bpf: Fix propagation of signed bounds from 64-bit min/max into 32-bit.

[ Upstream commit 388e2c0b978339dee9b0a81a2e546f8979e021e2 ] Similar to unsigned bounds propagation fix signed bounds. The 'Fixes' tag is a hint. There is no security bug here. The verifier was too conservative. Fixes: 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20211101222153.78759-2-alexei.starovoitov@gmail.com Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Alexei Starovoitov <ast@kernel.org> 2021-11-02 01:21:52 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-11-18 21:16:45 +0300
commit: d55aca82dda6cc145c0efaee577c5a00804a4802 (patch)
tree: accaaaeb0a9ba18dec520d1e854eaf9c093c3ed8 /kernel/bpf
parent: d03a5b00a33613a0ddab0f9c2ff2f48b83b8b40d (diff)
download: linux-d55aca82dda6cc145c0efaee577c5a00804a4802.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 055012faca94..ddba80554fef 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1406,7 +1406,7 @@ static void __reg_combine_32_into_64(struct bpf_reg_state *reg)
 
 static bool __reg64_bound_s32(s64 a)
 {
-	return a > S32_MIN && a < S32_MAX;
+	return a >= S32_MIN && a <= S32_MAX;
 }
 
 static bool __reg64_bound_u32(u64 a)
author	Alexei Starovoitov <ast@kernel.org>	2021-11-02 01:21:52 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-11-18 21:16:45 +0300
commit	d55aca82dda6cc145c0efaee577c5a00804a4802 (patch)
tree	accaaaeb0a9ba18dec520d1e854eaf9c093c3ed8 /kernel/bpf
parent	d03a5b00a33613a0ddab0f9c2ff2f48b83b8b40d (diff)
download	linux-d55aca82dda6cc145c0efaee577c5a00804a4802.tar.xz