diff options
| author | Anton Protopopov <a.s.protopopov@gmail.com> | 2025-11-28 06:32:24 +0000 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2025-11-28 15:15:43 -0800 |
| commit | e3ea26add687ec6829fd8e7161b17667fdb88ec1 (patch) | |
| tree | aa3809c6b04559da7746da4c2e9b8e426c10172c | |
| parent | 7feff23cdf2ecd30909872f3be1da820df839ab0 (diff) | |
bpf: check for insn arrays in check_ptr_alignment
Do not abuse the strict_alignment_once flag, and check if the map is
an instruction array inside the check_ptr_alignment() function.
Suggested-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Anton Protopopov <a.s.protopopov@gmail.com>
Link: https://lore.kernel.org/r/20251128063224.1305482-3-a.s.protopopov@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
| -rw-r--r-- | kernel/bpf/verifier.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 4a53ca1d3104..f0ca69f888fa 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -6482,6 +6482,8 @@ static int check_ptr_alignment(struct bpf_verifier_env *env, break; case PTR_TO_MAP_VALUE: pointer_desc = "value "; + if (reg->map_ptr->map_type == BPF_MAP_TYPE_INSN_ARRAY) + strict = true; break; case PTR_TO_CTX: pointer_desc = "context "; @@ -7529,8 +7531,6 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn { struct bpf_reg_state *regs = cur_regs(env); struct bpf_reg_state *reg = regs + regno; - bool insn_array = reg->type == PTR_TO_MAP_VALUE && - reg->map_ptr->map_type == BPF_MAP_TYPE_INSN_ARRAY; int size, err = 0; size = bpf_size_to_bytes(bpf_size); @@ -7538,7 +7538,7 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn return size; /* alignment checks will add in reg->off themselves */ - err = check_ptr_alignment(env, reg, off, size, strict_alignment_once || insn_array); + err = check_ptr_alignment(env, reg, off, size, strict_alignment_once); if (err) return err; |