bpf_prog_offload_info_fill: replace bitwise AND by logical AND
diff mbox series

Message ID 20200212193227.GA3769@phlox.h.transitiv.net
State Accepted
Delegated to: BPF Maintainers
Headers show
Series
  • bpf_prog_offload_info_fill: replace bitwise AND by logical AND
Related show

Commit Message

Johannes Krude Feb. 12, 2020, 7:32 p.m. UTC
This if guards whether user-space wants a copy of the offload-jited
bytecode and whether this bytecode exists. By erroneously doing a bitwise
AND instead of a logical AND on user- and kernel-space buffer-size can lead
to no data being copied to user-space especially when user-space size is a
power of two and bigger then the kernel-space buffer.

Signed-off-by: Johannes Krude <johannes@krude.de>
---
 kernel/bpf/offload.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Jakub Kicinski Feb. 13, 2020, 3:38 a.m. UTC | #1
On Wed, 12 Feb 2020 20:32:27 +0100, Johannes Krude wrote:
> This if guards whether user-space wants a copy of the offload-jited
> bytecode and whether this bytecode exists. By erroneously doing a bitwise
> AND instead of a logical AND on user- and kernel-space buffer-size can lead
> to no data being copied to user-space especially when user-space size is a
> power of two and bigger then the kernel-space buffer.
> 
> Signed-off-by: Johannes Krude <johannes@krude.de>

Thank you for the fix, in the future please provide a Fixes tag and
include the tree name in the PATCH tag, e.g. [PATCH bpf], or [PATCH net]
etc.

Fixes: fcfb126defda ("bpf: add new jited info fields in bpf_dev_offload and bpf_prog_info")

Acked-by: Jakub Kicinski <kuba@kernel.org>
Daniel Borkmann Feb. 17, 2020, 3:56 p.m. UTC | #2
On 2/12/20 8:32 PM, Johannes Krude wrote:
> This if guards whether user-space wants a copy of the offload-jited
> bytecode and whether this bytecode exists. By erroneously doing a bitwise
> AND instead of a logical AND on user- and kernel-space buffer-size can lead
> to no data being copied to user-space especially when user-space size is a
> power of two and bigger then the kernel-space buffer.
> 
> Signed-off-by: Johannes Krude <johannes@krude.de>

Applied, thanks!

Patch
diff mbox series

diff --git a/kernel/bpf/offload.c b/kernel/bpf/offload.c
index 2c5dc6541..bd09290e3 100644
--- a/kernel/bpf/offload.c
+++ b/kernel/bpf/offload.c
@@ -321,7 +321,7 @@  int bpf_prog_offload_info_fill(struct bpf_prog_info *info,
 
 	ulen = info->jited_prog_len;
 	info->jited_prog_len = aux->offload->jited_len;
-	if (info->jited_prog_len & ulen) {
+	if (info->jited_prog_len && ulen) {
 		uinsns = u64_to_user_ptr(info->jited_prog_insns);
 		ulen = min_t(u32, info->jited_prog_len, ulen);
 		if (copy_to_user(uinsns, aux->offload->jited_image, ulen)) {