bpf: Prevent pointer mismatch in bpf_timer_init. - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Alexei Starovoitov <ast@kernel.org>	2021-07-15 03:54:11 +0300
committer	Daniel Borkmann <daniel@iogearbox.net>	2021-07-15 23:31:10 +0300
commit	3e8ce29850f1839d0603f925b30be9d8a4329917 (patch)
tree	169c8153b108f2d9d06c2eb5e99a5128cdc8180f /kernel/bpf/map_in_map.c
parent	68134668c17f31f51930478f75495b552a411550 (diff)
download	linux-3e8ce29850f1839d0603f925b30be9d8a4329917.tar.xz

bpf: Prevent pointer mismatch in bpf_timer_init.

bpf_timer_init() arguments are: 1. pointer to a timer (which is embedded in map element). 2. pointer to a map. Make sure that pointer to a timer actually belongs to that map. Use map_uid (which is unique id of inner map) to reject: inner_map1 = bpf_map_lookup_elem(outer_map, key1) inner_map2 = bpf_map_lookup_elem(outer_map, key2) if (inner_map1 && inner_map2) { timer = bpf_map_lookup_elem(inner_map1); if (timer) // mismatch would have been allowed bpf_timer_init(timer, inner_map2); } Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Martin KaFai Lau <kafai@fb.com> Acked-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Toke Høiland-Jørgensen <toke@redhat.com> Link: https://lore.kernel.org/bpf/20210715005417.78572-6-alexei.starovoitov@gmail.com

Diffstat (limited to 'kernel/bpf/map_in_map.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: