On Thu, Oct 04, 2018 at 07:12:49PM +0200, Mauricio Vasquez B wrote: > Restrict the use of peek, push and pop helpers only to queue and stack > maps. > > Signed-off-by: Mauricio Vasquez B <mauricio.vasq...@polito.it> > --- > kernel/bpf/verifier.c | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > index 489667f93061..8b1f1b348782 100644 > --- a/kernel/bpf/verifier.c > +++ b/kernel/bpf/verifier.c > @@ -2328,6 +2328,13 @@ static int check_map_func_compatibility(struct > bpf_verifier_env *env, > if (func_id != BPF_FUNC_sk_select_reuseport) > goto error; > break; > + case BPF_MAP_TYPE_QUEUE: > + case BPF_MAP_TYPE_STACK: > + if (func_id != BPF_FUNC_map_peek_elem && > + func_id != BPF_FUNC_map_pop_elem && > + func_id != BPF_FUNC_map_push_elem) > + goto error;
why this is separate patch? I think it should be part of previous patch. > + break; > default: > break; > } > @@ -2384,6 +2391,13 @@ static int check_map_func_compatibility(struct > bpf_verifier_env *env, > if (map->map_type != BPF_MAP_TYPE_REUSEPORT_SOCKARRAY) > goto error; > break; > + case BPF_FUNC_map_peek_elem: > + case BPF_FUNC_map_pop_elem: > + case BPF_FUNC_map_push_elem: > + if (map->map_type != BPF_MAP_TYPE_QUEUE && > + map->map_type != BPF_MAP_TYPE_STACK) > + goto error; > + break; > default: > break; > } >
