git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Arnaud Lecomte <contact@arnaud-lcm.com>
	Sat, 25 Oct 2025 19:29:41 +0000 (19:29 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 18 Dec 2025 13:02:42 +0000 (14:02 +0100)
commit	4669a8db976c8cbd5427fe9945f12c5fa5168ff3
tree	6772be4ac77e396938bb93e654d1df8bea512d52	tree \| snapshot
parent	8fc78e468f9e4dfaa278a84d0b349e2f773aa19b	commit \| diff

bpf: Fix stackmap overflow check in __bpf_get_stackid()

[ Upstream commit 23f852daa4bab4d579110e034e4d513f7d490846 ]

Syzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid()
when copying stack trace data. The issue occurs when the perf trace
contains more stack entries than the stack map bucket can hold,
leading to an out-of-bounds write in the bucket's data array.

Fixes: ee2a098851bf ("bpf: Adjust BPF stack helper functions to accommodate skip > 0")
Reported-by: syzbot+c9b724fbb41cf2538b7b@syzkaller.appspotmail.com
Signed-off-by: Arnaud Lecomte <contact@arnaud-lcm.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Acked-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/bpf/20251025192941.1500-1-contact@arnaud-lcm.com
Closes: https://syzkaller.appspot.com/bug?extid=c9b724fbb41cf2538b7b
Signed-off-by: Sasha Levin <sashal@kernel.org>