Merge branch 'properly-load-insn-array-values-with-offsets'

Anton Protopopov says: ==================== properly load insn array values with offsets As was reported by the BPF CI bot in [1] the direct address of an instruction array returned by map_direct_value_addr() is incorrect if the offset is non-zero. Fix this bug and add selftests. Also (commit 2), return EACCES instead of EINVAL when offsets aren't correct. [1] https://lore.kernel.org/bpf/0447c47ac58306546a5dbdbad2601f3e77fa8eb24f3a4254dda3a39f6133e68f@mail.kernel.org/ ==================== Link: https://patch.msgid.link/20260111153047.8388-1-a.s.protopopov@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
author: Alexei Starovoitov <ast@kernel.org> 2026-01-13 19:35:14 -0800
committer: Alexei Starovoitov <ast@kernel.org> 2026-01-13 19:37:10 -0800
commit: 46c76760febfb14618d88f6a01fca2d93d003082 (patch)
tree: 190beda62990f3fe6f593ff1143f43e015d16792 /kernel
parent: bbdbed193bcf57f1e9c0d9d58c3ad3350bfd0bd1 (diff)
parent: c656807675e09604af09a4b9f3ea466af91b7b7a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/kernel/bpf/bpf_insn_array.c b/kernel/bpf/bpf_insn_array.c
index c96630cb75bf..c0286f25ca3c 100644
--- a/kernel/bpf/bpf_insn_array.c
+++ b/kernel/bpf/bpf_insn_array.c
@@ -123,10 +123,10 @@ static int insn_array_map_direct_value_addr(const struct bpf_map *map, u64 *imm,
 
 	if ((off % sizeof(long)) != 0 ||
 	    (off / sizeof(long)) >= map->max_entries)
-		return -EINVAL;
+		return -EACCES;
 
 	/* from BPF's point of view, this map is a jump table */
-	*imm = (unsigned long)insn_array->ips + off;
+	*imm = (unsigned long)insn_array->ips;
 
 	return 0;
 }
author	Alexei Starovoitov <ast@kernel.org>	2026-01-13 19:35:14 -0800
committer	Alexei Starovoitov <ast@kernel.org>	2026-01-13 19:37:10 -0800
commit	46c76760febfb14618d88f6a01fca2d93d003082 (patch)
tree	190beda62990f3fe6f593ff1143f43e015d16792 /kernel
parent	bbdbed193bcf57f1e9c0d9d58c3ad3350bfd0bd1 (diff)
parent	c656807675e09604af09a4b9f3ea466af91b7b7a (diff)