* [PATCH bpf-next v1 0/2] BPF Streams - Fixes
@ 2025-07-05 5:30 Kumar Kartikeya Dwivedi
2025-07-05 5:30 ` [PATCH bpf-next v1 1/2] bpf: Fix bounds for bpf_prog_get_file_line linfo loop Kumar Kartikeya Dwivedi
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Kumar Kartikeya Dwivedi @ 2025-07-05 5:30 UTC (permalink / raw)
To: bpf
Cc: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann,
Martin KaFai Lau, Eduard Zingerman, kkd, kernel-team
This set contains some fixes for recently reported issues for BPF
streams. Please check individual patches for details.
Kumar Kartikeya Dwivedi (2):
bpf: Fix bounds for bpf_prog_get_file_line linfo loop
bpf: Fix improper int-to-ptr cast in dump_stack_cb
kernel/bpf/core.c | 4 +++-
kernel/bpf/stream.c | 4 ++--
2 files changed, 5 insertions(+), 3 deletions(-)
base-commit: 03fe01ddd1d8be7799419ea5e5f228a0186ae8c2
--
2.47.1
^ permalink raw reply [flat|nested] 6+ messages in thread* [PATCH bpf-next v1 1/2] bpf: Fix bounds for bpf_prog_get_file_line linfo loop 2025-07-05 5:30 [PATCH bpf-next v1 0/2] BPF Streams - Fixes Kumar Kartikeya Dwivedi @ 2025-07-05 5:30 ` Kumar Kartikeya Dwivedi 2025-07-07 1:10 ` Eduard Zingerman 2025-07-05 5:30 ` [PATCH bpf-next v1 2/2] bpf: Fix improper int-to-ptr cast in dump_stack_cb Kumar Kartikeya Dwivedi 2025-07-07 15:40 ` [PATCH bpf-next v1 0/2] BPF Streams - Fixes patchwork-bot+netdevbpf 2 siblings, 1 reply; 6+ messages in thread From: Kumar Kartikeya Dwivedi @ 2025-07-05 5:30 UTC (permalink / raw) To: bpf Cc: Eduard Zingerman, Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann, Martin KaFai Lau, kkd, kernel-team We may overrun the bounds because linfo and jited_linfo are already advanced to prog->aux->linfo_idx, hence we must only iterate the remaining elements until we reach prog->aux->nr_linfo. Adjust the nr_linfo calculation to fix this. Reported in [0]. [0]: https://lore.kernel.org/bpf/f3527af3b0620ce36e299e97e7532d2555018de2.camel@gmail.com Reported-by: Eduard Zingerman <eddyz87@gmail.com> Fixes: 0e521efaf363 ("bpf: Add function to extract program source info") Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> --- kernel/bpf/core.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index fe8a53f3c5bc..61613785bdd0 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -3244,6 +3244,7 @@ int bpf_prog_get_file_line(struct bpf_prog *prog, unsigned long ip, const char * struct bpf_line_info *linfo; void **jited_linfo; struct btf *btf; + int nr_linfo; btf = prog->aux->btf; linfo = prog->aux->linfo; @@ -3258,8 +3259,9 @@ int bpf_prog_get_file_line(struct bpf_prog *prog, unsigned long ip, const char * insn_start = linfo[0].insn_off; insn_end = insn_start + len; + nr_linfo = prog->aux->nr_linfo - prog->aux->linfo_idx; - for (int i = 0; i < prog->aux->nr_linfo && + for (int i = 0; i < nr_linfo && linfo[i].insn_off >= insn_start && linfo[i].insn_off < insn_end; i++) { if (jited_linfo[i] >= (void *)ip) break; -- 2.47.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH bpf-next v1 1/2] bpf: Fix bounds for bpf_prog_get_file_line linfo loop 2025-07-05 5:30 ` [PATCH bpf-next v1 1/2] bpf: Fix bounds for bpf_prog_get_file_line linfo loop Kumar Kartikeya Dwivedi @ 2025-07-07 1:10 ` Eduard Zingerman 0 siblings, 0 replies; 6+ messages in thread From: Eduard Zingerman @ 2025-07-07 1:10 UTC (permalink / raw) To: Kumar Kartikeya Dwivedi, bpf Cc: Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann, Martin KaFai Lau, kkd, kernel-team On Fri, 2025-07-04 at 22:30 -0700, Kumar Kartikeya Dwivedi wrote: > We may overrun the bounds because linfo and jited_linfo are already > advanced to prog->aux->linfo_idx, hence we must only iterate the > remaining elements until we reach prog->aux->nr_linfo. Adjust the > nr_linfo calculation to fix this. Reported in [0]. > > [0]: https://lore.kernel.org/bpf/f3527af3b0620ce36e299e97e7532d2555018de2.camel@gmail.com > > Reported-by: Eduard Zingerman <eddyz87@gmail.com> > Fixes: 0e521efaf363 ("bpf: Add function to extract program source info") > Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> > --- Acked-by: Eduard Zingerman <eddyz87@gmail.com> Nit: It would be nice to extend progs/stream.c, so that e.g. cond_break exhaustion is reported from a subprogram. I checked it locally and everything works as expected. ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH bpf-next v1 2/2] bpf: Fix improper int-to-ptr cast in dump_stack_cb 2025-07-05 5:30 [PATCH bpf-next v1 0/2] BPF Streams - Fixes Kumar Kartikeya Dwivedi 2025-07-05 5:30 ` [PATCH bpf-next v1 1/2] bpf: Fix bounds for bpf_prog_get_file_line linfo loop Kumar Kartikeya Dwivedi @ 2025-07-05 5:30 ` Kumar Kartikeya Dwivedi 2025-07-05 6:14 ` Randy Dunlap 2025-07-07 15:40 ` [PATCH bpf-next v1 0/2] BPF Streams - Fixes patchwork-bot+netdevbpf 2 siblings, 1 reply; 6+ messages in thread From: Kumar Kartikeya Dwivedi @ 2025-07-05 5:30 UTC (permalink / raw) To: bpf Cc: kernelci.org bot, Randy Dunlap, Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann, Martin KaFai Lau, Eduard Zingerman, kkd, kernel-team On 32-bit platforms, we'll try to convert a u64 directly to a pointer type which is 32-bit, which causes the compiler to complain about cast from an integer of a different size to a pointer type. Cast to long before casting to the pointer type to match the pointer width. Reported-by: kernelci.org bot <bot@kernelci.org> Reported-by: Randy Dunlap <rdunlap@infradead.org> Fixes: d7c431cafcb4 ("bpf: Add dump_stack() analogue to print to BPF stderr") Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> --- kernel/bpf/stream.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/stream.c b/kernel/bpf/stream.c index 8c842f845245..ab592db4a4bf 100644 --- a/kernel/bpf/stream.c +++ b/kernel/bpf/stream.c @@ -498,11 +498,11 @@ static bool dump_stack_cb(void *cookie, u64 ip, u64 sp, u64 bp) if (ret < 0) goto end; ctxp->err = bpf_stream_stage_printk(ctxp->ss, "%pS\n %s @ %s:%d\n", - (void *)ip, line, file, num); + (void *)(long)ip, line, file, num); return !ctxp->err; } end: - ctxp->err = bpf_stream_stage_printk(ctxp->ss, "%pS\n", (void *)ip); + ctxp->err = bpf_stream_stage_printk(ctxp->ss, "%pS\n", (void *)(long)ip); return !ctxp->err; } -- 2.47.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH bpf-next v1 2/2] bpf: Fix improper int-to-ptr cast in dump_stack_cb 2025-07-05 5:30 ` [PATCH bpf-next v1 2/2] bpf: Fix improper int-to-ptr cast in dump_stack_cb Kumar Kartikeya Dwivedi @ 2025-07-05 6:14 ` Randy Dunlap 0 siblings, 0 replies; 6+ messages in thread From: Randy Dunlap @ 2025-07-05 6:14 UTC (permalink / raw) To: Kumar Kartikeya Dwivedi, bpf Cc: kernelci.org bot, Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann, Martin KaFai Lau, Eduard Zingerman, kkd, kernel-team On 7/4/25 10:30 PM, Kumar Kartikeya Dwivedi wrote: > On 32-bit platforms, we'll try to convert a u64 directly to a pointer > type which is 32-bit, which causes the compiler to complain about cast > from an integer of a different size to a pointer type. Cast to long > before casting to the pointer type to match the pointer width. > > Reported-by: kernelci.org bot <bot@kernelci.org> > Reported-by: Randy Dunlap <rdunlap@infradead.org> > Fixes: d7c431cafcb4 ("bpf: Add dump_stack() analogue to print to BPF stderr") > Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Acked-by: Randy Dunlap <rdunlap@infradead.org> Tested-by: Randy Dunlap <rdunlap@infradead.org> Thanks. > --- > kernel/bpf/stream.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/kernel/bpf/stream.c b/kernel/bpf/stream.c > index 8c842f845245..ab592db4a4bf 100644 > --- a/kernel/bpf/stream.c > +++ b/kernel/bpf/stream.c > @@ -498,11 +498,11 @@ static bool dump_stack_cb(void *cookie, u64 ip, u64 sp, u64 bp) > if (ret < 0) > goto end; > ctxp->err = bpf_stream_stage_printk(ctxp->ss, "%pS\n %s @ %s:%d\n", > - (void *)ip, line, file, num); > + (void *)(long)ip, line, file, num); > return !ctxp->err; > } > end: > - ctxp->err = bpf_stream_stage_printk(ctxp->ss, "%pS\n", (void *)ip); > + ctxp->err = bpf_stream_stage_printk(ctxp->ss, "%pS\n", (void *)(long)ip); > return !ctxp->err; > } > -- ~Randy ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH bpf-next v1 0/2] BPF Streams - Fixes 2025-07-05 5:30 [PATCH bpf-next v1 0/2] BPF Streams - Fixes Kumar Kartikeya Dwivedi 2025-07-05 5:30 ` [PATCH bpf-next v1 1/2] bpf: Fix bounds for bpf_prog_get_file_line linfo loop Kumar Kartikeya Dwivedi 2025-07-05 5:30 ` [PATCH bpf-next v1 2/2] bpf: Fix improper int-to-ptr cast in dump_stack_cb Kumar Kartikeya Dwivedi @ 2025-07-07 15:40 ` patchwork-bot+netdevbpf 2 siblings, 0 replies; 6+ messages in thread From: patchwork-bot+netdevbpf @ 2025-07-07 15:40 UTC (permalink / raw) To: Kumar Kartikeya Dwivedi Cc: bpf, ast, andrii, daniel, martin.lau, eddyz87, kkd, kernel-team Hello: This series was applied to bpf/bpf-next.git (master) by Alexei Starovoitov <ast@kernel.org>: On Fri, 4 Jul 2025 22:30:33 -0700 you wrote: > This set contains some fixes for recently reported issues for BPF > streams. Please check individual patches for details. > > Kumar Kartikeya Dwivedi (2): > bpf: Fix bounds for bpf_prog_get_file_line linfo loop > bpf: Fix improper int-to-ptr cast in dump_stack_cb > > [...] Here is the summary with links: - [bpf-next,v1,1/2] bpf: Fix bounds for bpf_prog_get_file_line linfo loop https://git.kernel.org/bpf/bpf-next/c/116c8f474722 - [bpf-next,v1,2/2] bpf: Fix improper int-to-ptr cast in dump_stack_cb https://git.kernel.org/bpf/bpf-next/c/bfa2bb9abd99 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-07-07 15:39 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-07-05 5:30 [PATCH bpf-next v1 0/2] BPF Streams - Fixes Kumar Kartikeya Dwivedi 2025-07-05 5:30 ` [PATCH bpf-next v1 1/2] bpf: Fix bounds for bpf_prog_get_file_line linfo loop Kumar Kartikeya Dwivedi 2025-07-07 1:10 ` Eduard Zingerman 2025-07-05 5:30 ` [PATCH bpf-next v1 2/2] bpf: Fix improper int-to-ptr cast in dump_stack_cb Kumar Kartikeya Dwivedi 2025-07-05 6:14 ` Randy Dunlap 2025-07-07 15:40 ` [PATCH bpf-next v1 0/2] BPF Streams - Fixes patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).