From: Anton Protopopov <a.s.protopopov@gmail.com>
To: Dan Carpenter <dan.carpenter@linaro.org>
Cc: bpf@vger.kernel.org
Subject: Re: [bug report] bpf, x86: add support for indirect jumps
Date: Wed, 19 Nov 2025 11:20:14 +0000 [thread overview]
Message-ID: <aR2n7mrFwjucPsYm@mail.gmail.com> (raw)
In-Reply-To: <aR2BN1Ix--8tmVrN@stanley.mountain>
On 25/11/19 11:35AM, Dan Carpenter wrote:
> Hello Anton Protopopov,
>
> Commit 493d9e0d6083 ("bpf, x86: add support for indirect jumps") from
> Nov 5, 2025 (linux-next), leads to the following Smatch static
> checker warning:
>
> kernel/bpf/verifier.c:17907 copy_insn_array()
> error: 'value' dereferencing possible ERR_PTR()
>
> kernel/bpf/verifier.c
> 17898 static int copy_insn_array(struct bpf_map *map, u32 start, u32 end, u32 *items)
> 17899 {
> 17900 struct bpf_insn_array_value *value;
> 17901 u32 i;
> 17902
> 17903 for (i = start; i <= end; i++) {
> 17904 value = map->ops->map_lookup_elem(map, &i);
> 17905 if (!value)
> 17906 return -EINVAL;
> --> 17907 items[i - start] = value->xlated_off;
>
> ->map_lookup_elem() returns error pointers on error and it returns NULL
> (I guess if there isn't an error but the element is not found).
I didn't check the value here, because in this case map_lookup_elem()
always returns a correct value or NULL (= index is outside of boundaries).
From BPF point of view, map_lookup_elem must return valid pointer, or
null (see the bpf_map_lookup_elem_proto in kernel/bpf/helpers.c). But
some lookup functions might be called from kernel (as in this case)
or from userspace via the syscall. So I'll send a fix to add a check
here and make the static checker happy.
> 17908 }
> 17909 return 0;
> 17910 }
>
> regards,
> dan carpenter
next prev parent reply other threads:[~2025-11-19 11:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-19 8:35 [bug report] bpf, x86: add support for indirect jumps Dan Carpenter
2025-11-19 11:20 ` Anton Protopopov [this message]
2025-11-19 12:48 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aR2n7mrFwjucPsYm@mail.gmail.com \
--to=a.s.protopopov@gmail.com \
--cc=bpf@vger.kernel.org \
--cc=dan.carpenter@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.