* [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro
@ 2023-11-02 17:26 Andrii Nakryiko
2023-11-02 17:55 ` Toke Høiland-Jørgensen
0 siblings, 1 reply; 5+ messages in thread
From: Andrii Nakryiko @ 2023-11-02 17:26 UTC (permalink / raw)
To: bpf, ast, daniel, martin.lau; +Cc: andrii, kernel-team
Let's fix it for real this time. It shouldn't just detect ERR_PTR()
return from bpf_xdp_pointer(), but also turn that into NULL to follow
bpf_dynptr_slice() contract.
Fixes: 5426700e6841 ("bpf: fix bpf_dynptr_slice() to stop return an ERR_PTR.")
Fixes: 66e3a13e7c2c ("bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr")
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
---
kernel/bpf/helpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 56b0c1f678ee..04049097176c 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -2309,7 +2309,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset
{
void *xdp_ptr = bpf_xdp_pointer(ptr->data, ptr->offset + offset, len);
if (!IS_ERR_OR_NULL(xdp_ptr))
- return xdp_ptr;
+ return NULL;
if (!buffer__opt)
return NULL;
--
2.34.1
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro 2023-11-02 17:26 [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro Andrii Nakryiko @ 2023-11-02 17:55 ` Toke Høiland-Jørgensen 2023-11-02 18:00 ` Andrii Nakryiko 0 siblings, 1 reply; 5+ messages in thread From: Toke Høiland-Jørgensen @ 2023-11-02 17:55 UTC (permalink / raw) To: Andrii Nakryiko, bpf, ast, daniel, martin.lau; +Cc: andrii, kernel-team Andrii Nakryiko <andrii@kernel.org> writes: > Let's fix it for real this time. It shouldn't just detect ERR_PTR() > return from bpf_xdp_pointer(), but also turn that into NULL to follow > bpf_dynptr_slice() contract. > > Fixes: 5426700e6841 ("bpf: fix bpf_dynptr_slice() to stop return an ERR_PTR.") > Fixes: 66e3a13e7c2c ("bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr") > Signed-off-by: Andrii Nakryiko <andrii@kernel.org> > --- > kernel/bpf/helpers.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c > index 56b0c1f678ee..04049097176c 100644 > --- a/kernel/bpf/helpers.c > +++ b/kernel/bpf/helpers.c > @@ -2309,7 +2309,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset > { > void *xdp_ptr = bpf_xdp_pointer(ptr->data, ptr->offset + offset, len); > if (!IS_ERR_OR_NULL(xdp_ptr)) > - return xdp_ptr; > + return NULL; Erm, the check in the if is inverted - so isn't this 'return xdp_ptr' covering the case where bpf_xdp_pointer() *does* in fact return a valid pointer? -Toke ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro 2023-11-02 17:55 ` Toke Høiland-Jørgensen @ 2023-11-02 18:00 ` Andrii Nakryiko 2023-11-02 18:07 ` Toke Høiland-Jørgensen 0 siblings, 1 reply; 5+ messages in thread From: Andrii Nakryiko @ 2023-11-02 18:00 UTC (permalink / raw) To: Toke Høiland-Jørgensen Cc: Andrii Nakryiko, bpf, ast, daniel, martin.lau, kernel-team On Thu, Nov 2, 2023 at 10:55 AM Toke Høiland-Jørgensen <toke@kernel.org> wrote: > > Andrii Nakryiko <andrii@kernel.org> writes: > > > Let's fix it for real this time. It shouldn't just detect ERR_PTR() > > return from bpf_xdp_pointer(), but also turn that into NULL to follow > > bpf_dynptr_slice() contract. > > > > Fixes: 5426700e6841 ("bpf: fix bpf_dynptr_slice() to stop return an ERR_PTR.") > > Fixes: 66e3a13e7c2c ("bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr") > > Signed-off-by: Andrii Nakryiko <andrii@kernel.org> > > --- > > kernel/bpf/helpers.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c > > index 56b0c1f678ee..04049097176c 100644 > > --- a/kernel/bpf/helpers.c > > +++ b/kernel/bpf/helpers.c > > @@ -2309,7 +2309,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset > > { > > void *xdp_ptr = bpf_xdp_pointer(ptr->data, ptr->offset + offset, len); > > if (!IS_ERR_OR_NULL(xdp_ptr)) > > - return xdp_ptr; > > + return NULL; > > Erm, the check in the if is inverted - so isn't this 'return xdp_ptr' > covering the case where bpf_xdp_pointer() *does* in fact return a valid > pointer? > Ah, you are right, I missed the ! part... Ok, then I don't think we have an issue, great. Thanks for double checking! Perhaps we should add a simple comment "/* we got a valid direct pointer, return it */", as this looks like an error-handling case. > -Toke ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro 2023-11-02 18:00 ` Andrii Nakryiko @ 2023-11-02 18:07 ` Toke Høiland-Jørgensen 2023-11-02 18:11 ` Song Liu 0 siblings, 1 reply; 5+ messages in thread From: Toke Høiland-Jørgensen @ 2023-11-02 18:07 UTC (permalink / raw) To: Andrii Nakryiko Cc: Andrii Nakryiko, bpf, ast, daniel, martin.lau, kernel-team Andrii Nakryiko <andrii.nakryiko@gmail.com> writes: > On Thu, Nov 2, 2023 at 10:55 AM Toke Høiland-Jørgensen <toke@kernel.org> wrote: >> >> Andrii Nakryiko <andrii@kernel.org> writes: >> >> > Let's fix it for real this time. It shouldn't just detect ERR_PTR() >> > return from bpf_xdp_pointer(), but also turn that into NULL to follow >> > bpf_dynptr_slice() contract. >> > >> > Fixes: 5426700e6841 ("bpf: fix bpf_dynptr_slice() to stop return an ERR_PTR.") >> > Fixes: 66e3a13e7c2c ("bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr") >> > Signed-off-by: Andrii Nakryiko <andrii@kernel.org> >> > --- >> > kernel/bpf/helpers.c | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> > >> > diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c >> > index 56b0c1f678ee..04049097176c 100644 >> > --- a/kernel/bpf/helpers.c >> > +++ b/kernel/bpf/helpers.c >> > @@ -2309,7 +2309,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset >> > { >> > void *xdp_ptr = bpf_xdp_pointer(ptr->data, ptr->offset + offset, len); >> > if (!IS_ERR_OR_NULL(xdp_ptr)) >> > - return xdp_ptr; >> > + return NULL; >> >> Erm, the check in the if is inverted - so isn't this 'return xdp_ptr' >> covering the case where bpf_xdp_pointer() *does* in fact return a valid >> pointer? >> > > Ah, you are right, I missed the ! part... Ok, then I don't think we > have an issue, great. Thanks for double checking! > Perhaps we should add a simple comment "/* we got a valid direct > pointer, return it */", as this looks like an error-handling case. Yup, totally agree it's confusing, I had to look at the code three or four times as well just now, to be sure that it wasn't buggy. Adding a comment would certainly be useful! :) -Toke ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro 2023-11-02 18:07 ` Toke Høiland-Jørgensen @ 2023-11-02 18:11 ` Song Liu 0 siblings, 0 replies; 5+ messages in thread From: Song Liu @ 2023-11-02 18:11 UTC (permalink / raw) To: Toke Høiland-Jørgensen Cc: Andrii Nakryiko, Andrii Nakryiko, bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net, martin.lau@kernel.org, Kernel Team > On Nov 2, 2023, at 11:07 AM, Toke Høiland-Jørgensen <toke@kernel.org> wrote: > > Andrii Nakryiko <andrii.nakryiko@gmail.com> writes: > >> On Thu, Nov 2, 2023 at 10:55 AM Toke Høiland-Jørgensen <toke@kernel.org> wrote: >>> >>> Andrii Nakryiko <andrii@kernel.org> writes: >>> >>>> Let's fix it for real this time. It shouldn't just detect ERR_PTR() >>>> return from bpf_xdp_pointer(), but also turn that into NULL to follow >>>> bpf_dynptr_slice() contract. >>>> >>>> Fixes: 5426700e6841 ("bpf: fix bpf_dynptr_slice() to stop return an ERR_PTR.") >>>> Fixes: 66e3a13e7c2c ("bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr") >>>> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> >>>> --- >>>> kernel/bpf/helpers.c | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c >>>> index 56b0c1f678ee..04049097176c 100644 >>>> --- a/kernel/bpf/helpers.c >>>> +++ b/kernel/bpf/helpers.c >>>> @@ -2309,7 +2309,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset >>>> { >>>> void *xdp_ptr = bpf_xdp_pointer(ptr->data, ptr->offset + offset, len); >>>> if (!IS_ERR_OR_NULL(xdp_ptr)) >>>> - return xdp_ptr; >>>> + return NULL; >>> >>> Erm, the check in the if is inverted - so isn't this 'return xdp_ptr' >>> covering the case where bpf_xdp_pointer() *does* in fact return a valid >>> pointer? >>> >> >> Ah, you are right, I missed the ! part... Ok, then I don't think we >> have an issue, great. Thanks for double checking! >> Perhaps we should add a simple comment "/* we got a valid direct >> pointer, return it */", as this looks like an error-handling case. > > Yup, totally agree it's confusing, I had to look at the code three or > four times as well just now, to be sure that it wasn't buggy. Adding a > comment would certainly be useful! :) Aha, I was confused by this for more than a month. I am glad this is not an issue. Thanks, Song ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-11-02 18:12 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-11-02 17:26 [PATCH bpf] bpf: fix bpf_dynptr_slice() returning ERR_PTR() on erro Andrii Nakryiko 2023-11-02 17:55 ` Toke Høiland-Jørgensen 2023-11-02 18:00 ` Andrii Nakryiko 2023-11-02 18:07 ` Toke Høiland-Jørgensen 2023-11-02 18:11 ` Song Liu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox