From b51ffb61eefd828e5effa3e65d9ab8ff0db51dc1 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 19 May 2025 12:53:39 +0000 Subject: [PATCH] Revert "bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs" This reverts commit 3a467d938da2830009f2bea21b497377694a32a0 which is commit ac6542ad92759cda383ad62b4e4cbfc28136abc1 upstream. It breaks the Android kernel abi and can be brought back in the future in an abi-safe way if it is really needed. Bug: 161946584 Change-Id: If0aab3edf65fd03fb40a38f49a82f1775dfb9d1d Signed-off-by: Greg Kroah-Hartman --- kernel/bpf/verifier.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index dc6e569e7d25..27e4e7dedbad 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -19940,7 +19940,6 @@ int bpf_check_attach_target(struct bpf_verifier_log *log, } if (tgt_prog) { struct bpf_prog_aux *aux = tgt_prog->aux; - bool tgt_changes_pkt_data; if (bpf_prog_is_dev_bound(prog->aux) && !bpf_prog_dev_bound_match(prog, tgt_prog)) { @@ -19969,10 +19968,8 @@ int bpf_check_attach_target(struct bpf_verifier_log *log, "Extension programs should be JITed\n"); return -EINVAL; } - tgt_changes_pkt_data = aux->func - ? aux->func[subprog]->aux->changes_pkt_data - : aux->changes_pkt_data; - if (prog->aux->changes_pkt_data && !tgt_changes_pkt_data) { + if (prog->aux->changes_pkt_data && + !aux->func[subprog]->aux->changes_pkt_data) { bpf_log(log, "Extension program changes packet data, while original does not\n"); return -EINVAL;