From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-dl1-f54.google.com (mail-dl1-f54.google.com [74.125.82.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 76D683E1210 for ; Thu, 16 Apr 2026 14:48:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.54 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776350897; cv=none; b=aK1zCbPl6QPph23p/WMOCzY8nrb6tUlOzEzCldT6xtOPJKogeDcCjtlocZq7Quh78wAda27vTFrtj+fIMXdzHXIKMrOE5BADEf95eEqpGgyOOZ2vFnuGGL/V/CQtAjX5/wjL+NWWLMYsVZADLSeRkDxLeC1riuXfVUvbK+7tu38= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776350897; c=relaxed/simple; bh=FUXTugSOvsK3UegpOw5mu3Uad1tm3VNDC20bzwxv5kE=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=PPNrFa/0SPLBN5fsvoZNAeoJii9MniNUwk0JHu9ehVCgmkAoI/iYq1LsEI5ex2FkveRXTOiQ4YkDFe+EZZ3W36LK5V/ymjJkfsdKaK+CjFfi86yFPz7tbGCQF6ABUs7Km3GiFrhpik9N7p6UJ8iDXDsqMGlfpI3qMpRAiEyL4/Y= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lnBxrFT7; arc=none smtp.client-ip=74.125.82.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lnBxrFT7" Received: by mail-dl1-f54.google.com with SMTP id a92af1059eb24-12c080efc1eso578020c88.0 for ; Thu, 16 Apr 2026 07:48:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1776350895; x=1776955695; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=BRN4O31TXND2yFrdcChZ1o8x+dbMqxcl58/N3Dhmj9g=; b=lnBxrFT7LmLv17azMwdy82t+6jS8BOxc3zjwZsOwRF+kNdW6qxcYfYtzbW6khCpV0x +aINbs1JYTWGu19HvdN9XedOxDlAZqm8C2ufjiokmQjremR0qIe7K45EL61tmbYCNQJ/ fb6OdZeJcJgWhgcpc0zVtH3mkb6gVHhBsJO58EjmbSgze2G5bxn0HXi3kDVAz3bkuT1o 36bgc42outIFN2b5aXqT/zTLUcwjjWSy6JtAGHCaj7SsDUxjtQyZr9g8nR/gYavchWeZ RLbcWO6sJwWkiXn+dDdu4wtoYWlqJ5CbHKIRYE0Mk1I/cmFhhf9eiq8K2X5Lg6N0Hoe9 x4LA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776350895; x=1776955695; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=BRN4O31TXND2yFrdcChZ1o8x+dbMqxcl58/N3Dhmj9g=; b=gWb/PcjAX8n16dM3boinnZpYlsxYUGz4TXcAo4QdrUoA92YlC0PzHhavKKEQDlP7UJ 7YSLLpya0SF+FAxn5Xoy1z1v+LZRgN6qgq+JAV8b4Evik1ybdlgDOsnqLCm/rFUKG3xX UJfC3qkFxIfAj0Wv5WHGFZ0YSM7BPygKXDi13PbiGyBJgEY2rbJobBSUnAGdAma15H7c aCTwYVTNTY/RcjpUcggt/3jNfhCBekfh9Fh/QPSEAOtB+3XSyRUvTmkeEf+G03pk30aU LqTnR7w3XthfE9c7/eZuG5V6t39hxLaWx4Rxmgk7Rd9yWbXsPZmtDKyyt5nhsE5dlSOG J/HA== X-Forwarded-Encrypted: i=1; AFNElJ+s1uINBxQgt3oo383tEFvwBy1O0Xw/Xscu8i1otI1MdYRHVIfoGgR2RgjECugZtyASc299mg7pqA/xRIU=@vger.kernel.org X-Gm-Message-State: AOJu0YybGvQ2e5pwK5OXN/o2svuo9tvqguhtT0Z1aFNkRwH+TBmv3Tfr loteHcR/QZ2Eg9nhSIzbRwt2W8JcteQ2b4xq98CzS+mkN2NK3vTbgX16 X-Gm-Gg: AeBDieu0/Pe0Y7SjPu2ImsGTWeyA8rs1rhjmosiPBcQELY53scybAlIvjpeK2B9+nkH AjIrJpBtvNharYGgzM48egBsDz8SiAx2epmEXzpcQO/YNYaGnW3A1ulC8thPvfPJmIYBhNvXwc4 VnBlmk2Ds65wjDU1mgt12YW2W2LIpEI5KI5tMwmfMn2b17vJYNcuq8R8toKvU/fqBDKkUHRKT/W CdjDwuuv1ujTVC7RNcX7whNDW/GVomI9gmnOUwhLK+ojv8p4Itj82yIHN/CYWSxcNPiMMvv1vty r/nt9Ntq36WdHZsIFq2wh+fUVhRuT5LGdh+tNLqKlWhzRUth/XaWYbANdg/oQaSpoGgVxO2apX/ VoX/y1gZBZukwDv/gNE/9ahcviUHio2vmqSBgSOCPGms8VL3W5O5IOHxR7gW0gxQa5v3wsXTpzh zFs3EiLIhlAkOr2YHoqM5EISwSK4tHvFqGgTNVUUleprea4ytQwhB/hhgNY+mlLU4RWWMRCwwAI y81+F06Ciw2MqIZMZKZtRa9C2eo4w7oJ57abc5TLcvwF7z76WEDCi3HISwSe8V26rY= X-Received: by 2002:a05:7022:ef0e:b0:12c:43:3ffc with SMTP id a92af1059eb24-12c62f5a7fcmr1936123c88.0.1776350895349; Thu, 16 Apr 2026 07:48:15 -0700 (PDT) Received: from localhost.localdomain (108-214-96-168.lightspeed.sntcca.sbcglobal.net. [108.214.96.168]) by smtp.gmail.com with ESMTPSA id a92af1059eb24-12c641d18a7sm2727426c88.0.2026.04.16.07.48.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Apr 2026 07:48:14 -0700 (PDT) From: Sun Jian To: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, eddyz87@gmail.com, memxor@gmail.com, bpf@vger.kernel.org Cc: john.fastabend@gmail.com, martin.lau@linux.dev, song@kernel.org, yonghong.song@linux.dev, jolsa@kernel.org, linux-kernel@vger.kernel.org, Sun Jian Subject: [PATCH bpf] bpf: reject ERR_PTR map->record in map_check_btf Date: Thu, 16 Apr 2026 22:48:08 +0800 Message-ID: <20260416144808.149543-1-sun.jian.kdev@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit btf_parse_fields() returns an ERR_PTR() when it encounters an invalid special field in map value BTF. For example, an invalid kptr-annotated field whose tagged pointee is not a full struct type can make btf_parse_fields() fail with -EINVAL. map_check_btf() stores the result in map->record, but currently only handles the successful non-NULL case explicitly. ERR_PTR() results are not rejected immediately before proceeding with the rest of map BTF setup. Handle IS_ERR(map->record) explicitly in map_check_btf() and return the underlying error code immediately. Fixes: aa3496accc412 ("bpf: Refactor kptr_off_tab into btf_record") Signed-off-by: Sun Jian --- kernel/bpf/syscall.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index b73b25c63073..83e206a0626a 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -1262,7 +1262,12 @@ static int map_check_btf(struct bpf_map *map, struct bpf_token *token, BPF_RB_ROOT | BPF_REFCOUNT | BPF_WORKQUEUE | BPF_UPTR | BPF_TASK_WORK, map->value_size); - if (!IS_ERR_OR_NULL(map->record)) { + if (IS_ERR(map->record)) { + ret = PTR_ERR(map->record); + map->record = NULL; + goto free_map_tab; + } + if (map->record) { int i; if (!bpf_token_capable(token, CAP_BPF)) { base-commit: 1d51b370a0f8f642f4fc84c795fbedac0fcdbbd2 -- 2.43.0