aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'kernel')
-rw-r--r--kernel/bpf/verifier.c12
1 files changed, 4 insertions, 8 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index a08d66215245..d54e34874579 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -683,15 +683,11 @@ static int check_packet_access(struct verifier_env *env, u32 regno, int off,
683{ 683{
684 struct reg_state *regs = env->cur_state.regs; 684 struct reg_state *regs = env->cur_state.regs;
685 struct reg_state *reg = &regs[regno]; 685 struct reg_state *reg = &regs[regno];
686 int linear_size = (int) reg->range - (int) reg->off;
687 686
688 if (linear_size < 0 || linear_size >= MAX_PACKET_OFF) { 687 off += reg->off;
689 verbose("verifier bug\n"); 688 if (off < 0 || off + size > reg->range) {
690 return -EFAULT; 689 verbose("invalid access to packet, off=%d size=%d, R%d(id=%d,off=%d,r=%d)\n",
691 } 690 off, size, regno, reg->id, reg->off, reg->range);
692 if (off < 0 || off + size > linear_size) {
693 verbose("invalid access to packet, off=%d size=%d, allowed=%d\n",
694 off, size, linear_size);
695 return -EACCES; 691 return -EACCES;
696 } 692 }
697 return 0; 693 return 0;
generated by cgit v1.2.2 (git 2.25.0) at 2026-05-29 21:38:25 -0400