Merge branch 'bpf: Fix out-of-bound issue when jit-ing bpf_pseudo_func'

Martin KaFai says: ==================== This set fixes an out-of-bound access issue when jit-ing the bpf_pseudo_func insn (i.e. ld_imm64 with src_reg == BPF_PSEUDO_FUNC) ==================== Reported-by: Yonatan Komornik <yoniko@gmail.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Alexei Starovoitov <ast@kernel.org> 2021-11-06 12:54:13 -0700
committer: Alexei Starovoitov <ast@kernel.org> 2021-11-06 13:22:15 -0700
commit: 47b3708c6088a60e7dc3b809dbb0d4c46590b32f (patch)
tree: 54810b9f3412a1609a829507bf943ae58e88b243 /include/linux
parent: 70bf363d7adb3a428773bc905011d0ff923ba747 (diff)
parent: d99341b373215cf32bfb7f341fb3e720e0e791ef (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 2be6dfd68df9..f715e8863f4d 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -484,6 +484,12 @@ bpf_ctx_record_field_size(struct bpf_insn_access_aux *aux, u32 size)
 	aux->ctx_field_size = size;
 }
 
+static inline bool bpf_pseudo_func(const struct bpf_insn *insn)
+{
+	return insn->code == (BPF_LD | BPF_IMM | BPF_DW) &&
+	       insn->src_reg == BPF_PSEUDO_FUNC;
+}
+
 struct bpf_prog_ops {
 	int (*test_run)(struct bpf_prog *prog, const union bpf_attr *kattr,
 			union bpf_attr __user *uattr);
author	Alexei Starovoitov <ast@kernel.org>	2021-11-06 12:54:13 -0700
committer	Alexei Starovoitov <ast@kernel.org>	2021-11-06 13:22:15 -0700
commit	47b3708c6088a60e7dc3b809dbb0d4c46590b32f (patch)
tree	54810b9f3412a1609a829507bf943ae58e88b243 /include/linux
parent	70bf363d7adb3a428773bc905011d0ff923ba747 (diff)
parent	d99341b373215cf32bfb7f341fb3e720e0e791ef (diff)