bpf: Fix extable address check.
authorAlexei Starovoitov <ast@kernel.org>
Wed, 15 Dec 2021 03:25:13 +0000 (19:25 -0800)
committerDaniel Borkmann <daniel@iogearbox.net>
Thu, 16 Dec 2021 20:41:04 +0000 (21:41 +0100)
commit588a25e92458c6efeb7a261d5ca5726f5de89184
treef1cc569bf341ba9c79283cff213b5e3beb5762f8
parent433956e91200734d09958673a56df02d00a917c2
bpf: Fix extable address check.

The verifier checks that PTR_TO_BTF_ID pointer is either valid or NULL,
but it cannot distinguish IS_ERR pointer from valid one.

When offset is added to IS_ERR pointer it may become small positive
value which is a user address that is not handled by extable logic
and has to be checked for at the runtime.

Tighten BPF_PROBE_MEM pointer check code to prevent this case.

Fixes: 4c5de127598e ("bpf: Emit explicit NULL pointer checks for PROBE_LDX instructions.")
Reported-by: Lorenzo Fontana <lorenzo.fontana@elastic.co>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
arch/x86/net/bpf_jit_comp.c