* [PATCH bpf-next] bpf: add a check to make static analysers happy
@ 2025-11-19 11:25 Anton Protopopov
2025-11-19 13:37 ` Dan Carpenter
2025-11-22 1:10 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 3+ messages in thread
From: Anton Protopopov @ 2025-11-19 11:25 UTC (permalink / raw)
To: bpf; +Cc: Anton Protopopov, Dan Carpenter
In [1] Dan Carpenter reported that the following code makes the
Smatch static analyser unhappy:
17904 value = map->ops->map_lookup_elem(map, &i);
17905 if (!value)
17906 return -EINVAL;
--> 17907 items[i - start] = value->xlated_off;
The analyser assumes that the `value` variable may contain an error
and thus it should be properly checked before the dereference.
On practice this will never happen as array maps do not return
error values in map_lookup_elem, but to make the Smatch and other
possible analysers happy this patch adds a formal check.
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/bpf/aR2BN1Ix--8tmVrN@stanley.mountain/ [1]
Fixes: 493d9e0d6083 ("bpf, x86: add support for indirect jumps")
Signed-off-by: Anton Protopopov <a.s.protopopov@gmail.com>
---
kernel/bpf/verifier.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 098dd7f21c89..93716da57d48 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -17929,7 +17929,13 @@ static int copy_insn_array(struct bpf_map *map, u32 start, u32 end, u32 *items)
for (i = start; i <= end; i++) {
value = map->ops->map_lookup_elem(map, &i);
- if (!value)
+ /*
+ * map_lookup_elem of an array map will never return an error,
+ * but not checking it makes some static analysers to worry
+ */
+ if (IS_ERR(value))
+ return PTR_ERR(value);
+ else if (!value)
return -EINVAL;
items[i - start] = value->xlated_off;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH bpf-next] bpf: add a check to make static analysers happy
2025-11-19 11:25 [PATCH bpf-next] bpf: add a check to make static analysers happy Anton Protopopov
@ 2025-11-19 13:37 ` Dan Carpenter
2025-11-22 1:10 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2025-11-19 13:37 UTC (permalink / raw)
To: Anton Protopopov; +Cc: bpf
Thanks!
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH bpf-next] bpf: add a check to make static analysers happy
2025-11-19 11:25 [PATCH bpf-next] bpf: add a check to make static analysers happy Anton Protopopov
2025-11-19 13:37 ` Dan Carpenter
@ 2025-11-22 1:10 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2025-11-22 1:10 UTC (permalink / raw)
To: Anton Protopopov; +Cc: bpf, dan.carpenter
Hello:
This patch was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov <ast@kernel.org>:
On Wed, 19 Nov 2025 11:25:17 +0000 you wrote:
> In [1] Dan Carpenter reported that the following code makes the
> Smatch static analyser unhappy:
>
> 17904 value = map->ops->map_lookup_elem(map, &i);
> 17905 if (!value)
> 17906 return -EINVAL;
> --> 17907 items[i - start] = value->xlated_off;
>
> [...]
Here is the summary with links:
- [bpf-next] bpf: add a check to make static analysers happy
https://git.kernel.org/bpf/bpf-next/c/4dd3a48d13a3
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-11-22 1:10 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-19 11:25 [PATCH bpf-next] bpf: add a check to make static analysers happy Anton Protopopov
2025-11-19 13:37 ` Dan Carpenter
2025-11-22 1:10 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox