Skip to content
Permalink
Browse files Browse the repository at this point in the history
bpf: force strict alignment checks for stack pointers
Force strict alignment checks for stack pointers because the tracking of
stack spills relies on it; unaligned stack accesses can lead to corruption
of spilled registers, which is exploitable.

Fixes: f1174f7 ("bpf/verifier: rework value tracking")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
  • Loading branch information
thejh authored and borkmann committed Dec 21, 2017
1 parent ea25f91 commit a5ec6ae
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions kernel/bpf/verifier.c
Expand Up @@ -1059,6 +1059,11 @@ static int check_ptr_alignment(struct bpf_verifier_env *env,
break;
case PTR_TO_STACK:
pointer_desc = "stack ";
/* The stack spill tracking logic in check_stack_write()
* and check_stack_read() relies on stack accesses being
* aligned.
*/
strict = true;
break;
default:
break;
Expand Down

0 comments on commit a5ec6ae

Please sign in to comment.