admin/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-12-07 20:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

bpf: check for insn arrays in check_ptr_alignment

Browse Source 
Do not abuse the strict_alignment_once flag, and check if the map is
an instruction array inside the check_ptr_alignment() function.

Suggested-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Anton Protopopov <a.s.protopopov@gmail.com>
Link: https://lore.kernel.org/r/20251128063224.1305482-3-a.s.protopopov@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
This commit is contained in:
Anton Protopopov
2025-11-28 06:32:24 +00:00
committed by Alexei Starovoitov
parent 7feff23cdf
commit e3ea26add6
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
kernel/bpf/verifier.c
View File

@@ -6482,6 +6482,8 @@ static int check_ptr_alignment(struct bpf_verifier_env *env,
break;
case PTR_TO_MAP_VALUE:
pointer_desc = "value ";
if (reg->map_ptr->map_type == BPF_MAP_TYPE_INSN_ARRAY)
strict = true;
break;
case PTR_TO_CTX:
pointer_desc = "context ";
@@ -7529,8 +7531,6 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
{
struct bpf_reg_state *regs = cur_regs(env);
struct bpf_reg_state *reg = regs + regno;
bool insn_array = reg->type == PTR_TO_MAP_VALUE &&
reg->map_ptr->map_type == BPF_MAP_TYPE_INSN_ARRAY;
int size, err = 0;
size = bpf_size_to_bytes(bpf_size);
@@ -7538,7 +7538,7 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
return size;
/* alignment checks will add in reg->off themselves */
err = check_ptr_alignment(env, reg, off, size, strict_alignment_once || insn_array);
err = check_ptr_alignment(env, reg, off, size, strict_alignment_once);
if (err)
return err;