aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Ian King <[email protected]>2020-07-27 18:54:11 +0100
committerDaniel Borkmann <[email protected]>2020-07-28 12:40:10 +0200
commitf6dfbe31e8fa5cbd5bc89df9d7f0fa0af7e69981 (patch)
tree1172b5424e4e6ff8e0b8a447a0718762641b3ba3
parent363885d7c62e293fb093c7c355bf5f05fa0a25a9 (diff)
bpf: Fix swapped arguments in calls to check_buffer_access
There are a couple of arguments of the boolean flag zero_size_allowed and the char pointer buf_info when calling to function check_buffer_access that are swapped by mistake. Fix these by swapping them to correct the argument ordering. Fixes: afbf21dce668 ("bpf: Support readonly/readwrite buffers in verifier") Addresses-Coverity: ("Array compared to 0") Signed-off-by: Colin Ian King <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Acked-by: Yonghong Song <[email protected]> Link: https://lore.kernel.org/bpf/[email protected]
Diffstat
-rw-r--r--kernel/bpf/verifier.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index cd14e70f2d07..88bb25d08bf8 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3477,14 +3477,14 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
regno, reg_type_str[reg->type]);
return -EACCES;
}
- err = check_buffer_access(env, reg, regno, off, size, "rdonly",
- false,
+ err = check_buffer_access(env, reg, regno, off, size, false,
+ "rdonly",
&env->prog->aux->max_rdonly_access);
if (!err && value_regno >= 0)
mark_reg_unknown(env, regs, value_regno);
} else if (reg->type == PTR_TO_RDWR_BUF) {
- err = check_buffer_access(env, reg, regno, off, size, "rdwr",
- false,
+ err = check_buffer_access(env, reg, regno, off, size, false,
+ "rdwr",
&env->prog->aux->max_rdwr_access);
if (!err && t == BPF_READ && value_regno >= 0)
mark_reg_unknown(env, regs, value_regno);
Powered by cgit, Gruvboxed by Blaster4385.