bpf: Return proper address for non-zero offsets in insn array

The map_direct_value_addr() function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolve_pseudo_ldimm64() function adds the offset. Fix it. Corresponding selftests are added in a consequent commit. Fixes: 493d9e0d6083 ("bpf, x86: add support for indirect jumps") Signed-off-by: Anton Protopopov <a.s.protopopov@gmail.com> Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com> Link: https://lore.kernel.org/r/20260111153047.8388-2-a.s.protopopov@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Anton Protopopov <a.s.protopopov@gmail.com> 2026-01-11 15:30:45 +0000
committer: Alexei Starovoitov <ast@kernel.org> 2026-01-13 19:35:47 -0800
commit: e3bd7bdf5ffe49d8381e42843f6e98cd0c78a1e8 (patch)
tree: 879cf86ba30051c1c3ee97e00bede9aa9896e168
parent: bbdbed193bcf57f1e9c0d9d58c3ad3350bfd0bd1 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/bpf/bpf_insn_array.c b/kernel/bpf/bpf_insn_array.c
index c96630cb75bf..37b43102953e 100644
--- a/kernel/bpf/bpf_insn_array.c
+++ b/kernel/bpf/bpf_insn_array.c
@@ -126,7 +126,7 @@ static int insn_array_map_direct_value_addr(const struct bpf_map *map, u64 *imm,
 		return -EINVAL;
 
 	/* from BPF's point of view, this map is a jump table */
-	*imm = (unsigned long)insn_array->ips + off;
+	*imm = (unsigned long)insn_array->ips;
 
 	return 0;
 }
author	Anton Protopopov <a.s.protopopov@gmail.com>	2026-01-11 15:30:45 +0000
committer	Alexei Starovoitov <ast@kernel.org>	2026-01-13 19:35:47 -0800
commit	e3bd7bdf5ffe49d8381e42843f6e98cd0c78a1e8 (patch)
tree	879cf86ba30051c1c3ee97e00bede9aa9896e168
parent	bbdbed193bcf57f1e9c0d9d58c3ad3350bfd0bd1 (diff)