[PATCH bpf-next 1/1] bpf: use proper type to calculate bpf_raw_tp_null

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH bpf-next 1/1] bpf: use proper type to calculate bpf_raw_tp_null_args.mask index
@ 2025-04-18  7:49 Shung-Hsi Yu
  2025-04-18 14:27 ` Kumar Kartikeya Dwivedi
  2025-04-23 17:30 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 3+ messages in thread
From: Shung-Hsi Yu @ 2025-04-18  7:49 UTC (permalink / raw)
  To: bpf
  Cc: Martin KaFai Lau, Alexei Starovoitov, Daniel Borkmann,
	Andrii Nakryiko, Eduard Zingerman, Song Liu, Yonghong Song,
	John Fastabend, KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa,
	Shung-Hsi Yu, Kumar Kartikeya Dwivedi, Dan Carpenter

The calculation of the index used to access the mask field in 'struct
bpf_raw_tp_null_args' is done with 'int' type, which could overflow when
the tracepoint being attached has more than 8 arguments.

While none of the tracepoints mentioned in raw_tp_null_args[] currently
have more than 8 arguments, there do exist tracepoints that had more
than 8 arguments (e.g. iocost_iocg_forgive_debt), so use the correct
type for calculation and avoid Smatch static checker warning.

Cc: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/843a3b94-d53d-42db-93d4-be10a4090146@stanley.mountain/
Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
---
 kernel/bpf/btf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 16ba36f34dfa..656ee11aff67 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -6829,10 +6829,10 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
 			/* Is this a func with potential NULL args? */
 			if (strcmp(tname, raw_tp_null_args[i].func))
 				continue;
-			if (raw_tp_null_args[i].mask & (0x1 << (arg * 4)))
+			if (raw_tp_null_args[i].mask & (0x1ULL << (arg * 4)))
 				info->reg_type |= PTR_MAYBE_NULL;
 			/* Is the current arg IS_ERR? */
-			if (raw_tp_null_args[i].mask & (0x2 << (arg * 4)))
+			if (raw_tp_null_args[i].mask & (0x2ULL << (arg * 4)))
 				ptr_err_raw_tp = true;
 			break;
 		}
-- 
2.49.0


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH bpf-next 1/1] bpf: use proper type to calculate bpf_raw_tp_null_args.mask index
  2025-04-18  7:49 [PATCH bpf-next 1/1] bpf: use proper type to calculate bpf_raw_tp_null_args.mask index Shung-Hsi Yu
@ 2025-04-18 14:27 ` Kumar Kartikeya Dwivedi
  2025-04-23 17:30 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: Kumar Kartikeya Dwivedi @ 2025-04-18 14:27 UTC (permalink / raw)
  To: Shung-Hsi Yu
  Cc: bpf, Martin KaFai Lau, Alexei Starovoitov, Daniel Borkmann,
	Andrii Nakryiko, Eduard Zingerman, Song Liu, Yonghong Song,
	John Fastabend, KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa,
	Dan Carpenter

On Fri, 18 Apr 2025 at 09:49, Shung-Hsi Yu <shung-hsi.yu@suse.com> wrote:
>
> The calculation of the index used to access the mask field in 'struct
> bpf_raw_tp_null_args' is done with 'int' type, which could overflow when
> the tracepoint being attached has more than 8 arguments.
>
> While none of the tracepoints mentioned in raw_tp_null_args[] currently
> have more than 8 arguments, there do exist tracepoints that had more
> than 8 arguments (e.g. iocost_iocg_forgive_debt), so use the correct
> type for calculation and avoid Smatch static checker warning.
>
> Cc: Kumar Kartikeya Dwivedi <memxor@gmail.com>
> Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> Closes: https://lore.kernel.org/r/843a3b94-d53d-42db-93d4-be10a4090146@stanley.mountain/
> Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
> ---

Not sure how I missed this, but thanks for fixing.
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>

>  kernel/bpf/btf.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> index 16ba36f34dfa..656ee11aff67 100644
> --- a/kernel/bpf/btf.c
> +++ b/kernel/bpf/btf.c
> @@ -6829,10 +6829,10 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
>                         /* Is this a func with potential NULL args? */
>                         if (strcmp(tname, raw_tp_null_args[i].func))
>                                 continue;
> -                       if (raw_tp_null_args[i].mask & (0x1 << (arg * 4)))
> +                       if (raw_tp_null_args[i].mask & (0x1ULL << (arg * 4)))
>                                 info->reg_type |= PTR_MAYBE_NULL;
>                         /* Is the current arg IS_ERR? */
> -                       if (raw_tp_null_args[i].mask & (0x2 << (arg * 4)))
> +                       if (raw_tp_null_args[i].mask & (0x2ULL << (arg * 4)))
>                                 ptr_err_raw_tp = true;
>                         break;
>                 }
> --
> 2.49.0
>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH bpf-next 1/1] bpf: use proper type to calculate bpf_raw_tp_null_args.mask index
  2025-04-18  7:49 [PATCH bpf-next 1/1] bpf: use proper type to calculate bpf_raw_tp_null_args.mask index Shung-Hsi Yu
  2025-04-18 14:27 ` Kumar Kartikeya Dwivedi
@ 2025-04-23 17:30 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-04-23 17:30 UTC (permalink / raw)
  To: Shung-Hsi Yu
  Cc: bpf, martin.lau, ast, daniel, andrii, eddyz87, song,
	yonghong.song, john.fastabend, kpsingh, sdf, haoluo, jolsa,
	memxor, dan.carpenter

Hello:

This patch was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@kernel.org>:

On Fri, 18 Apr 2025 15:49:43 +0800 you wrote:
> The calculation of the index used to access the mask field in 'struct
> bpf_raw_tp_null_args' is done with 'int' type, which could overflow when
> the tracepoint being attached has more than 8 arguments.
> 
> While none of the tracepoints mentioned in raw_tp_null_args[] currently
> have more than 8 arguments, there do exist tracepoints that had more
> than 8 arguments (e.g. iocost_iocg_forgive_debt), so use the correct
> type for calculation and avoid Smatch static checker warning.
> 
> [...]

Here is the summary with links:
  - [bpf-next,1/1] bpf: use proper type to calculate bpf_raw_tp_null_args.mask index
    https://git.kernel.org/bpf/bpf-next/c/53ebef53a657

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-04-23 17:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-18  7:49 [PATCH bpf-next 1/1] bpf: use proper type to calculate bpf_raw_tp_null_args.mask index Shung-Hsi Yu
2025-04-18 14:27 ` Kumar Kartikeya Dwivedi
2025-04-23 17:30 ` patchwork-bot+netdevbpf

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.