Merge branch 'bpf-fix-null-deref-when-storing-scalar-into-kptr-slot'

	int perm_flags;

	const char *reg_name = "";

	if (base_type(reg->type) != PTR_TO_BTF_ID)

		goto bad_type;

	if (btf_is_kernel(reg->btf)) {

		perm_flags = PTR_MAYBE_NULL | PTR_TRUSTED | MEM_RCU;

			perm_flags |= MEM_PERCPU;

	}

	if (base_type(reg->type) != PTR_TO_BTF_ID || (type_flag(reg->type) & ~perm_flags))

	if (type_flag(reg->type) & ~perm_flags)

		goto bad_type;

	/* We need to verify reg->type and reg->btf, before accessing reg->btf */

	return 0;

}

SEC("?tc")

__failure __msg("invalid kptr access, R")

int reject_scalar_store_to_kptr(struct __sk_buff *ctx)

{

	struct map_value *v;

	int key = 0;

	v = bpf_map_lookup_elem(&array_map, &key);

	if (!v)

		return 0;

	*(volatile u64 *)&v->unref_ptr = 0xBADC0DE;

	return 0;

}

char _license[] SEC("license") = "GPL";