On 2021/9/9 12:57, Andrii Nakryiko wrote: >> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c >> index 047ac4b4703b..2a3955359156 100644 >> --- a/kernel/bpf/verifier.c >> +++ b/kernel/bpf/verifier.c >> @@ -9912,6 +9912,8 @@ static int check_btf_line(struct bpf_verifier_env *env, >> nr_linfo = attr->line_info_cnt; >> if (!nr_linfo) >> return 0; >> + if (nr_linfo * sizeof(struct bpf_line_info) > INT_MAX) >> + return -EINVAL; > I might be missing something, but on 64-bit architecture this can't > overflow (because u32 is multiplied by fixed small sizeof()). And on > 32-bit architecture if it overflows you won't catch it... So did you > mean to do: > > if (nr_lifo > INT_MAX / sizeof(struct bpf_line_info)) > return -EINVAL; > > ? On 64-bit architecture, the value of INT_MAX may be equal to the 32-bit. I get the same question: https://stackoverflow.com/questions/9257065/int-max-in-32-bit-vs-64-bit-environment And 'if (nr_lifo > INT_MAX / sizeof(struct bpf_line_info))' is correct on 32-bit architecture ;) Thanks, Bixuan Cui >
