Commit 2ec0616e authored by Daniel Borkmann's avatar Daniel Borkmann

bpf: Fix check_return_code to only allow [0,1] in trace_iter progs

As per 15d83c4d ("bpf: Allow loading of a bpf_iter program") we only
allow a range of [0,1] for return codes. Therefore BPF_TRACE_ITER relies
on the default tnum_range(0, 1) which is set in range var. On recent merge
of net into net-next commit e92888c7 ("bpf: Enforce returning 0 for
fentry/fexit progs") got pulled in and caused a merge conflict with the
changes from 15d83c4d. The resolution had a snall hiccup in that it
removed the [0,1] range restriction again so that BPF_TRACE_ITER would
have no enforcement. Fix it by adding it back.

Fixes: da07f52d ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net")
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent da07f52d
...@@ -7120,10 +7120,11 @@ static int check_return_code(struct bpf_verifier_env *env) ...@@ -7120,10 +7120,11 @@ static int check_return_code(struct bpf_verifier_env *env)
case BPF_TRACE_FEXIT: case BPF_TRACE_FEXIT:
range = tnum_const(0); range = tnum_const(0);
break; break;
case BPF_TRACE_ITER:
case BPF_TRACE_RAW_TP: case BPF_TRACE_RAW_TP:
case BPF_MODIFY_RETURN: case BPF_MODIFY_RETURN:
return 0; return 0;
case BPF_TRACE_ITER:
break;
default: default:
return -ENOTSUPP; return -ENOTSUPP;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment