Skip to content
Commit b08acd5c authored by Andrii Nakryiko's avatar Andrii Nakryiko Committed by Greg Kroah-Hartman
Browse files

bpf: handle ldimm64 properly in check_cfg()



[ Upstream commit 3feb263b ]

ldimm64 instructions are 16-byte long, and so have to be handled
appropriately in check_cfg(), just like the rest of BPF verifier does.

This has implications in three places:
  - when determining next instruction for non-jump instructions;
  - when determining next instruction for callback address ldimm64
    instructions (in visit_func_call_insn());
  - when checking for unreachable instructions, where second half of
    ldimm64 is expected to be unreachable;

We take this also as an opportunity to report jump into the middle of
ldimm64. And adjust few test_verifier tests accordingly.

Acked-by: default avatarEduard Zingerman <eddyz87@gmail.com>
Reported-by: default avatarHao Sun <sunhao.th@gmail.com>
Fixes: 475fb78f ("bpf: verifier (add branch/goto checks)")
Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20231110002638.4168352-2-andrii@kernel.org


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 2c795ce0
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment