summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--kernel/bpf/verifier.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 8400c1f33cd4..f2d600199e66 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -2248,16 +2248,28 @@ static int check_stack_boundary(struct bpf_verifier_env *env, int regno,
if (meta && meta->raw_mode)
meta = NULL;
+ if (reg->smax_value >= BPF_MAX_VAR_OFF ||
+ reg->smax_value <= -BPF_MAX_VAR_OFF) {
+ verbose(env, "R%d unbounded indirect variable offset stack access\n",
+ regno);
+ return -EACCES;
+ }
min_off = reg->smin_value + reg->off;
- max_off = reg->umax_value + reg->off;
+ max_off = reg->smax_value + reg->off;
err = __check_stack_boundary(env, regno, min_off, access_size,
zero_size_allowed);
- if (err)
+ if (err) {
+ verbose(env, "R%d min value is outside of stack bound\n",
+ regno);
return err;
+ }
err = __check_stack_boundary(env, regno, max_off, access_size,
zero_size_allowed);
- if (err)
+ if (err) {
+ verbose(env, "R%d max value is outside of stack bound\n",
+ regno);
return err;
+ }
}
if (meta && meta->raw_mode) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-11 05:16:50 +0000