From: sashiko-bot@kernel.org
To: "Kumar Kartikeya Dwivedi" <memxor@gmail.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v3 10/17] bpf: Report Resource Lifetime reference leaks
Date: Mon, 13 Jul 2026 16:04:26 +0000 [thread overview]
Message-ID: <20260713160426.D75121F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260713153910.2556007-11-memxor@gmail.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Low] Diagnostic functions print `insn 4294967295` due to a hardcoded `-1` instruction index passed to `process_dynptr_func`.
--
--- Patch [10]: [PATCH bpf-next v3 10/17] bpf: Report Resource Lifetime reference leaks ---
commit 11b108e2b9d6802e27c431d5c20ed1b81781c4e6
Author: Kumar Kartikeya Dwivedi <memxor@gmail.com>
bpf: Report Resource Lifetime reference leaks
Augment selected Resource Lifetime Safety failures with structured diagnostics
while preserving the existing verifier messages.
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index bd233083b4950..84eda5e83f873 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -7625,9 +7695,18 @@ static int process_dynptr_func(struct bpf_verifier_env *env, struct bpf_reg_stat
> int spi, err = 0;
>
> if (reg->type != PTR_TO_STACK && reg->type != CONST_PTR_TO_DYNPTR) {
> + const char *fmt = "A dynptr argument must be a pointer to a dynptr stack slot or a "
> + "verifier-provided const struct bpf_dynptr, but %s is %s.";
> + const char *reason;
> +
> verbose(env,
> "%s expected pointer to stack or const struct bpf_dynptr\n",
> reg_arg_name(env, argno));
> + reason = bpf_diag_scratch_printf(env, 0, fmt, reg_arg_name(env, argno),
> + bpf_diag_reg_type_plain(env, reg->type));
> + bpf_diag_res(env, insn_idx, "invalid dynptr argument", reason,
> + "Pass the address of a stack dynptr object, or use a const dynptr "
> + "pointer returned by the verifier-supported path.");
> return -EINVAL;
> }
[Severity: Low]
Will passing insn_idx directly to bpf_diag_res() cause an integer underflow
in the diagnostic output?
Looking at btf_check_func_arg_match(), it calls process_dynptr_func() with
-1 hardcoded as the instruction index:
kernel/bpf/verifier.c:btf_check_func_arg_match() {
...
ret = process_dynptr_func(env, reg, argno, -1, arg->arg_type,
&ref_obj, NULL);
...
}
Because bpf_diag_res() expects a u32 for insn_idx, this -1 gets cast to
4294967295. This results in the verifier log printing "insn 4294967295"
during validation failures for dynptrs in global subprogram calls.
Could this use env->insn_idx instead, or handle the -1 case explicitly
before passing it to bpf_diag_res()?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260713153910.2556007-1-memxor@gmail.com?part=10
next prev parent reply other threads:[~2026-07-13 16:04 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-13 15:38 [PATCH bpf-next v3 00/17] Redesign Verification Errors Kumar Kartikeya Dwivedi
2026-07-13 15:38 ` [PATCH bpf-next v3 01/17] bpf: Add verifier diagnostics report helpers Kumar Kartikeya Dwivedi
2026-07-13 15:50 ` sashiko-bot
2026-07-13 15:38 ` [PATCH bpf-next v3 02/17] bpf: Add source and instruction diagnostic context Kumar Kartikeya Dwivedi
2026-07-13 15:38 ` [PATCH bpf-next v3 03/17] bpf: Add verifier diagnostic event log Kumar Kartikeya Dwivedi
2026-07-13 15:54 ` sashiko-bot
2026-07-13 15:38 ` [PATCH bpf-next v3 04/17] bpf: Prune verifier diagnostics when switching paths Kumar Kartikeya Dwivedi
2026-07-13 16:02 ` sashiko-bot
2026-07-13 15:38 ` [PATCH bpf-next v3 05/17] bpf: Track verifier register diagnostic events Kumar Kartikeya Dwivedi
2026-07-13 16:06 ` sashiko-bot
2026-07-13 15:38 ` [PATCH bpf-next v3 06/17] bpf: Track verifier reference " Kumar Kartikeya Dwivedi
2026-07-13 15:38 ` [PATCH bpf-next v3 07/17] bpf: Track verifier context " Kumar Kartikeya Dwivedi
2026-07-13 15:38 ` [PATCH bpf-next v3 08/17] bpf: Report Register Type Safety errors Kumar Kartikeya Dwivedi
2026-07-13 15:38 ` [PATCH bpf-next v3 09/17] bpf: Report Memory Safety bounds errors Kumar Kartikeya Dwivedi
2026-07-13 15:38 ` [PATCH bpf-next v3 10/17] bpf: Report Resource Lifetime reference leaks Kumar Kartikeya Dwivedi
2026-07-13 16:04 ` sashiko-bot [this message]
2026-07-13 15:39 ` [PATCH bpf-next v3 11/17] bpf: Report Call Type Safety argument errors Kumar Kartikeya Dwivedi
2026-07-13 15:51 ` sashiko-bot
2026-07-13 15:39 ` [PATCH bpf-next v3 12/17] bpf: Report Execution Context Safety errors Kumar Kartikeya Dwivedi
2026-07-13 15:53 ` sashiko-bot
2026-07-13 15:39 ` [PATCH bpf-next v3 13/17] bpf: Report Program Structure CFG errors Kumar Kartikeya Dwivedi
2026-07-13 15:39 ` [PATCH bpf-next v3 14/17] bpf: Report Policy helper and kfunc errors Kumar Kartikeya Dwivedi
2026-07-13 16:09 ` sashiko-bot
2026-07-13 15:39 ` [PATCH bpf-next v3 15/17] bpf: Report Verifier Limit errors Kumar Kartikeya Dwivedi
2026-07-13 15:39 ` [PATCH bpf-next v3 16/17] bpf: Report Verifier Internal errors Kumar Kartikeya Dwivedi
2026-07-13 15:39 ` [PATCH bpf-next v3 17/17] bpf: Gate verifier diagnostics on log level Kumar Kartikeya Dwivedi
2026-07-14 3:36 ` kernel test robot
2026-07-14 6:10 ` [syzbot ci] Re: Redesign Verification Errors syzbot ci
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260713160426.D75121F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=memxor@gmail.com \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox