git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Alexei Starovoitov <ast@kernel.org>
	Fri, 10 Apr 2026 20:56:05 +0000 (13:56 -0700)
committer	Alexei Starovoitov <ast@kernel.org>
	Fri, 10 Apr 2026 22:13:38 +0000 (15:13 -0700)
commit	2cb27158adb38f1a78729e99f7469199d71c714a
tree	c5802af061e4ae3e25cb25ebb3ccd53039b3dffa	tree \| snapshot
parent	27417e5eb9cd4151320866e0b2cca0c612f1cdf7	commit \| diff

bpf: poison dead stack slots

As a sanity check poison stack slots that stack liveness determined
to be dead, so that any read from such slots will cause program rejection.
If stack liveness logic is incorrect the poison can cause
valid program to be rejected, but it also will prevent unsafe program
to be accepted.

Allow global subprogs "read" poisoned stack slots.
The static stack liveness determined that subprog doesn't read certain
stack slots, but sizeof(arg_type) based global subprog validation
isn't accurate enough to know which slots will actually be read by
the callee, so it needs to check full sizeof(arg_type) at the caller.

Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20260410-patch-set-v4-14-5d4eecb343db@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

include/linux/bpf_verifier.h		diff \| blob \| blame \| history
kernel/bpf/log.c		diff \| blob \| blame \| history
kernel/bpf/verifier.c		diff \| blob \| blame \| history
tools/testing/selftests/bpf/progs/verifier_spill_fill.c		diff \| blob \| blame \| history