[PATCH bpf-next v2] bpf: Fix resetting logic for unreferenced kptrs

BPF List
 help / color / mirror / Atom feed

* [PATCH bpf-next v2] bpf: Fix resetting logic for unreferenced kptrs
@ 2022-09-07 15:24 Jules Irenge
  2022-09-07 15:57 ` Kumar Kartikeya Dwivedi
  2022-09-07 18:20 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 4+ messages in thread
From: Jules Irenge @ 2022-09-07 15:24 UTC (permalink / raw)
  To: ast
  Cc: daniel, john.fastabend, martin.lau, song, yhs, kpsingh, sdf,
	haoluo, jolsa, bpf, memxor, Elana.Copperman

Sparse reported a warning at bpf_map_free_kptrs()

"warning: Using plain integer as NULL pointer"

During the process of fixing this warning,
it was discovered that the current code
erroneously writes to the pointer variable
instead of deferencing and writing to the actual kptr.
Hence, Sparse tool accidentally helped to uncover this problem.

Fix this by doing WRITE_ONCE(*p, 0) instead of WRITE_ONCE(p, 0).

Note that the effect of this bug is that
unreferenced kptrs will not be cleared during check_and_free_fields.
It is not a problem if the clearing is not done during map_free stage,
as there is nothing to free for them.

Signed-off-by: Jules Irenge <jbi.octave@gmail.com>
---
Changes in v2:
 - Make commit message clearer
 - Change commit headline
   from Fixes: 14a324f6a67e ("bpf: Wire up freeing of referenced kptr")
   to bpf: Fix resetting logic for unreferenced kptrs

 kernel/bpf/syscall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 27760627370d..f798acd43a28 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -598,7 +598,7 @@ void bpf_map_free_kptrs(struct bpf_map *map, void *map_value)
 		if (off_desc->type == BPF_KPTR_UNREF) {
 			u64 *p = (u64 *)btf_id_ptr;
 
-			WRITE_ONCE(p, 0);
+			WRITE_ONCE(*p, 0);
 			continue;
 		}
 		old_ptr = xchg(btf_id_ptr, 0);
-- 
2.35.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH bpf-next v2] bpf: Fix resetting logic for unreferenced kptrs
  2022-09-07 15:24 [PATCH bpf-next v2] bpf: Fix resetting logic for unreferenced kptrs Jules Irenge
@ 2022-09-07 15:57 ` Kumar Kartikeya Dwivedi
  2022-09-07 18:15   ` Alexei Starovoitov
  2022-09-07 18:20 ` patchwork-bot+netdevbpf
  1 sibling, 1 reply; 4+ messages in thread
From: Kumar Kartikeya Dwivedi @ 2022-09-07 15:57 UTC (permalink / raw)
  To: Jules Irenge
  Cc: ast, daniel, john.fastabend, martin.lau, song, yhs, kpsingh, sdf,
	haoluo, jolsa, bpf, Elana.Copperman

On Wed, 7 Sept 2022 at 17:24, Jules Irenge <jbi.octave@gmail.com> wrote:
>
> Sparse reported a warning at bpf_map_free_kptrs()
>
> "warning: Using plain integer as NULL pointer"
>
> During the process of fixing this warning,
> it was discovered that the current code
> erroneously writes to the pointer variable
> instead of deferencing and writing to the actual kptr.
> Hence, Sparse tool accidentally helped to uncover this problem.
>
> Fix this by doing WRITE_ONCE(*p, 0) instead of WRITE_ONCE(p, 0).
>
> Note that the effect of this bug is that
> unreferenced kptrs will not be cleared during check_and_free_fields.
> It is not a problem if the clearing is not done during map_free stage,
> as there is nothing to free for them.
>

You're still missing the fixes tag right before your Signed-off-By.

Instead of

Signed-off-by: Jules Irenge <jbi.octave@gmail.com>

It must be

Fixes: 14a324f6a67e ("bpf: Wire up freeing of referenced kptr")
Signed-off-by: Jules Irenge <jbi.octave@gmail.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH bpf-next v2] bpf: Fix resetting logic for unreferenced kptrs
  2022-09-07 15:57 ` Kumar Kartikeya Dwivedi
@ 2022-09-07 18:15   ` Alexei Starovoitov
  0 siblings, 0 replies; 4+ messages in thread
From: Alexei Starovoitov @ 2022-09-07 18:15 UTC (permalink / raw)
  To: Kumar Kartikeya Dwivedi
  Cc: Jules Irenge, Alexei Starovoitov, Daniel Borkmann, John Fastabend,
	Martin KaFai Lau, Song Liu, Yonghong Song, KP Singh,
	Stanislav Fomichev, Hao Luo, Jiri Olsa, bpf, Elana.Copperman

On Wed, Sep 7, 2022 at 8:58 AM Kumar Kartikeya Dwivedi <memxor@gmail.com> wrote:
>
> On Wed, 7 Sept 2022 at 17:24, Jules Irenge <jbi.octave@gmail.com> wrote:
> >
> > Sparse reported a warning at bpf_map_free_kptrs()
> >
> > "warning: Using plain integer as NULL pointer"
> >
> > During the process of fixing this warning,
> > it was discovered that the current code
> > erroneously writes to the pointer variable
> > instead of deferencing and writing to the actual kptr.
> > Hence, Sparse tool accidentally helped to uncover this problem.
> >
> > Fix this by doing WRITE_ONCE(*p, 0) instead of WRITE_ONCE(p, 0).
> >
> > Note that the effect of this bug is that
> > unreferenced kptrs will not be cleared during check_and_free_fields.
> > It is not a problem if the clearing is not done during map_free stage,
> > as there is nothing to free for them.
> >
>
> You're still missing the fixes tag right before your Signed-off-By.
>
> Instead of
>
> Signed-off-by: Jules Irenge <jbi.octave@gmail.com>
>
> It must be
>
> Fixes: 14a324f6a67e ("bpf: Wire up freeing of referenced kptr")
> Signed-off-by: Jules Irenge <jbi.octave@gmail.com>

Added while applying.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH bpf-next v2] bpf: Fix resetting logic for unreferenced kptrs
  2022-09-07 15:24 [PATCH bpf-next v2] bpf: Fix resetting logic for unreferenced kptrs Jules Irenge
  2022-09-07 15:57 ` Kumar Kartikeya Dwivedi
@ 2022-09-07 18:20 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2022-09-07 18:20 UTC (permalink / raw)
  To: Jules Irenge
  Cc: ast, daniel, john.fastabend, martin.lau, song, yhs, kpsingh, sdf,
	haoluo, jolsa, bpf, memxor, Elana.Copperman

Hello:

This patch was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@kernel.org>:

On Wed, 7 Sep 2022 16:24:20 +0100 you wrote:
> Sparse reported a warning at bpf_map_free_kptrs()
> 
> "warning: Using plain integer as NULL pointer"
> 
> During the process of fixing this warning,
> it was discovered that the current code
> erroneously writes to the pointer variable
> instead of deferencing and writing to the actual kptr.
> Hence, Sparse tool accidentally helped to uncover this problem.
> 
> [...]

Here is the summary with links:
  - [bpf-next,v2] bpf: Fix resetting logic for unreferenced kptrs
    https://git.kernel.org/bpf/bpf-next/c/9fad7fe5b298

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-09-07 18:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-09-07 15:24 [PATCH bpf-next v2] bpf: Fix resetting logic for unreferenced kptrs Jules Irenge
2022-09-07 15:57 ` Kumar Kartikeya Dwivedi
2022-09-07 18:15   ` Alexei Starovoitov
2022-09-07 18:20 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox