From: sashiko-bot@kernel.org
To: "Kumar Kartikeya Dwivedi" <memxor@gmail.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v1 01/17] bpf: Add verifier diagnostics report helpers
Date: Fri, 05 Jun 2026 06:42:38 +0000 [thread overview]
Message-ID: <20260605064238.AA12F1F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260605063412.974640-2-memxor@gmail.com>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [High] High stack consumption in verifier diagnostic helper functions.
- [Low] Premature line wrapping when a word exactly fits the column width.
--
commit aa805d573ef7f7f7b9f1f0f42ddae783a0fb2690
Author: Kumar Kartikeya Dwivedi <memxor@gmail.com>
bpf: Add verifier diagnostics report helpers
Add a small diagnostics renderer for verifier reports and wire it into the
BPF build. The initial helpers emit the common text structure: a failure
header plus reusable report sections.
> diff --git a/kernel/bpf/diagnostics.c b/kernel/bpf/diagnostics.c
> new file mode 100644
> index 0000000000000..a6684adc0c313
> --- /dev/null
> +++ b/kernel/bpf/diagnostics.c
[ ... ]
> +static void bpf_diag_print_wrapped_prefixed(struct bpf_verifier_env *env,
> + const char *first_prefix,
> + const char *next_prefix,
> + const char *text)
> +{
[ ... ]
> + while (line[len] && line[len] != '\n' && len < text_width) {
> + if (line[len] == ' ')
> + last_space = len;
> + len++;
> + }
> +
> + if (line[len] && line[len] != '\n' && last_space > 0)
> + len = last_space;
[Severity: Low]
Does this cause premature line wrapping when a word exactly fits the column
width?
If line[len] is a space where len equals text_width, the condition
line[len] != '\n' evaluates to true, forcing len to revert to last_space.
This prevents the full word from utilizing the available line width.
[ ... ]
> +static void bpf_diag_vprint_indented(struct bpf_verifier_env *env,
> + const char *fmt, va_list args)
> +{
> + char buf[1024];
[Severity: High]
Does this risk a kernel stack overflow?
A 1024-byte local buffer is allocated on the stack here. Coupled with the
512-byte problem_buf in bpf_diag_report_header(), and large allocations in
other diagnostic functions like bpf_diag_report_source() (over 1.3KB) and
bpf_diag_print_source_annotation() (768 bytes), the total stack consumption
in a single call chain can exceed 2KB.
Could these large stack buffers lead to stack overflow panics in the
deeply-nested BPF verifier?
> +
> + if (!bpf_verifier_log_needed(&env->log))
> + return;
> +
> + vscnprintf(buf, sizeof(buf), fmt, args);
> + bpf_diag_print_wrapped_text(env, buf);
> +}
> +
> +void bpf_diag_report_header(struct bpf_verifier_env *env,
> + const char *category, const char *problem)
> +{
> + char problem_buf[BPF_DIAG_MSG_LEN];
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260605063412.974640-1-memxor@gmail.com?part=1
next prev parent reply other threads:[~2026-06-05 6:42 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-05 6:33 [PATCH bpf-next v1 00/17] Redesign Verification Errors Kumar Kartikeya Dwivedi
2026-06-05 6:33 ` [PATCH bpf-next v1 01/17] bpf: Add verifier diagnostics report helpers Kumar Kartikeya Dwivedi
2026-06-05 6:42 ` sashiko-bot [this message]
2026-06-05 7:40 ` bot+bpf-ci
2026-06-05 18:58 ` Eduard Zingerman
2026-06-05 6:33 ` [PATCH bpf-next v1 02/17] bpf: Define verifier diagnostic categories Kumar Kartikeya Dwivedi
2026-06-05 19:10 ` Eduard Zingerman
2026-06-05 6:33 ` [PATCH bpf-next v1 03/17] bpf: Add source and instruction diagnostic context Kumar Kartikeya Dwivedi
2026-06-05 8:48 ` sashiko-bot
2026-06-05 20:22 ` Eduard Zingerman
2026-06-05 20:55 ` Kumar Kartikeya Dwivedi
2026-06-05 21:07 ` Eduard Zingerman
2026-06-05 6:33 ` [PATCH bpf-next v1 04/17] bpf: Track verifier branch diagnostic history Kumar Kartikeya Dwivedi
2026-06-05 6:50 ` sashiko-bot
2026-06-05 7:57 ` bot+bpf-ci
2026-06-05 21:41 ` Eduard Zingerman
2026-06-05 21:37 ` Eduard Zingerman
2026-06-05 6:33 ` [PATCH bpf-next v1 05/17] bpf: Track verifier register " Kumar Kartikeya Dwivedi
2026-06-05 6:53 ` sashiko-bot
2026-06-05 7:40 ` bot+bpf-ci
2026-06-05 22:31 ` Eduard Zingerman
2026-06-05 6:33 ` [PATCH bpf-next v1 06/17] bpf: Track verifier reference " Kumar Kartikeya Dwivedi
2026-06-05 6:33 ` [PATCH bpf-next v1 07/17] bpf: Track verifier context " Kumar Kartikeya Dwivedi
2026-06-05 6:46 ` sashiko-bot
2026-06-05 7:22 ` bot+bpf-ci
2026-06-05 6:33 ` [PATCH bpf-next v1 08/17] bpf: Report Register Type Safety errors Kumar Kartikeya Dwivedi
2026-06-05 6:57 ` sashiko-bot
2026-06-05 7:23 ` bot+bpf-ci
2026-06-05 6:33 ` [PATCH bpf-next v1 09/17] bpf: Report Memory Safety bounds errors Kumar Kartikeya Dwivedi
2026-06-05 6:45 ` sashiko-bot
2026-06-05 7:57 ` bot+bpf-ci
2026-06-05 6:34 ` [PATCH bpf-next v1 10/17] bpf: Report Resource Lifetime reference leaks Kumar Kartikeya Dwivedi
2026-06-05 6:45 ` sashiko-bot
2026-06-05 7:22 ` bot+bpf-ci
2026-06-05 6:34 ` [PATCH bpf-next v1 11/17] bpf: Report Call Type Safety argument errors Kumar Kartikeya Dwivedi
2026-06-05 6:47 ` sashiko-bot
2026-06-05 7:23 ` bot+bpf-ci
2026-06-05 6:34 ` [PATCH bpf-next v1 12/17] bpf: Report Execution Context Safety errors Kumar Kartikeya Dwivedi
2026-06-05 6:46 ` sashiko-bot
2026-06-05 7:23 ` bot+bpf-ci
2026-06-05 6:34 ` [PATCH bpf-next v1 13/17] bpf: Report Program Structure CFG errors Kumar Kartikeya Dwivedi
2026-06-05 6:51 ` sashiko-bot
2026-06-05 7:22 ` bot+bpf-ci
2026-06-05 6:34 ` [PATCH bpf-next v1 14/17] bpf: Report Policy helper and kfunc errors Kumar Kartikeya Dwivedi
2026-06-05 7:02 ` sashiko-bot
2026-06-05 6:34 ` [PATCH bpf-next v1 15/17] bpf: Report Verifier Limit errors Kumar Kartikeya Dwivedi
2026-06-05 6:53 ` sashiko-bot
2026-06-05 7:40 ` bot+bpf-ci
2026-06-05 6:34 ` [PATCH bpf-next v1 16/17] bpf: Report Verifier Internal errors Kumar Kartikeya Dwivedi
2026-06-05 6:34 ` [PATCH bpf-next v1 17/17] bpf: Gate verifier diagnostics on log level Kumar Kartikeya Dwivedi
2026-06-05 6:58 ` sashiko-bot
2026-06-05 7:40 ` bot+bpf-ci
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260605064238.AA12F1F00893@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=memxor@gmail.com \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.