Commit 1e1f28a5 authored by Hao Luo's avatar Hao Luo Committed by Zheng Zengkai
Browse files

bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM. 

mainline inclusion
from mainline-v5.17-rc1
commit 34d3a78c
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4WRPV
CVE: CVE-2022-0500

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=34d3a78c681e8e7844b43d1a2f4671a04249c821



--------------------------------

Tag the return type of {per, this}_cpu_ptr with RDONLY_MEM. The
returned value of this pair of helpers is kernel object, which
can not be updated by bpf programs. Previously these two helpers
return PTR_OT_MEM for kernel objects of scalar type, which allows
one to directly modify the memory. Now with RDONLY_MEM tagging,
the verifier will reject programs that write into RDONLY_MEM.

Fixes: 63d9b80d ("bpf: Introducte bpf_this_cpu_ptr()")
Fixes: eaa6bcb7 ("bpf: Introduce bpf_per_cpu_ptr()")
Fixes: 4976b718 ("bpf: Introduce pseudo_btf_id")
Signed-off-by: default avatarHao Luo <haoluo@google.com>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20211217003152.48334-8-haoluo@google.com


Signed-off-by: default avatarPu Lehui <pulehui@huawei.com>
Reviewed-by: default avatarKuohai Xu <xukuohai@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent ac5104f8
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment