bpf/verifier: Pass instruction index to check_mem_access() and check_xadd()

author Ben Hutchings <ben.hutchings@codethink.co.uk>

Wed, 5 Dec 2018 22:41:36 +0000 (22:41 +0000)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sat, 8 Dec 2018 12:05:10 +0000 (13:05 +0100)
author Ben Hutchings <ben.hutchings@codethink.co.uk>
Wed, 5 Dec 2018 22:41:36 +0000 (22:41 +0000)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 8 Dec 2018 12:05:10 +0000 (13:05 +0100)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c

index 768704e9a2c791edfae820dc6fc9eab0a8c5c42f..da844e46923b605b77dcf1752f597e37580794ff 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -745,7 +745,7 @@ static int check_ptr_alignment(struct bpf_verifier_env *env,
   * if t==write && value_regno==-1, some unknown value is stored into memory
   * if t==read && value_regno==-1, don't care what we read from memory
   */
-static int check_mem_access(struct bpf_verifier_env *env, u32 regno, int off,
+static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regno, int off,
                             int bpf_size, enum bpf_access_type t,
                             int value_regno)
  {
@@ -875,7 +875,7 @@ static int check_mem_access(struct bpf_verifier_env *env, u32 regno, int off,
         return err;
  }
  
-static int check_xadd(struct bpf_verifier_env *env, struct bpf_insn *insn)
+static int check_xadd(struct bpf_verifier_env *env, int insn_idx, struct bpf_insn *insn)
  {
         struct bpf_reg_state *regs = env->cur_state.regs;
         int err;
@@ -908,13 +908,13 @@ static int check_xadd(struct bpf_verifier_env *env, struct bpf_insn *insn)
         }
  
         /* check whether atomic_add can read the memory */
-       err = check_mem_access(env, insn->dst_reg, insn->off,
+       err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off,
                                BPF_SIZE(insn->code), BPF_READ, -1);
         if (err)
                 return err;
  
         /* check whether atomic_add can write into the same memory */
-       return check_mem_access(env, insn->dst_reg, insn->off,
+       return check_mem_access(env, insn_idx, insn->dst_reg, insn->off,
                                 BPF_SIZE(insn->code), BPF_WRITE, -1);
  }
  
@@ -1270,7 +1270,7 @@ static int check_call(struct bpf_verifier_env *env, int func_id, int insn_idx)
          * is inferred from register state.
          */
         for (i = 0; i < meta.access_size; i++) {
-               err = check_mem_access(env, meta.regno, i, BPF_B, BPF_WRITE, -1);
+               err = check_mem_access(env, insn_idx, meta.regno, i, BPF_B, BPF_WRITE, -1);
                 if (err)
                         return err;
         }
@@ -2936,7 +2936,7 @@ static int do_check(struct bpf_verifier_env *env)
                         /* check that memory (src_reg + off) is readable,
                          * the state of dst_reg will be updated by this func
                          */
-                       err = check_mem_access(env, insn->src_reg, insn->off,
+                       err = check_mem_access(env, insn_idx, insn->src_reg, insn->off,
                                                BPF_SIZE(insn->code), BPF_READ,
                                                insn->dst_reg);
                         if (err)
@@ -2976,7 +2976,7 @@ static int do_check(struct bpf_verifier_env *env)
                         enum bpf_reg_type *prev_dst_type, dst_reg_type;
  
                         if (BPF_MODE(insn->code) == BPF_XADD) {
-                               err = check_xadd(env, insn);
+                               err = check_xadd(env, insn_idx, insn);
                                 if (err)
                                         return err;
                                 insn_idx++;
@@ -2995,7 +2995,7 @@ static int do_check(struct bpf_verifier_env *env)
                         dst_reg_type = regs[insn->dst_reg].type;
  
                         /* check that memory (dst_reg + off) is writeable */
-                       err = check_mem_access(env, insn->dst_reg, insn->off,
+                       err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off,
                                                BPF_SIZE(insn->code), BPF_WRITE,
                                                insn->src_reg);
                         if (err)
@@ -3030,7 +3030,7 @@ static int do_check(struct bpf_verifier_env *env)
                         }
  
                         /* check that memory (dst_reg + off) is writeable */
-                       err = check_mem_access(env, insn->dst_reg, insn->off,
+                       err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off,
                                                BPF_SIZE(insn->code), BPF_WRITE,
                                                -1);
                         if (err)
author	Ben Hutchings <ben.hutchings@codethink.co.uk>
	Wed, 5 Dec 2018 22:41:36 +0000 (22:41 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sat, 8 Dec 2018 12:05:10 +0000 (13:05 +0100)