From patchwork Sat Jun 10 22:50:43 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Borkmann <daniel@iogearbox.net>
X-Patchwork-Id: 774286
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3wlZCM72xgz9s7M
	for <patchwork-incoming@ozlabs.org>;
	Sun, 11 Jun 2017 08:51:27 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751831AbdFJWvW (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sat, 10 Jun 2017 18:51:22 -0400
Received: from www62.your-server.de ([213.133.104.62]:57827 "EHLO
	www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751765AbdFJWu7 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Sat, 10 Jun 2017 18:50:59 -0400
Received: from [92.105.166.74] (helo=localhost)
	by www62.your-server.de with esmtpsa
	(TLSv1.2:DHE-RSA-AES128-GCM-SHA256:128) (Exim 4.85_2)
	(envelope-from <daniel@iogearbox.net>)
	id 1dJpDd-0006ou-Qs; Sun, 11 Jun 2017 00:50:57 +0200
From: Daniel Borkmann <daniel@iogearbox.net>
To: davem@davemloft.net
Cc: ast@fb.com, netdev@vger.kernel.org,
	Daniel Borkmann <daniel@iogearbox.net>
Subject: [PATCH net-next 4/8] bpf: reset id on spilled regs in
	clear_all_pkt_pointers
Date: Sun, 11 Jun 2017 00:50:43 +0200
Message-Id: 
 <e09fbd2f5e136107029efc7b301115b3d4c446f8.1497133948.git.daniel@iogearbox.net>
X-Mailer: git-send-email 1.9.3
In-Reply-To: <cover.1497133948.git.daniel@iogearbox.net>
References: <cover.1497133948.git.daniel@iogearbox.net>
In-Reply-To: <cover.1497133948.git.daniel@iogearbox.net>
References: <cover.1497133948.git.daniel@iogearbox.net>
X-Authenticated-Sender: daniel@iogearbox.net
X-Virus-Scanned: Clear (ClamAV 0.99.2/23462/Sat Jun 10 22:07:58 2017)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Right now, we don't reset the id of spilled registers in case of
clear_all_pkt_pointers(). Given pkt_pointers are highly likely to
contain an id, do so by reusing __mark_reg_unknown_value().

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
---
 kernel/bpf/verifier.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index d195d82..519a614 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1346,8 +1346,8 @@ static void clear_all_pkt_pointers(struct bpf_verifier_env *env)
 		if (reg->type != PTR_TO_PACKET &&
 		    reg->type != PTR_TO_PACKET_END)
 			continue;
-		reg->type = UNKNOWN_VALUE;
-		reg->imm = 0;
+		__mark_reg_unknown_value(state->spilled_regs,
+					 i / BPF_REG_SIZE);
 	}
 }