From: Daniel Borkmann Date: Fri, 22 Dec 2017 15:23:09 +0000 (+0100) Subject: bpf: force strict alignment checks for stack pointers X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=c90268f7cbee0781331b96d1423d0f28a6183889;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git bpf: force strict alignment checks for stack pointers From: Jann Horn [ Upstream commit a5ec6ae161d72f01411169a938fa5f8baea16e8f ] Force strict alignment checks for stack pointers because the tracking of stack spills relies on it; unaligned stack accesses can lead to corruption of spilled registers, which is exploitable. Fixes: f1174f77b50c ("bpf/verifier: rework value tracking") Signed-off-by: Jann Horn Signed-off-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann Signed-off-by: Greg Kroah-Hartman --- diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 8aa98a0591d6..8c353554628e 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -1061,6 +1061,11 @@ static int check_ptr_alignment(struct bpf_verifier_env *env, break; case PTR_TO_STACK: pointer_desc = "stack "; + /* The stack spill tracking logic in check_stack_write() + * and check_stack_read() relies on stack accesses being + * aligned. + */ + strict = true; break; default: break;