Hello:
This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@xxxxxxxxxx>:
On Tue, 23 Jul 2024 08:34:39 -0700 you wrote:
> syzbot reported a kernel crash due to
> commit 1f1e864b6555 ("bpf: Handle sign-extenstin ctx member accesses").
> The reason is due to sign-extension of 32-bit load for
> packet data/data_end/data_meta uapi field.
>
> The original code looks like:
> r2 = *(s32 *)(r1 + 76) /* load __sk_buff->data */
> r3 = *(u32 *)(r1 + 80) /* load __sk_buff->data_end */
> r0 = r2
> r0 += 8
> if r3 > r0 goto +1
> ...
> Note that __sk_buff->data load has 32-bit sign extension.
>
> [...]
Here is the summary with links:
- [bpf-next,v3,1/2] bpf: Fail verification for sign-extension of packet data/data_end/data_meta
https://git.kernel.org/bpf/bpf-next/c/8924c0a1d51b
- [bpf-next,v3,2/2] selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses
https://git.kernel.org/bpf/bpf-next/c/eb1b55c4875a
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
