From: Daniel Borkmann <dan...@iogearbox.net>
Date: Fri, 28 Jul 2017 17:05:25 +0200
> bpf_prog_size(prog->len) is not the correct length we want to dump
> back to user space. The code in bpf_prog_get_info_by_fd() uses this
> to copy prog->insnsi to user space, but bpf_prog_size(prog->len) also
> includes the size of struct bpf_prog itself plus program instructions
> and is usually used either in context of accounting or for bpf_prog_alloc()
> et al, thus we copy out of bounds in bpf_prog_get_info_by_fd()
> potentially. Use the correct bpf_prog_insn_size() instead.
>
> Fixes: 1e2709769086 ("bpf: Add BPF_OBJ_GET_INFO_BY_FD")
> Signed-off-by: Daniel Borkmann <dan...@iogearbox.net>
Applied, thanks Daniel.
