Skip to content

Commit 7c1a3fc

Browse files
pchaignogregkh
authored andcommitted
bpf: Check flow_dissector ctx accesses are aligned
[ Upstream commit ead3d7b ] flow_dissector_is_valid_access doesn't check that the context access is aligned. As a consequence, an unaligned access within one of the exposed field is considered valid and later rejected by flow_dissector_convert_ctx_access when we try to convert it. The later rejection is problematic because it's reported as a verifier bug with a kernel warning and doesn't point to the right instruction in verifier logs. Fixes: d58e468 ("flow_dissector: implements flow dissector BPF hook") Reported-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=ccac90e482b2a81d74aa Signed-off-by: Paul Chaignon <[email protected]> Acked-by: Yonghong Song <[email protected]> Acked-by: Eduard Zingerman <[email protected]> Link: https://lore.kernel.org/r/cc1b036be484c99be45eddf48bd78cc6f72839b1.1754039605.git.paul.chaignon@gmail.com Signed-off-by: Alexei Starovoitov <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
1 parent 3fe7639 commit 7c1a3fc

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

net/core/filter.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9449,6 +9449,9 @@ static bool flow_dissector_is_valid_access(int off, int size,
94499449
if (off < 0 || off >= sizeof(struct __sk_buff))
94509450
return false;
94519451

9452+
if (off % size != 0)
9453+
return false;
9454+
94529455
if (type == BPF_WRITE)
94539456
return false;
94549457

0 commit comments

Comments
 (0)