git.ipfire.org Git - people/arne

author	Daniel Borkmann <daniel@iogearbox.net>
	Fri, 22 Jan 2021 15:00:56 +0000 (16:00 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 30 Jan 2021 12:27:15 +0000 (13:27 +0100)
commit	b98481167269b96bb60c4795dba04940202dbde3
tree	c9539f56984e8eee72170633d5eacb638465ad39	tree \| snapshot
parent	20089f3284b27eb24362725778264e4148c61f8c	commit \| diff

bpf: Fix buggy rsh min/max bounds tracking

[ no upstream commit ]

Fix incorrect bounds tracking for RSH opcode. Commit f23cc643f9ba ("bpf: fix
range arithmetic for bpf map access") had a wrong assumption about min/max
bounds. The new dst_reg->min_value needs to be derived by right shifting the
max_val bounds, not min_val, and likewise new dst_reg->max_value needs to be
derived by right shifting the min_val bounds, not max_val. Later stable kernels
than 4.9 are not affected since bounds tracking was overall reworked and they
already track this similarly as in the fix.

Fixes: f23cc643f9ba ("bpf: fix range arithmetic for bpf map access")
Reported-by: Ryota Shiga (Flatt Security)
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Cc: Josef Bacik <jbacik@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>