aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--kernel/bpf/verifier.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 9ac205d1b8b7..eebbc03e5af2 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3081,8 +3081,8 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
3081 smin_ptr = ptr_reg->smin_value, smax_ptr = ptr_reg->smax_value; 3081 smin_ptr = ptr_reg->smin_value, smax_ptr = ptr_reg->smax_value;
3082 u64 umin_val = off_reg->umin_value, umax_val = off_reg->umax_value, 3082 u64 umin_val = off_reg->umin_value, umax_val = off_reg->umax_value,
3083 umin_ptr = ptr_reg->umin_value, umax_ptr = ptr_reg->umax_value; 3083 umin_ptr = ptr_reg->umin_value, umax_ptr = ptr_reg->umax_value;
3084 u32 dst = insn->dst_reg, src = insn->src_reg;
3084 u8 opcode = BPF_OP(insn->code); 3085 u8 opcode = BPF_OP(insn->code);
3085 u32 dst = insn->dst_reg;
3086 3086
3087 dst_reg = &regs[dst]; 3087 dst_reg = &regs[dst];
3088 3088
@@ -3115,6 +3115,13 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
3115 verbose(env, "R%d pointer arithmetic on %s prohibited\n", 3115 verbose(env, "R%d pointer arithmetic on %s prohibited\n",
3116 dst, reg_type_str[ptr_reg->type]); 3116 dst, reg_type_str[ptr_reg->type]);
3117 return -EACCES; 3117 return -EACCES;
3118 case PTR_TO_MAP_VALUE:
3119 if (!env->allow_ptr_leaks && !known && (smin_val < 0) != (smax_val < 0)) {
3120 verbose(env, "R%d has unknown scalar with mixed signed bounds, pointer arithmetic with it prohibited for !root\n",
3121 off_reg == dst_reg ? dst : src);
3122 return -EACCES;
3123 }
3124 /* fall-through */
3118 default: 3125 default:
3119 break; 3126 break;
3120 } 3127 }
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-07 05:29:14 -0400