On Fri, 2025-08-01 at 11:47 +0200, Paul Chaignon wrote:
> flow_dissector_is_valid_access doesn't check that the context access is
> aligned. As a consequence, an unaligned access within one of the exposed
> field is considered valid and later rejected by
> flow_dissector_convert_ctx_access when we try to convert it.
>
> The later rejection is problematic because it's reported as a verifier
> bug with a kernel warning and doesn't point to the right instruction in
> verifier logs.
>
> Fixes: d58e468b1112 ("flow_dissector: implements flow dissector BPF hook")
> Reported-by: syzbot+ccac90e482b2a81d74aa@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=ccac90e482b2a81d74aa
> Signed-off-by: Paul Chaignon <paul.chaignon@xxxxxxxxx>
> ---
Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
[...]
