All of lore.kernel.org
 help / color / mirror / Atom feed
* [bug report] MIPS: net: Add BPF JIT
@ 2016-07-13 14:07 Dan Carpenter
  0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2016-07-13 14:07 UTC (permalink / raw)
  To: markos.chandras, Matt Evans; +Cc: linux-mips, linuxppc-dev

Hello Markos Chandras,

The patch c6610de353da: "MIPS: net: Add BPF JIT" from Apr 8, 2014,
leads to the following static checker warning:

	arch/mips/net/bpf_jit.c:1185 build_body()
	warn: potential off by one 'ctx->offsets[]' limit 'prog->len'

arch/mips/net/bpf_jit.c
   652  static int build_body(struct jit_ctx *ctx)
   653  {
   654          const struct bpf_prog *prog = ctx->skf;
   655          const struct sock_filter *inst;
   656          unsigned int i, off, condt;
   657          u32 k, b_off __maybe_unused;
   658          u8 (*sk_load_func)(unsigned long *skb, int offset);
   659  
   660          for (i = 0; i < prog->len; i++) {
   661                  u16 code;
   662  
   663                  inst = &(prog->insns[i]);
   664                  pr_debug("%s: code->0x%02x, jt->0x%x, jf->0x%x, k->0x%x\n",
   665                           __func__, inst->code, inst->jt, inst->jf, inst->k);
   666                  k = inst->k;
   667                  code = bpf_anc_helper(inst);
   668  
   669                  if (ctx->target == NULL)
   670                          ctx->offsets[i] = ctx->idx * 4;

We have this so we don't need the other assignment.

   671  
   672                  switch (code) {

[ snipped big switch statement ]

  1176                  default:
  1177                          pr_debug("%s: Unhandled opcode: 0x%02x\n", __FILE__,
  1178                                   inst->code);
  1179                          return -1;
  1180                  }
  1181          }
  1182  
  1183          /* compute offsets only during the first pass */
  1184          if (ctx->target == NULL)
  1185                  ctx->offsets[i] = ctx->idx * 4;

i is always one step beyond the end of the array here.

  1186  
  1187          return 0;
  1188  }

That arm and powerpc implementations have the same issue.

regards,
dan carpenter

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2016-07-13 14:07 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-07-13 14:07 [bug report] MIPS: net: Add BPF JIT Dan Carpenter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.