* [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro
@ 2023-11-02 17:26 Andrii Nakryiko
2023-11-02 17:55 ` Toke Høiland-Jørgensen
0 siblings, 1 reply; 5+ messages in thread
From: Andrii Nakryiko @ 2023-11-02 17:26 UTC (permalink / raw)
To: bpf, ast, daniel, martin.lau; +Cc: andrii, kernel-team
Let's fix it for real this time. It shouldn't just detect ERR_PTR()
return from bpf_xdp_pointer(), but also turn that into NULL to follow
bpf_dynptr_slice() contract.
Fixes: 5426700e6841 ("bpf: fix bpf_dynptr_slice() to stop return an ERR_PTR.")
Fixes: 66e3a13e7c2c ("bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
---
kernel/bpf/helpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 56b0c1f678ee..04049097176c 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -2309,7 +2309,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset
{
void *xdp_ptr = bpf_xdp_pointer(ptr->data, ptr->offset + offset, len);
if (!IS_ERR_OR_NULL(xdp_ptr))
- return xdp_ptr;
+ return NULL;
if (!buffer__opt)
return NULL;
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro
2023-11-02 17:26 [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro Andrii Nakryiko
@ 2023-11-02 17:55 ` Toke Høiland-Jørgensen
2023-11-02 18:00 ` Andrii Nakryiko
0 siblings, 1 reply; 5+ messages in thread
From: Toke Høiland-Jørgensen @ 2023-11-02 17:55 UTC (permalink / raw)
To: Andrii Nakryiko, bpf, ast, daniel, martin.lau; +Cc: andrii, kernel-team
Andrii Nakryiko <andrii@kernel.org> writes:
> Let's fix it for real this time. It shouldn't just detect ERR_PTR()
> return from bpf_xdp_pointer(), but also turn that into NULL to follow
> bpf_dynptr_slice() contract.
>
> Fixes: 5426700e6841 ("bpf: fix bpf_dynptr_slice() to stop return an ERR_PTR.")
> Fixes: 66e3a13e7c2c ("bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr")
> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
> ---
> kernel/bpf/helpers.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index 56b0c1f678ee..04049097176c 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -2309,7 +2309,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset
> {
> void *xdp_ptr = bpf_xdp_pointer(ptr->data, ptr->offset + offset, len);
> if (!IS_ERR_OR_NULL(xdp_ptr))
> - return xdp_ptr;
> + return NULL;
Erm, the check in the if is inverted - so isn't this 'return xdp_ptr'
covering the case where bpf_xdp_pointer() *does* in fact return a valid
pointer?
-Toke
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro
2023-11-02 17:55 ` Toke Høiland-Jørgensen
@ 2023-11-02 18:00 ` Andrii Nakryiko
2023-11-02 18:07 ` Toke Høiland-Jørgensen
0 siblings, 1 reply; 5+ messages in thread
From: Andrii Nakryiko @ 2023-11-02 18:00 UTC (permalink / raw)
To: Toke Høiland-Jørgensen
Cc: Andrii Nakryiko, bpf, ast, daniel, martin.lau, kernel-team
On Thu, Nov 2, 2023 at 10:55 AM Toke Høiland-Jørgensen <toke@kernel.org> wrote:
>
> Andrii Nakryiko <andrii@kernel.org> writes:
>
> > Let's fix it for real this time. It shouldn't just detect ERR_PTR()
> > return from bpf_xdp_pointer(), but also turn that into NULL to follow
> > bpf_dynptr_slice() contract.
> >
> > Fixes: 5426700e6841 ("bpf: fix bpf_dynptr_slice() to stop return an ERR_PTR.")
> > Fixes: 66e3a13e7c2c ("bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr")
> > Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
> > ---
> > kernel/bpf/helpers.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> > index 56b0c1f678ee..04049097176c 100644
> > --- a/kernel/bpf/helpers.c
> > +++ b/kernel/bpf/helpers.c
> > @@ -2309,7 +2309,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset
> > {
> > void *xdp_ptr = bpf_xdp_pointer(ptr->data, ptr->offset + offset, len);
> > if (!IS_ERR_OR_NULL(xdp_ptr))
> > - return xdp_ptr;
> > + return NULL;
>
> Erm, the check in the if is inverted - so isn't this 'return xdp_ptr'
> covering the case where bpf_xdp_pointer() *does* in fact return a valid
> pointer?
>
Ah, you are right, I missed the ! part... Ok, then I don't think we
have an issue, great. Thanks for double checking!
Perhaps we should add a simple comment "/* we got a valid direct
pointer, return it */", as this looks like an error-handling case.
> -Toke
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro
2023-11-02 18:00 ` Andrii Nakryiko
@ 2023-11-02 18:07 ` Toke Høiland-Jørgensen
2023-11-02 18:11 ` Song Liu
0 siblings, 1 reply; 5+ messages in thread
From: Toke Høiland-Jørgensen @ 2023-11-02 18:07 UTC (permalink / raw)
To: Andrii Nakryiko
Cc: Andrii Nakryiko, bpf, ast, daniel, martin.lau, kernel-team
Andrii Nakryiko <andrii.nakryiko@gmail.com> writes:
> On Thu, Nov 2, 2023 at 10:55 AM Toke Høiland-Jørgensen <toke@kernel.org> wrote:
>>
>> Andrii Nakryiko <andrii@kernel.org> writes:
>>
>> > Let's fix it for real this time. It shouldn't just detect ERR_PTR()
>> > return from bpf_xdp_pointer(), but also turn that into NULL to follow
>> > bpf_dynptr_slice() contract.
>> >
>> > Fixes: 5426700e6841 ("bpf: fix bpf_dynptr_slice() to stop return an ERR_PTR.")
>> > Fixes: 66e3a13e7c2c ("bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr")
>> > Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
>> > ---
>> > kernel/bpf/helpers.c | 2 +-
>> > 1 file changed, 1 insertion(+), 1 deletion(-)
>> >
>> > diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
>> > index 56b0c1f678ee..04049097176c 100644
>> > --- a/kernel/bpf/helpers.c
>> > +++ b/kernel/bpf/helpers.c
>> > @@ -2309,7 +2309,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset
>> > {
>> > void *xdp_ptr = bpf_xdp_pointer(ptr->data, ptr->offset + offset, len);
>> > if (!IS_ERR_OR_NULL(xdp_ptr))
>> > - return xdp_ptr;
>> > + return NULL;
>>
>> Erm, the check in the if is inverted - so isn't this 'return xdp_ptr'
>> covering the case where bpf_xdp_pointer() *does* in fact return a valid
>> pointer?
>>
>
> Ah, you are right, I missed the ! part... Ok, then I don't think we
> have an issue, great. Thanks for double checking!
> Perhaps we should add a simple comment "/* we got a valid direct
> pointer, return it */", as this looks like an error-handling case.
Yup, totally agree it's confusing, I had to look at the code three or
four times as well just now, to be sure that it wasn't buggy. Adding a
comment would certainly be useful! :)
-Toke
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro
2023-11-02 18:07 ` Toke Høiland-Jørgensen
@ 2023-11-02 18:11 ` Song Liu
0 siblings, 0 replies; 5+ messages in thread
From: Song Liu @ 2023-11-02 18:11 UTC (permalink / raw)
To: Toke Høiland-Jørgensen
Cc: Andrii Nakryiko, Andrii Nakryiko, bpf@vger.kernel.org,
ast@kernel.org, daniel@iogearbox.net, martin.lau@kernel.org,
Kernel Team
> On Nov 2, 2023, at 11:07 AM, Toke Høiland-Jørgensen <toke@kernel.org> wrote:
>
> Andrii Nakryiko <andrii.nakryiko@gmail.com> writes:
>
>> On Thu, Nov 2, 2023 at 10:55 AM Toke Høiland-Jørgensen <toke@kernel.org> wrote:
>>>
>>> Andrii Nakryiko <andrii@kernel.org> writes:
>>>
>>>> Let's fix it for real this time. It shouldn't just detect ERR_PTR()
>>>> return from bpf_xdp_pointer(), but also turn that into NULL to follow
>>>> bpf_dynptr_slice() contract.
>>>>
>>>> Fixes: 5426700e6841 ("bpf: fix bpf_dynptr_slice() to stop return an ERR_PTR.")
>>>> Fixes: 66e3a13e7c2c ("bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr")
>>>> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
>>>> ---
>>>> kernel/bpf/helpers.c | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
>>>> index 56b0c1f678ee..04049097176c 100644
>>>> --- a/kernel/bpf/helpers.c
>>>> +++ b/kernel/bpf/helpers.c
>>>> @@ -2309,7 +2309,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset
>>>> {
>>>> void *xdp_ptr = bpf_xdp_pointer(ptr->data, ptr->offset + offset, len);
>>>> if (!IS_ERR_OR_NULL(xdp_ptr))
>>>> - return xdp_ptr;
>>>> + return NULL;
>>>
>>> Erm, the check in the if is inverted - so isn't this 'return xdp_ptr'
>>> covering the case where bpf_xdp_pointer() *does* in fact return a valid
>>> pointer?
>>>
>>
>> Ah, you are right, I missed the ! part... Ok, then I don't think we
>> have an issue, great. Thanks for double checking!
>> Perhaps we should add a simple comment "/* we got a valid direct
>> pointer, return it */", as this looks like an error-handling case.
>
> Yup, totally agree it's confusing, I had to look at the code three or
> four times as well just now, to be sure that it wasn't buggy. Adding a
> comment would certainly be useful! :)
Aha, I was confused by this for more than a month. I am glad this is
not an issue.
Thanks,
Song
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-11-02 18:12 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-02 17:26 [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro Andrii Nakryiko
2023-11-02 17:55 ` Toke Høiland-Jørgensen
2023-11-02 18:00 ` Andrii Nakryiko
2023-11-02 18:07 ` Toke Høiland-Jørgensen
2023-11-02 18:11 ` Song Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox