Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fdbaa0be authored by Martin KaFai Lau's avatar Martin KaFai Lau Committed by Alexei Starovoitov
Browse files

bpf: Ensure line_info.insn_off cannot point to insn with zero code 



This patch rejects a line_info if the bpf insn code referred by
line_info.insn_off is 0. F.e. a broken userspace tool might generate
a line_info.insn_off that points to the second 8 bytes of a BPF_LD_IMM64.

Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent 9e88b931

kernel/bpf/verifier.c

+8 −0
Original line number Diff line number Diff line
@@ -4980,6 +4980,14 @@ static int check_btf_line(struct bpf_verifier_env *env, 
			goto err_free;

		}



		if (!prog->insnsi[linfo[i].insn_off].code) {

			verbose(env,

				"Invalid insn code at line_info[%u].insn_off\n",

				i);

			err = -EINVAL;

			goto err_free;

		}



		if (!btf_name_by_offset(btf, linfo[i].line_off) ||

		    !btf_name_by_offset(btf, linfo[i].file_name_off)) {

			verbose(env, "Invalid line_info[%u].line_off or .file_name_off\n", i);