bpf: Fix propagation of 32-bit signed bounds from 64-bit bounds.

author Alexei Starovoitov <ast@kernel.org>

Tue, 8 Dec 2020 18:01:51 +0000 (19:01 +0100)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fri, 11 Dec 2020 12:22:13 +0000 (13:22 +0100)
author Alexei Starovoitov <ast@kernel.org>
Tue, 8 Dec 2020 18:01:51 +0000 (19:01 +0100)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 11 Dec 2020 12:22:13 +0000 (13:22 +0100)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c

index 718bbdc8b3c66fefc14d474d98328445b0fa6742..2048a2b2855773c377f718e74996efcf6bb06f41 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1273,9 +1273,7 @@ static void __reg_combine_32_into_64(struct bpf_reg_state *reg)
  
  static bool __reg64_bound_s32(s64 a)
  {
-       if (a > S32_MIN && a < S32_MAX)
-               return true;
-       return false;
+       return a > S32_MIN && a < S32_MAX;
  }
  
  static bool __reg64_bound_u32(u64 a)
@@ -1289,10 +1287,10 @@ static void __reg_combine_64_into_32(struct bpf_reg_state *reg)
  {
         __mark_reg32_unbounded(reg);
  
-       if (__reg64_bound_s32(reg->smin_value))
+       if (__reg64_bound_s32(reg->smin_value) && __reg64_bound_s32(reg->smax_value)) {
                 reg->s32_min_value = (s32)reg->smin_value;
-       if (__reg64_bound_s32(reg->smax_value))
                 reg->s32_max_value = (s32)reg->smax_value;
+       }
         if (__reg64_bound_u32(reg->umin_value))
                 reg->u32_min_value = (u32)reg->umin_value;
         if (__reg64_bound_u32(reg->umax_value))
@@ -4676,6 +4674,8 @@ static void do_refine_retval_range(struct bpf_reg_state *regs, int ret_type,
  
         ret_reg->smax_value = meta->msize_max_value;
         ret_reg->s32_max_value = meta->msize_max_value;
+       ret_reg->smin_value = -MAX_ERRNO;
+       ret_reg->s32_min_value = -MAX_ERRNO;
         __reg_deduce_bounds(ret_reg);
         __reg_bound_offset(ret_reg);
         __update_reg_bounds(ret_reg);
author	Alexei Starovoitov <ast@kernel.org>
	Tue, 8 Dec 2020 18:01:51 +0000 (19:01 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 11 Dec 2020 12:22:13 +0000 (13:22 +0100)