[PATCH v1 bpf-next] selftest: bpf: Correct mssind comparison in test_tcp_custom

public inbox for bpf@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH v1 bpf-next] selftest: bpf: Correct mssind comparison in test_tcp_custom_syncookie.c.
@ 2024-08-19 19:42 Kuniyuki Iwashima
  2024-08-21  0:11 ` Martin KaFai Lau
  0 siblings, 1 reply; 3+ messages in thread
From: Kuniyuki Iwashima @ 2024-08-19 19:42 UTC (permalink / raw)
  To: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko,
	Mykola Lysenko
  Cc: Kuniyuki Iwashima, Kuniyuki Iwashima, bpf, Dan Carpenter

Smatch reported a possible off-by-one in tcp_validate_cookie().

However, it's false positive because the possible range of mssind is
limited from 0 to 3 by the preceding calculation.

  mssind = (cookie & (3 << 6)) >> 6;

There's no real issue, but let's make Smatch happy to suppress the same
reports.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/bpf/6ae12487-d3f1-488b-9514-af0dac96608f@stanley.mountain/
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
---
 tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c b/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c
index 44ee0d037f95..36b842133033 100644
--- a/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c
+++ b/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c
@@ -487,12 +487,12 @@ static int tcp_validate_cookie(struct tcp_syncookie *ctx)
 
 	mssind = (cookie & (3 << 6)) >> 6;
 	if (ctx->ipv4) {
-		if (mssind > ARRAY_SIZE(msstab4))
+		if (mssind >= ARRAY_SIZE(msstab4))
 			goto err;
 
 		ctx->attrs.mss = msstab4[mssind];
 	} else {
-		if (mssind > ARRAY_SIZE(msstab6))
+		if (mssind >= ARRAY_SIZE(msstab6))
 			goto err;
 
 		ctx->attrs.mss = msstab6[mssind];
-- 
2.30.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v1 bpf-next] selftest: bpf: Correct mssind comparison in test_tcp_custom_syncookie.c.
  2024-08-19 19:42 [PATCH v1 bpf-next] selftest: bpf: Correct mssind comparison in test_tcp_custom_syncookie.c Kuniyuki Iwashima
@ 2024-08-21  0:11 ` Martin KaFai Lau
  2024-08-21  1:28   ` Kuniyuki Iwashima
  0 siblings, 1 reply; 3+ messages in thread
From: Martin KaFai Lau @ 2024-08-21  0:11 UTC (permalink / raw)
  To: Kuniyuki Iwashima, Kuniyuki Iwashima
  Cc: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko,
	Mykola Lysenko, bpf, Dan Carpenter

On 8/19/24 12:42 PM, Kuniyuki Iwashima wrote:
> Smatch reported a possible off-by-one in tcp_validate_cookie().
> 
> However, it's false positive because the possible range of mssind is
> limited from 0 to 3 by the preceding calculation.
> 
>    mssind = (cookie & (3 << 6)) >> 6;
> 
> There's no real issue, but let's make Smatch happy to suppress the same
> reports.
> 
> Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> Closes: https://lore.kernel.org/bpf/6ae12487-d3f1-488b-9514-af0dac96608f@stanley.mountain/
> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> ---
>   tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c b/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c
> index 44ee0d037f95..36b842133033 100644
> --- a/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c
> +++ b/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c
> @@ -487,12 +487,12 @@ static int tcp_validate_cookie(struct tcp_syncookie *ctx)
>   
>   	mssind = (cookie & (3 << 6)) >> 6;

This should have bound the mssind.

>   	if (ctx->ipv4) {
> -		if (mssind > ARRAY_SIZE(msstab4))
> +		if (mssind >= ARRAY_SIZE(msstab4))

Does the verifier complain without this if check?

>   			goto err;
>   
>   		ctx->attrs.mss = msstab4[mssind];
>   	} else {
> -		if (mssind > ARRAY_SIZE(msstab6))
> +		if (mssind >= ARRAY_SIZE(msstab6))
>   			goto err;
>   
>   		ctx->attrs.mss = msstab6[mssind];


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v1 bpf-next] selftest: bpf: Correct mssind comparison in test_tcp_custom_syncookie.c.
  2024-08-21  0:11 ` Martin KaFai Lau
@ 2024-08-21  1:28   ` Kuniyuki Iwashima
  0 siblings, 0 replies; 3+ messages in thread
From: Kuniyuki Iwashima @ 2024-08-21  1:28 UTC (permalink / raw)
  To: martin.lau
  Cc: andrii, ast, bpf, dan.carpenter, daniel, kuni1840, kuniyu,
	mykolal

From: Martin KaFai Lau <martin.lau@linux.dev>
Date: Tue, 20 Aug 2024 17:11:48 -0700
> On 8/19/24 12:42 PM, Kuniyuki Iwashima wrote:
> > Smatch reported a possible off-by-one in tcp_validate_cookie().
> > 
> > However, it's false positive because the possible range of mssind is
> > limited from 0 to 3 by the preceding calculation.
> > 
> >    mssind = (cookie & (3 << 6)) >> 6;
> > 
> > There's no real issue, but let's make Smatch happy to suppress the same
> > reports.
> > 
> > Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
> > Closes: https://lore.kernel.org/bpf/6ae12487-d3f1-488b-9514-af0dac96608f@stanley.mountain/
> > Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> > ---
> >   tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c | 4 ++--
> >   1 file changed, 2 insertions(+), 2 deletions(-)
> > 
> > diff --git a/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c b/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c
> > index 44ee0d037f95..36b842133033 100644
> > --- a/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c
> > +++ b/tools/testing/selftests/bpf/progs/test_tcp_custom_syncookie.c
> > @@ -487,12 +487,12 @@ static int tcp_validate_cookie(struct tcp_syncookie *ctx)
> >   
> >   	mssind = (cookie & (3 << 6)) >> 6;
> 
> This should have bound the mssind.
> 
> >   	if (ctx->ipv4) {
> > -		if (mssind > ARRAY_SIZE(msstab4))
> > +		if (mssind >= ARRAY_SIZE(msstab4))
> 
> Does the verifier complain without this if check?

It didn't :)

I'll remove the checks in v2.

Thanks!

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2024-08-21  1:28 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-19 19:42 [PATCH v1 bpf-next] selftest: bpf: Correct mssind comparison in test_tcp_custom_syncookie.c Kuniyuki Iwashima
2024-08-21  0:11 ` Martin KaFai Lau
2024-08-21  1:28   ` Kuniyuki Iwashima

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox