bpf: Remove misleading spec_v1 check on var-offset stack read

[platform/kernel/linux-starfive.git] / kernel / bpf / verifier.c

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 8a9f514..32ea9aa 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3518,17 +3518,13 @@ static int check_stack_read(struct bpf_verifier_env *env,
        }
        /* Variable offset is prohibited for unprivileged mode for simplicity
         * since it requires corresponding support in Spectre masking for stack
-        * ALU. See also retrieve_ptr_limit().
+        * ALU. See also retrieve_ptr_limit(). The check in
+        * check_stack_access_for_ptr_arithmetic() called by
+        * adjust_ptr_min_max_vals() prevents users from creating stack pointers
+        * with variable offsets, therefore no check is required here. Further,
+        * just checking it here would be insufficient as speculative stack
+        * writes could still lead to unsafe speculative behaviour.
         */
-       if (!env->bypass_spec_v1 && var_off) {
-               char tn_buf[48];
-
-               tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
-               verbose(env, "R%d variable offset stack access prohibited for !root, var_off=%s\n",
-                               ptr_regno, tn_buf);
-               return -EACCES;
-       }
-
        if (!var_off) {
                off += reg->var_off.value;
                err = check_stack_read_fixed_off(env, state, off, size,