bpf: fix max call depth check (aada9ce6) · Commits · e / devices / android_kernel_oneplus_sm7250

kernel/bpf/verifier.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -2126,9 +2126,9 @@ static int check_func_call(struct bpf_verifier_env env, struct bpf_insn insn,
		struct bpf_func_state caller, callee;
		int i, subprog, target_insn;

		if (state->curframe >= MAX_CALL_FRAMES) {
		if (state->curframe + 1 >= MAX_CALL_FRAMES) {
		verbose(env, "the call stack of %d frames is too deep\n",
		state->curframe);
		state->curframe + 2);
		return -E2BIG;
		}

+35 −0

Original line number	Diff line number	Diff line
		@@ -8884,6 +8884,41 @@ static struct bpf_test tests[] = {
		.result = REJECT,
		.errstr = "combined stack",
		},
		{
		"calls: stack depth check using three frames. test5",
		.insns = {
		/* main */
		BPF_RAW_INSN(BPF_JMP\|BPF_CALL, 0, 1, 0, 1), /* call A */
		BPF_EXIT_INSN(),
		/* A */
		BPF_RAW_INSN(BPF_JMP\|BPF_CALL, 0, 1, 0, 1), /* call B */
		BPF_EXIT_INSN(),
		/* B */
		BPF_RAW_INSN(BPF_JMP\|BPF_CALL, 0, 1, 0, 1), /* call C */
		BPF_EXIT_INSN(),
		/* C */
		BPF_RAW_INSN(BPF_JMP\|BPF_CALL, 0, 1, 0, 1), /* call D */
		BPF_EXIT_INSN(),
		/* D */
		BPF_RAW_INSN(BPF_JMP\|BPF_CALL, 0, 1, 0, 1), /* call E */
		BPF_EXIT_INSN(),
		/* E */
		BPF_RAW_INSN(BPF_JMP\|BPF_CALL, 0, 1, 0, 1), /* call F */
		BPF_EXIT_INSN(),
		/* F */
		BPF_RAW_INSN(BPF_JMP\|BPF_CALL, 0, 1, 0, 1), /* call G */
		BPF_EXIT_INSN(),
		/* G */
		BPF_RAW_INSN(BPF_JMP\|BPF_CALL, 0, 1, 0, 1), /* call H */
		BPF_EXIT_INSN(),
		/* H */
		BPF_MOV64_IMM(BPF_REG_0, 0),
		BPF_EXIT_INSN(),
		},
		.prog_type = BPF_PROG_TYPE_XDP,
		.errstr = "call stack",
		.result = REJECT,
		},
		{
		"calls: spill into caller stack frame",
		.insns = {