On Mon, Feb 24, 2025 at 4:39 PM Eduard Zingerman <eddyz87@xxxxxxxxx> wrote:
>
> In addition to warning abort verification with -EFAULT.
> If env->cur_state->loop_entry != NULL something is irrecoverably
> buggy.
>
> Fixes: bbbc02b7445e ("bpf: copy_verifier_state() should copy 'loop_entry' field")
> Suggested-by: Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx>
> Signed-off-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
> ---
> kernel/bpf/verifier.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
that works as well, thanks
Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 5c9b7464ec2c..942c0d2df258 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -19340,8 +19340,10 @@ static int do_check(struct bpf_verifier_env *env)
> return err;
> break;
> } else {
> - if (WARN_ON_ONCE(env->cur_state->loop_entry))
> - env->cur_state->loop_entry = NULL;
> + if (WARN_ON_ONCE(env->cur_state->loop_entry)) {
> + verbose(env, "verifier bug: env->cur_state->loop_entry != NULL\n");
> + return -EFAULT;
> + }
> do_print_state = true;
> continue;
> }
> --
> 2.48.1
>
