path: root/kernel
diff options
authorJohannes Krude <>2020-02-12 20:32:27 +0100
committerDaniel Borkmann <>2020-02-17 16:53:49 +0100
commite20d3a055a457a10a4c748ce5b7c2ed3173a1324 (patch)
tree8b7f7817b287bdc7c722cc0a075b516d347dd307 /kernel
parenteecd618b45166fdddea3b6366b18479c2be0e11c (diff)
bpf, offload: Replace bitwise AND by logical AND in bpf_prog_offload_info_fill
This if guards whether user-space wants a copy of the offload-jited bytecode and whether this bytecode exists. By erroneously doing a bitwise AND instead of a logical AND on user- and kernel-space buffer-size can lead to no data being copied to user-space especially when user-space size is a power of two and bigger then the kernel-space buffer. Fixes: fcfb126defda ("bpf: add new jited info fields in bpf_dev_offload and bpf_prog_info") Signed-off-by: Johannes Krude <> Signed-off-by: Daniel Borkmann <> Acked-by: Jakub Kicinski <> Link:
Diffstat (limited to 'kernel')
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/bpf/offload.c b/kernel/bpf/offload.c
index 2c5dc6541ece..bd09290e3648 100644
--- a/kernel/bpf/offload.c
+++ b/kernel/bpf/offload.c
@@ -321,7 +321,7 @@ int bpf_prog_offload_info_fill(struct bpf_prog_info *info,
ulen = info->jited_prog_len;
info->jited_prog_len = aux->offload->jited_len;
- if (info->jited_prog_len & ulen) {
+ if (info->jited_prog_len && ulen) {
uinsns = u64_to_user_ptr(info->jited_prog_insns);
ulen = min_t(u32, info->jited_prog_len, ulen);
if (copy_to_user(uinsns, aux->offload->jited_image, ulen)) {