4.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexei Starovoitov <a...@kernel.org>
commit dd066823db2ac4e22f721ec85190817b58059a54 upstream.
Subtraction of pointers was accidentally allowed for unpriv programs
by commit 82abbf8d2fc4. Revert that part of commit.
Fixes: 82abbf8d2fc4 ("bpf: do not allow root to mangle valid pointers")
Reported-by: Jann Horn <ja...@google.com>
Acked-by: Daniel Borkmann <dan...@iogearbox.net>
Signed-off-by: Alexei Starovoitov <a...@kernel.org>
Signed-off-by: Daniel Borkmann <dan...@iogearbox.net>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
kernel/bpf/verifier.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3132,7 +3132,7 @@ static int adjust_reg_min_max_vals(struc
* an arbitrary scalar. Disallow all math except
* pointer subtraction
*/
- if (opcode == BPF_SUB){
+ if (opcode == BPF_SUB && env->allow_ptr_leaks) {
mark_reg_unknown(env, regs,
insn->dst_reg);
return 0;
}
