From: Jules Irenge <jbi.octave@gmail.com>
To: ast@kernel.org
Cc: daniel@iogearbox.net, john.fastabend@gmail.com,
martin.lau@linux.dev, song@kernel.org, yhs@fb.com,
kpsingh@kernel.org, sdf@google.com, haoluo@google.com,
jolsa@kernel.org, bpf@vger.kernel.org, memxor@gmail.com,
Elana.Copperman@mobileye.com
Subject: [PATCH bpf-next v2] bpf: Fix resetting logic for unreferenced kptrs
Date: Wed, 7 Sep 2022 16:24:20 +0100 [thread overview]
Message-ID: <Yxi3pJaK6UDjVJSy@playground> (raw)
Sparse reported a warning at bpf_map_free_kptrs()
"warning: Using plain integer as NULL pointer"
During the process of fixing this warning,
it was discovered that the current code
erroneously writes to the pointer variable
instead of deferencing and writing to the actual kptr.
Hence, Sparse tool accidentally helped to uncover this problem.
Fix this by doing WRITE_ONCE(*p, 0) instead of WRITE_ONCE(p, 0).
Note that the effect of this bug is that
unreferenced kptrs will not be cleared during check_and_free_fields.
It is not a problem if the clearing is not done during map_free stage,
as there is nothing to free for them.
Signed-off-by: Jules Irenge <jbi.octave@gmail.com>
---
Changes in v2:
- Make commit message clearer
- Change commit headline
from Fixes: 14a324f6a67e ("bpf: Wire up freeing of referenced kptr")
to bpf: Fix resetting logic for unreferenced kptrs
kernel/bpf/syscall.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 27760627370d..f798acd43a28 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -598,7 +598,7 @@ void bpf_map_free_kptrs(struct bpf_map *map, void *map_value)
if (off_desc->type == BPF_KPTR_UNREF) {
u64 *p = (u64 *)btf_id_ptr;
- WRITE_ONCE(p, 0);
+ WRITE_ONCE(*p, 0);
continue;
}
old_ptr = xchg(btf_id_ptr, 0);
--
2.35.1
next reply other threads:[~2022-09-07 15:25 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-07 15:24 Jules Irenge [this message]
2022-09-07 15:57 ` [PATCH bpf-next v2] bpf: Fix resetting logic for unreferenced kptrs Kumar Kartikeya Dwivedi
2022-09-07 18:15 ` Alexei Starovoitov
2022-09-07 18:20 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yxi3pJaK6UDjVJSy@playground \
--to=jbi.octave@gmail.com \
--cc=Elana.Copperman@mobileye.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=sdf@google.com \
--cc=song@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox