From: Yonghong Song <yonghong.song@linux.dev>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Paul Chaignon <paul.chaignon@gmail.com>,
bpf <bpf@vger.kernel.org>, Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Eduard Zingerman <eddyz87@gmail.com>,
Martin KaFai Lau <martin.lau@linux.dev>,
netfilter-devel <netfilter-devel@vger.kernel.org>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
Petar Penkov <ppenkov@google.com>,
Florian Westphal <fw@strlen.de>
Subject: Re: [PATCH bpf 3/4] bpf: Improve ctx access verifier error message
Date: Fri, 1 Aug 2025 17:00:53 -0700 [thread overview]
Message-ID: <7804bd72-90f5-4bab-a0b9-a0aa282f2610@linux.dev> (raw)
In-Reply-To: <CAADnVQL-YTbqG1xrdbFBEqsoJWcCKGFnx0sCNSkKJKb9shnXEA@mail.gmail.com>
On 8/1/25 2:47 PM, Alexei Starovoitov wrote:
> On Fri, Aug 1, 2025 at 9:31 AM Yonghong Song <yonghong.song@linux.dev> wrote:
>>
>>
>> On 8/1/25 2:49 AM, Paul Chaignon wrote:
>>> We've already had two "error during ctx access conversion" warnings
>>> triggered by syzkaller. Let's improve the error message by dumping the
>>> cnt variable so that we can more easily differentiate between the
>>> different error cases.
>>>
>>> Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
>>> ---
>>> kernel/bpf/verifier.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
>>> index 399f03e62508..0806295945e4 100644
>>> --- a/kernel/bpf/verifier.c
>>> +++ b/kernel/bpf/verifier.c
>>> @@ -21445,7 +21445,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
>>> &target_size);
>>> if (cnt == 0 || cnt >= INSN_BUF_SIZE ||
>>> (ctx_field_size && !target_size)) {
>>> - verifier_bug(env, "error during ctx access conversion");
>>> + verifier_bug(env, "error during ctx access conversion (%d)", cnt);
>> For the above, users still will not know what '(%d)' mean. So if we want to
> Right, but such verifier_bug reports are mainly for developers,
> and we will know what it's about especially after redundant (1) is fixed.
>
>> provide better verification measure, we should do
>> if (cnt == 0 || cnt >= INSN_BUF_SIZE) {
>> verifier_bug(env, "error during ctx access conversion (insn cnt %d)", cnt);
>> return -EFAULT;
>> } else if (ctx_field_size && !target_size) {
>> verifier_bug(env, "error during ctx access conversion (ctx_field_size %d, target_size 0)", ctx_field_size);
>> return -EFAULT;
>> }
> It's nicer, but overkill. As Paul explained if cnt > 0 && < INSN_BUF_SIZE
> it must be ctx_field_size/tager_size issue that
> needs debugging anyway with a proper reproducer.
> So making this particular debug output prettier won't help
> analysis much.
Sure. I am ok with this. Thanks!
[...]
next prev parent reply other threads:[~2025-08-02 0:01 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-01 9:47 [PATCH bpf 1/4] bpf: Check flow_dissector ctx accesses are aligned Paul Chaignon
2025-08-01 9:48 ` [PATCH bpf 2/4] bpf: Check netfilter " Paul Chaignon
2025-08-01 15:54 ` Yonghong Song
2025-08-01 16:06 ` Eduard Zingerman
2025-08-01 9:49 ` [PATCH bpf 3/4] bpf: Improve ctx access verifier error message Paul Chaignon
2025-08-01 16:09 ` Eduard Zingerman
2025-08-01 16:19 ` Paul Chaignon
2025-08-01 16:24 ` Eduard Zingerman
2025-08-01 16:30 ` Yonghong Song
2025-08-01 21:47 ` Alexei Starovoitov
2025-08-02 0:00 ` Yonghong Song [this message]
2025-08-01 9:49 ` [PATCH bpf 4/4] selftests/bpf: Test for unaligned flow_dissector ctx access Paul Chaignon
2025-08-01 16:17 ` Eduard Zingerman
2025-08-01 16:33 ` Yonghong Song
2025-08-01 15:52 ` [PATCH bpf 1/4] bpf: Check flow_dissector ctx accesses are aligned Yonghong Song
2025-08-01 16:04 ` Eduard Zingerman
2025-08-01 16:30 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7804bd72-90f5-4bab-a0b9-a0aa282f2610@linux.dev \
--to=yonghong.song@linux.dev \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=fw@strlen.de \
--cc=kadlec@netfilter.org \
--cc=martin.lau@linux.dev \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=paul.chaignon@gmail.com \
--cc=ppenkov@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.