| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220729054958.2151520-1-zengjx95@gmail.com>
Date: Fri, 29 Jul 2022 13:49:58 +0800
From: Zeng Jingxiang <zengjx95@...il.com>
To: ast@...nel.org, daniel@...earbox.net, john.fastabend@...il.com,
andrii@...nel.org, martin.lau@...ux.dev, song@...nel.org,
yhs@...com, kpsingh@...nel.org, sdf@...gle.com, haoluo@...gle.com,
jolsa@...nel.org
Cc: bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
Zeng Jingxiang <linuszeng@...cent.com>
Subject: [PATCH] bpf/verifier: fix control flow issues in __reg64_bound_u32()
From: Zeng Jingxiang <linuszeng@...cent.com>
This greater-than-or-equal-to-zero comparison of an unsigned value
is always true. "a >= U32_MIN".
1632 return a >= U32_MIN && a <= U32_MAX;
Fixes: b9979db83401 ("bpf: Fix propagation of bounds from 64-bit min/max into 32-bit and var_off.")
Signed-off-by: Zeng Jingxiang <linuszeng@...cent.com>
---
kernel/bpf/verifier.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 0efbac0fd126..dd67108fb1d7 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1629,7 +1629,7 @@ static bool __reg64_bound_s32(s64 a)
static bool __reg64_bound_u32(u64 a)
{
- return a >= U32_MIN && a <= U32_MAX;
+ return a <= U32_MAX;
}
static void __reg_combine_64_into_32(struct bpf_reg_state *reg)
--
2.27.0
Powered by blists - more mailing lists