summaryrefslogtreecommitdiff
path: root/kernel
diff options
context:
space:
mode:
authorJann Horn <jannh@google.com>2017-12-18 20:11:58 -0800
committerDaniel Borkmann <daniel@iogearbox.net>2017-12-21 02:15:41 +0100
commita5ec6ae161d72f01411169a938fa5f8baea16e8f (patch)
treeac35208d260c569dff7eb526c5db93536e07b0f5 /kernel
parentea25f914dc164c8d56b36147ecc86bc65f83c469 (diff)
downloadlwn-a5ec6ae161d72f01411169a938fa5f8baea16e8f.tar.gz
lwn-a5ec6ae161d72f01411169a938fa5f8baea16e8f.zip
bpf: force strict alignment checks for stack pointers
Force strict alignment checks for stack pointers because the tracking of stack spills relies on it; unaligned stack accesses can lead to corruption of spilled registers, which is exploitable. Fixes: f1174f77b50c ("bpf/verifier: rework value tracking") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/bpf/verifier.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 77e4b5223867..102c519836f6 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1059,6 +1059,11 @@ static int check_ptr_alignment(struct bpf_verifier_env *env,
break;
case PTR_TO_STACK:
pointer_desc = "stack ";
+ /* The stack spill tracking logic in check_stack_write()
+ * and check_stack_read() relies on stack accesses being
+ * aligned.
+ */
+ strict = true;
break;
default:
break;