bpf: simplify __is_valid_access test on cb

author Daniel Borkmann <daniel@iogearbox.net>

Tue, 24 Jan 2017 00:06:26 +0000 (01:06 +0100)

committer David S. Miller <davem@davemloft.net>

Tue, 24 Jan 2017 19:46:05 +0000 (14:46 -0500)
author Daniel Borkmann <daniel@iogearbox.net>
Tue, 24 Jan 2017 00:06:26 +0000 (01:06 +0100)
committer David S. Miller <davem@davemloft.net>
Tue, 24 Jan 2017 19:46:05 +0000 (14:46 -0500)
diff --git a/net/core/filter.c b/net/core/filter.c

index 90383860e224943345724de98310721a51e6f04e..883975fa4ed1b7b20c4ef639a9ddbb46bf8e12a3 100644 (file)
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2784,19 +2784,8 @@ static bool __is_valid_access(int off, int size)
         switch (off) {
         case offsetof(struct __sk_buff, cb[0]) ...
              offsetof(struct __sk_buff, cb[4]) + sizeof(__u32) - 1:
-               if (size == sizeof(__u16) &&
-                   off > offsetof(struct __sk_buff, cb[4]) + sizeof(__u16))
-                       return false;
-               if (size == sizeof(__u32) &&
-                   off > offsetof(struct __sk_buff, cb[4]))
-                       return false;
-               if (size == sizeof(__u64) &&
-                   off > offsetof(struct __sk_buff, cb[2]))
-                       return false;
-               if (size != sizeof(__u8)  &&
-                   size != sizeof(__u16) &&
-                   size != sizeof(__u32) &&
-                   size != sizeof(__u64))
+               if (off + size >
+                   offsetof(struct __sk_buff, cb[4]) + sizeof(__u32))
                         return false;
                 break;
         default:
author	Daniel Borkmann <daniel@iogearbox.net>
	Tue, 24 Jan 2017 00:06:26 +0000 (01:06 +0100)
committer	David S. Miller <davem@davemloft.net>
	Tue, 24 Jan 2017 19:46:05 +0000 (14:46 -0500)