X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=kernel%2Fbpf%2Fverifier.c;h=32ea9aaa8b8db68c2c7ca654cbae3441cdabcdc1;hb=157c84b793e721ddede6de5ced52f9394ea1a2c0;hp=8a9f5143bbd1fc16779a95047fb4d9fd4f2e4699;hpb=b73438a4a63f00b90b5ab1c749613ef7bcee9af4;p=platform%2Fkernel%2Flinux-starfive.git

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 8a9f514..32ea9aa 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3518,17 +3518,13 @@ static int check_stack_read(struct bpf_verifier_env *env,
 	}
 	/* Variable offset is prohibited for unprivileged mode for simplicity
 	 * since it requires corresponding support in Spectre masking for stack
-	 * ALU. See also retrieve_ptr_limit().
+	 * ALU. See also retrieve_ptr_limit(). The check in
+	 * check_stack_access_for_ptr_arithmetic() called by
+	 * adjust_ptr_min_max_vals() prevents users from creating stack pointers
+	 * with variable offsets, therefore no check is required here. Further,
+	 * just checking it here would be insufficient as speculative stack
+	 * writes could still lead to unsafe speculative behaviour.
 	 */
-	if (!env->bypass_spec_v1 && var_off) {
-		char tn_buf[48];
-
-		tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);
-		verbose(env, "R%d variable offset stack access prohibited for !root, var_off=%s\n",
-				ptr_regno, tn_buf);
-		return -EACCES;
-	}
-
 	if (!var_off) {
 		off += reg->var_off.value;
 		err = check_stack_read_fixed_off(env, state, off, size,