Adding upstream version 6.1.85.upstream/6.1.85

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-16 03:22:47 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-16 03:22:47 +0000
commit: 31d3cc774e9124f10d3ed2ea144a6e232e93e822 (patch)
tree: de1ac8afc7248eec4b2fb60496b8e9273452d9f7 /kernel/bpf/verifier.c
parent: Adding upstream version 6.1.82. (diff)
download: linux-31d3cc774e9124f10d3ed2ea144a6e232e93e822.tar.xz
linux-31d3cc774e9124f10d3ed2ea144a6e232e93e822.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 1a29ac4db..27cc6e3db 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -4965,6 +4965,11 @@ static int check_stack_access_within_bounds(
 	err = check_stack_slot_within_bounds(min_off, state, type);
 	if (!err && max_off > 0)
 		err = -EINVAL; /* out of stack access into non-negative offsets */
+	if (!err && access_size < 0)
+		/* access_size should not be negative (or overflow an int); others checks
+		 * along the way should have prevented such an access.
+		 */
+		err = -EFAULT; /* invalid negative access size; integer overflow? */
 
 	if (err) {
 		if (tnum_is_const(reg->var_off)) {
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-16 03:22:47 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-16 03:22:47 +0000
commit	31d3cc774e9124f10d3ed2ea144a6e232e93e822 (patch)
tree	de1ac8afc7248eec4b2fb60496b8e9273452d9f7 /kernel/bpf/verifier.c
parent	Adding upstream version 6.1.82. (diff)
download	linux-31d3cc774e9124f10d3ed2ea144a6e232e93e822.tar.xz linux-31d3cc774e9124f10d3ed2ea144a6e232e93e822.zip