bpf/verifier: disallow pointer subtraction

Subtraction of pointers was accidentally allowed for unpriv programs by commit 82abbf8d2f. Revert that part of commit. Fixes: 82abbf8d2f ("bpf: do not allow root to mangle valid pointers") Reported-by: Jann Horn <jannh@google.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2024-11-11 06:31:49 +00:00 · 2018-09-12 14:06:10 -07:00 · 2018-09-12 14:06:10 -07:00 · dd066823db
commit dd066823db
parent 4b1c5d917d
1 changed files with 1 additions and 1 deletions
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@ -3163,7 +3163,7 @@ static int adjust_reg_min_max_vals(struct bpf_verifier_env *env,
 				 * an arbitrary scalar. Disallow all math except
 				 * pointer subtraction
 				 */
-				if (opcode == BPF_SUB){
+				if (opcode == BPF_SUB && env->allow_ptr_leaks) {
 					mark_reg_unknown(env, regs, insn->dst_reg);
 					return 0;
 				}