git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Andrii Nakryiko <andrii@kernel.org>
	Fri, 10 Nov 2023 00:26:36 +0000 (16:26 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 10 Jan 2024 16:10:29 +0000 (17:10 +0100)
commit	b08acd5c4602365e6443226a65c9ed2809cd85b0
tree	0bc4a4f51af2b1a06795065979fd0d4aae945f60	tree
parent	2c795ce09042c9c84f97907b5a95e09895c69686	commit \| diff

bpf: handle ldimm64 properly in check_cfg()

[ Upstream commit 3feb263bb516ee7e1da0acd22b15afbb9a7daa19 ]

ldimm64 instructions are 16-byte long, and so have to be handled
appropriately in check_cfg(), just like the rest of BPF verifier does.

This has implications in three places:
  - when determining next instruction for non-jump instructions;
  - when determining next instruction for callback address ldimm64
    instructions (in visit_func_call_insn());
  - when checking for unreachable instructions, where second half of
    ldimm64 is expected to be unreachable;

We take this also as an opportunity to report jump into the middle of
ldimm64. And adjust few test_verifier tests accordingly.

Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Reported-by: Hao Sun <sunhao.th@gmail.com>
Fixes: 475fb78fbf48 ("bpf: verifier (add branch/goto checks)")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20231110002638.4168352-2-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/linux/bpf.h		diff \| blob \| blame \| history
kernel/bpf/verifier.c		diff \| blob \| blame \| history
tools/testing/selftests/bpf/verifier/ld_imm64.c		diff \| blob \| blame \| history