Skip to content

Commit a5ec6ae

Browse files
thejhborkmann
thejh
authored and
borkmann
committed
bpf: force strict alignment checks for stack pointers
Force strict alignment checks for stack pointers because the tracking of stack spills relies on it; unaligned stack accesses can lead to corruption of spilled registers, which is exploitable. Fixes: f1174f7 ("bpf/verifier: rework value tracking") Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
1 parent ea25f91 commit a5ec6ae

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

kernel/bpf/verifier.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1059,6 +1059,11 @@ static int check_ptr_alignment(struct bpf_verifier_env *env,
10591059
break;
10601060
case PTR_TO_STACK:
10611061
pointer_desc = "stack ";
1062+
/* The stack spill tracking logic in check_stack_write()
1063+
* and check_stack_read() relies on stack accesses being
1064+
* aligned.
1065+
*/
1066+
strict = true;
10621067
break;
10631068
default:
10641069
break;

0 commit comments

Comments
 (0)