mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-16 06:41:39 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
9f118095dd341885dbc3f1cd6a028414da099aba
linux/kernel
History
Daniel Borkmann 9f118095dd bpf: Drop pkt_end markers on arithmetic to prevent is_pkt_ptr_branch_taken 
When a pkt pointer acquires AT_PKT_END or BEYOND_PKT_END range from
a comparison, and then, known-constant arithmetic is performed,
adjust_ptr_min_max_vals() copies the stale range via dst_reg->raw =
ptr_reg->raw without clearing the negative reg->range sentinel values.

This lets is_pkt_ptr_branch_taken() choose one branch direction and
skip going through the other. Fix this by clearing negative pkt range
values (that is, AT_PKT_END and BEYOND_PKT_END) after arithmetic on
pkt pointers. This ensures is_pkt_ptr_branch_taken() returns unknown
and both branches are properly verified.

Fixes: 6d94e741a8 ("bpf: Support for pointers beyond pkt_end.")
Reported-by: STAR Labs SG <info@starlabs.sg>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/r/20260409155016.536608-1-daniel@iogearbox.net
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-09 13:11:31 -07:00
..
bpf
bpf: Drop pkt_end markers on arithmetic to prevent is_pkt_ptr_branch_taken
2026-04-09 13:11:31 -07:00
cgroup
cgroup/cpuset: Skip security check for hotplug induced v1 task migration
2026-03-31 09:14:13 -10:00
configs
Remove WARN_ALL_UNSEEDED_RANDOM kernel config option
2026-02-23 11:18:48 -08:00
debug
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
dma
dma-direct: prevent SWIOTLB path when DMA_ATTR_REQUIRE_COHERENT is set
2026-03-20 12:05:56 +01:00
entry
Merge branch 'core/entry' into sched/core
2026-01-30 15:40:05 +01:00
events
perf: Make sure to use pmu_ctx->pmu for groups
2026-03-12 11:29:16 +01:00
futex
futex: Clear stale exiting pointer in futex_lock_pi() retry path
2026-03-28 13:54:02 +01:00
gcov
Convert more 'alloc_obj' cases to default GFP_KERNEL arguments
2026-02-21 20:03:00 -08:00
irq
Convert 'alloc_flex' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
kcsan
kcsan: test: Adjust "expect" allocation type for kmalloc_obj
2026-02-26 09:54:08 -08:00
livepatch
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
liveupdate
liveupdate: luo_file: remember retrieve() status
2026-02-24 11:13:26 -08:00
locking
Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses
2026-02-22 08:26:33 -08:00
module
module: Fix kernel panic when a symbol st_shndx is out of bounds
2026-02-23 19:37:28 +00:00
power
PM: sleep: Drop spurious WARN_ON() from pm_restore_gfp_mask()
2026-03-23 13:54:53 +01:00
printk
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
rcu
srcu: Use irq_work to start GP in tiny SRCU
2026-03-25 09:00:05 -07:00
sched
Merge tag 'sched_ext-for-7.0-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext
2026-03-31 14:23:12 -07:00
time
alarmtimer: Fix argument order in alarm_timer_forward()
2026-03-24 23:17:14 +01:00
trace
bpf: Prefer vmlinux symbols over module symbols for unqualified kprobes
2026-04-07 16:27:52 -07:00
unwind
Convert more 'alloc_obj' cases to default GFP_KERNEL arguments
2026-02-21 20:03:00 -08:00
.gitignore
kheaders: rebuild kheaders_data.tar.xz when a file is modified within a minute
2025-06-24 20:30:37 +09:00
acct.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
async.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
audit_fsnotify.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
audit_tree.c
Convert 'alloc_flex' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
audit_watch.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
audit.c
Convert 'alloc_flex' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
audit.h
audit: fix comment misindentation in audit.h
2025-10-22 19:28:06 -04:00
auditfilter.c
Convert 'alloc_flex' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
auditsc.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
backtracetest.c
bounds.c
x86/asm: Remove ANNOTATE_DATA_SPECIAL usage
2025-12-03 16:53:19 +01:00
capability.c
cfi.c
cfi: Move BPF CFI types and helpers to generic code
2025-07-31 18:23:53 -07:00
compat.c
configs.c
context_tracking.c
context_tracking: Remove rcu_task_trace_heavyweight_{enter,exit}()
2026-01-01 16:39:46 +08:00
cpu_pm.c
syscore: Pass context data to callbacks
2025-11-14 10:01:52 +01:00
cpu.c
Merge tag 'spdx-7.0-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx
2026-02-17 09:46:03 -08:00
crash_core_test.c
crash: add KUnit tests for crash_exclude_mem_range
2025-09-13 17:32:55 -07:00
crash_core.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
crash_dump_dm_crypt.c
crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying
2026-03-10 16:01:48 -07:00
crash_reserve.c
crash: let architecture decide crash memory export to iomem_resource
2025-11-12 10:00:15 -08:00
cred.c
cred: remove unused set_security_override_from_ctx()
2026-01-06 20:52:57 -05:00
delayacct.c
delayacct: fix uapi timespec64 definition
2026-02-08 00:13:32 -08:00
dma.c
elfcorehdr.c
exec_domain.c
exit.c
kthread: consolidate kthread exit paths to prevent use-after-free
2026-02-26 10:45:49 +01:00
exit.h
extable.c
fail_function.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
fork.c
sched/mmcid: Avoid full tasklist walks
2026-03-11 12:01:07 +01:00
freezer.c
freezer: Clarify that only cgroup1 freezer uses PM freezer
2025-10-30 20:10:27 +01:00
gen_kheaders.sh
kheaders: make it possible to override TAR
2025-08-06 10:23:36 +09:00
groups.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
hung_task.c
hung_task: add hung_task_sys_info sysctl to dump sys info on task-hung
2025-11-20 14:03:43 -08:00
iomem.c
irq_work.c
jump_label.c
kallsyms_internal.h
kallsyms: Get rid of kallsyms relative base
2026-01-22 15:58:22 -07:00
kallsyms_selftest.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
kallsyms_selftest.h
kallsyms.c
Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-02-12 12:13:01 -08:00
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.kexec
liveupdate: kho: move to kernel/liveupdate
2025-11-27 14:24:33 -08:00
Kconfig.locks
Kconfig.preempt
sched: Further restrict the preemption modes
2026-01-08 12:43:57 +01:00
kcov.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
kexec_core.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
kexec_elf.c
kexec_file.c
kexec: derive purgatory entry from symbol
2026-01-31 16:16:07 -08:00
kexec_internal.h
kexec: enable CMA based contiguous allocation
2025-08-02 12:01:38 -07:00
kexec.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
kheaders.c
kprobes.c
kprobes: Remove unneeded warnings from __arm_kprobe_ftrace()
2026-03-13 23:15:26 +09:00
kstack_erase.c
sysctl: remove __user qualifier from stack_erasing_sysctl buffer argument
2025-11-27 15:44:53 +01:00
ksyms_common.c
ksysfs.c
kexec: move sysfs entries to /sys/kernel/kexec
2025-11-27 14:24:42 -08:00
kthread.c
kthread: consolidate kthread exit paths to prevent use-after-free
2026-02-26 10:45:49 +01:00
latencytop.c
Makefile
kcov: Enable context analysis
2026-01-05 16:43:34 +01:00
module_signature.c
notifier.c
nscommon.c
nsfs: tighten permission checks for ns iteration ioctls
2026-02-27 22:00:08 +01:00
nsproxy.c
nsproxy: fix free_nsproxy() and simplify create_new_namespaces()
2025-11-14 13:10:38 +01:00
nstree.c
nstree: tighten permission checks for listing
2026-02-27 22:00:11 +01:00
padata.c
Convert more 'alloc_obj' cases to default GFP_KERNEL arguments
2026-02-21 20:03:00 -08:00
panic.c
panic: add panic_force_cpu= parameter to redirect panic to a specific CPU
2026-02-03 08:21:26 -08:00
params.c
Convert more 'alloc_obj' cases to default GFP_KERNEL arguments
2026-02-21 20:03:00 -08:00
pid_namespace.c
pid: rely on common reference count behavior
2025-11-11 10:01:32 +01:00
pid_sysctl.h
pid.c
Revert "pid: make __task_pid_nr_ns(ns => NULL) safe for zombie callers"
2026-02-10 11:39:30 +01:00
profile.c
ptrace.c
rseq: Introduce struct rseq_data
2025-11-04 08:30:50 +01:00
range.c
reboot.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
regset.c
relay.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
resource_kunit.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
resource.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
rseq.c
rseq: slice ext: Ensure rseq feature size differs from original rseq size
2026-02-23 11:19:19 +01:00
scftorture.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
scs.c
scs: fix a wrong parameter in __scs_magic
2025-11-12 10:00:13 -08:00
seccomp.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
signal.c
compiler-context-analysis: Remove __cond_lock() function-like helper
2026-01-05 16:43:33 +01:00
smp.c
smp: Introduce a helper function to check for pending IPIs
2025-11-19 18:06:50 +01:00
smpboot.c
sched/smp: Use the SMP version of idle_thread_set_boot_cpu()
2025-06-13 08:47:20 +02:00
smpboot.h
softirq.c
softirq: Allow to drop the softirq-BKL lock on PREEMPT_RT
2025-09-17 16:25:41 +02:00
stacktrace.c
static_call_inline.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
static_call.c
stop_machine.c
sched/core: Fix migrate_swap() vs. hotplug
2025-07-01 15:02:03 +02:00
sys_ni.c
rseq: Implement sys_rseq_slice_yield()
2026-01-22 11:11:17 +01:00
sys.c
Merge tag 'riscv-for-linus-7.0-mw1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
2026-02-12 19:17:44 -08:00
sysctl-test.c
sysctl.c
sysctl: fix uninitialized variable in proc_do_large_bitmap
2026-03-26 09:32:19 +01:00
task_work.c
task_work: Fix NMI race condition
2025-10-29 10:29:54 +01:00
taskstats.c
torture.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
tracepoint.c
Convert 'alloc_flex' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
tsacct.c
tsacct: skip all kernel threads
2026-01-26 19:07:13 -08:00
ucount.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
uid16.c
uid16.h
umh.c
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
up.c
user_namespace.c
Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses
2026-02-22 08:26:33 -08:00
user-return-notifier.c
user.c
ns: drop custom reference count initialization for initial namespaces
2025-11-11 10:01:32 +01:00
utsname_sysctl.c
utsname.c
Merge tag 'namespace-6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-09-29 11:20:29 -07:00
vhost_task.c
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
vmcore_info.c
Merge tag 'mm-nonmm-stable-2026-02-12-10-48' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2026-02-12 12:13:01 -08:00
watch_queue.c
Convert 'alloc_flex' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
watchdog_buddy.c
watchdog: fix opencoded cpumask_next_wrap() in watchdog_next_cpu()
2025-07-31 11:28:03 -04:00
watchdog_perf.c
watchdog/hardlockup: simplify perf event probe and remove per-cpu dependency
2026-02-08 00:13:35 -08:00
watchdog.c
watchdog/softlockup: fix sample ring index wrap in need_counting_irqs()
2026-02-08 00:13:34 -08:00
workqueue_internal.h
workqueue: Show in-flight work item duration in stall diagnostics
2026-03-05 07:27:48 -10:00
workqueue.c
workqueue: Better describe stall check
2026-03-25 05:51:02 -10:00