Skip to content

bpf: Fix off-by-one boundary validation in arena direct-value access#11956

Closed
kernel-patches-daemon-bpf[bot] wants to merge 1 commit intobpf_basefrom
series/1085694=>bpf
Closed

bpf: Fix off-by-one boundary validation in arena direct-value access#11956
kernel-patches-daemon-bpf[bot] wants to merge 1 commit intobpf_basefrom
series/1085694=>bpf

Conversation

@kernel-patches-daemon-bpf
Copy link
Copy Markdown

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf Bot commented Apr 26, 2026

Pull request for series with
subject: bpf: Fix off-by-one boundary validation in arena direct-value access
version: 2
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1085694

@kernel-patches-daemon-bpf
Copy link
Copy Markdown
Author

kernel-patches-daemon-bpf Bot commented Apr 26, 2026

Upstream branch: b5c111f
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1085694
version: 2

@kernel-patches-daemon-bpf
Copy link
Copy Markdown
Author

kernel-patches-daemon-bpf Bot commented Apr 26, 2026

Upstream branch: b5c111f
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1085694
version: 2

@kernel-patches-daemon-bpf
Copy link
Copy Markdown
Author

kernel-patches-daemon-bpf Bot commented Apr 30, 2026

Upstream branch: b5c111f
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1085694
version: 2

@kernel-patches-daemon-bpf
Copy link
Copy Markdown
Author

kernel-patches-daemon-bpf Bot commented May 2, 2026

Upstream branch: b5c111f
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1085694
version: 2

@kernel-patches-daemon-bpf
Copy link
Copy Markdown
Author

kernel-patches-daemon-bpf Bot commented May 2, 2026

Upstream branch: 0c7ae13
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1085694
version: 2

@kernel-patches-daemon-bpf
Copy link
Copy Markdown
Author

kernel-patches-daemon-bpf Bot commented May 8, 2026

Upstream branch: f3b8c28
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1085694
version: 2

@1nzag
bpf: Fix off-by-one boundary validation in arena direct-value access
72a150d 
BPF_MAP_TYPE_ARENA accepts BPF_PSEUDO_MAP_VALUE offsets at exactly
the end of the arena mapping (off == arena_size). The boundary check
in arena_map_direct_value_addr() uses `>` instead of `>=`, which
incorrectly allows a one-past-end pointer to be accepted.

Change the condition to `>=` to correctly reject offsets that fall
outside the valid arena user_vm range.

Fixes: 3174603 ("bpf: Introduce bpf_arena.")
Signed-off-by: Junyoung Jang <graypanda.inzag@gmail.com>
Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com>
@kernel-patches-daemon-bpf
Copy link
Copy Markdown
Author

kernel-patches-daemon-bpf Bot commented May 8, 2026

Upstream branch: 18fc650
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1085694
version: 2

@kernel-patches-daemon-bpf
Copy link
Copy Markdown
Author

kernel-patches-daemon-bpf Bot commented May 9, 2026

At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=1085694 irrelevant now. Closing PR.

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf Bot deleted the series/1085694=>bpf branch May 9, 2026 23:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

accepted bpf V2-ci-pass V2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@1nzag