Unverified Commit d7f41c94 authored Jun 06, 2024 by openeuler-ci-bot Committed by Gitee Jun 06, 2024

!7930 bpf: Protect against int overflow for stack access size

Merge Pull Request from: @ci-robot 
 
PR sync from: Pu Lehui <pulehui@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/QGO3OU6UYDGLVWF5I5HE6MMUJNJACB6X/ 
 
https://gitee.com/src-openeuler/kernel/issues/I9QG3A 
 
Link:https://gitee.com/openeuler/kernel/pulls/7930

 

Reviewed-by: Ye Weihua <yeweihua4@huawei.com>
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

parents 47eea6b3 f732655e

kernel/bpf/verifier.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -3946,6 +3946,11 @@ static int check_stack_access_within_bounds(
		err = check_stack_slot_within_bounds(env, min_off, state, type);
		if (!err && max_off > 0)
		err = -EINVAL; /* out of stack access into non-negative offsets */
		if (!err && access_size < 0)
		/* access_size should not be negative (or overflow an int); others checks
		* along the way should have prevented such an access.
		*/
		err = -EFAULT; /* invalid negative access size; integer overflow? */

		if (err) {
		if (tnum_is_const(reg->var_off)) {