MAXINSNS)
53 /* Check the filter code now */
54 for (pc = 0; pc < flen; pc++) {
55 const struct sock_filter *ftest = &filter[pc];
56 @@ -1057,7 +1065,7 @@ int bpf_prog_create(struct bpf_prog **pf
59 /* Make sure new filter is there and in the right amounts. */
60 - if (fprog->filter == NULL)
61 + if (!bpf_check_basics_ok(fprog->filter, fprog->len))
64 fp = bpf_prog_alloc(bpf_prog_size(fprog->len), 0);
65 @@ -1104,7 +1112,7 @@ int bpf_prog_create_from_user(struct bpf
68 /* Make sure new filter is there and in the right amounts. */
69 - if (fprog->filter == NULL)
70 + if (!bpf_check_basics_ok(fprog->filter, fprog->len))
73 fp = bpf_prog_alloc(bpf_prog_size(fprog->len), 0);
74 @@ -1184,7 +1192,6 @@ int __sk_attach_filter(struct sock_fprog
77 unsigned int fsize = bpf_classic_proglen(fprog);
78 - unsigned int bpf_fsize = bpf_prog_size(fprog->len);
79 struct bpf_prog *prog;
82 @@ -1192,10 +1199,10 @@ int __sk_attach_filter(struct sock_fprog
85 /* Make sure new filter is there and in the right amounts. */
86 - if (fprog->filter == NULL)
87 + if (!bpf_check_basics_ok(fprog->filter, fprog->len))
90 - prog = bpf_prog_alloc(bpf_fsize, 0);
91 + prog = bpf_prog_alloc(bpf_prog_size(fprog->len), 0);