From: Andrii Nakryiko <andrii.nakryiko@gmail.com>
To: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Cc: bpf <bpf@vger.kernel.org>, Andrii Nakryiko <andrii@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>
Subject: Re: [PATCH bpf-next v3] bpf: Silence Coverity warning for find_kfunc_desc_btf
Date: Wed, 20 Oct 2021 09:57:37 -0700 [thread overview]
Message-ID: <CAEf4BzZe+VW+hRMOZpR3ZyRs_6TuTQRXN4tinwnq8krrVt2gOw@mail.gmail.com> (raw)
In-Reply-To: <20211009040900.803436-1-memxor@gmail.com>
On Fri, Oct 8, 2021 at 9:09 PM Kumar Kartikeya Dwivedi <memxor@gmail.com> wrote:
>
> The helper function returns a pointer that in the failure case encodes
> an error in the struct btf pointer. The current code lead to Coverity
> warning about the use of the invalid pointer:
>
> *** CID 1507963: Memory - illegal accesses (USE_AFTER_FREE)
> /kernel/bpf/verifier.c: 1788 in find_kfunc_desc_btf()
> 1782 return ERR_PTR(-EINVAL);
> 1783 }
> 1784
> 1785 kfunc_btf = __find_kfunc_desc_btf(env, offset, btf_modp);
> 1786 if (IS_ERR_OR_NULL(kfunc_btf)) {
> 1787 verbose(env, "cannot find module BTF for func_id %u\n", func_id);
> >>> CID 1507963: Memory - illegal accesses (USE_AFTER_FREE)
> >>> Using freed pointer "kfunc_btf".
> 1788 return kfunc_btf ?: ERR_PTR(-ENOENT);
> 1789 }
> 1790 return kfunc_btf;
> 1791 }
> 1792 return btf_vmlinux ?: ERR_PTR(-ENOENT);
> 1793 }
>
> Daniel suggested the use of ERR_CAST so that the intended use is clear
> to Coverity, but on closer look it seems that we never return NULL from
> the helper. Andrii noted that since __find_kfunc_desc_btf already logs
> errors for all cases except btf_get_by_fd, it is much easier to add
> logging for that and remove the IS_ERR check altogether, returning
> directly from it.
>
> Suggested-by: Andrii Nakryiko <andrii@kernel.org>
> Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
> ---
> v2->v3
> * Remove unused variable (Kernel Test Robot)
> v1->v2
> * Remove error check, log btf_get_by_fd failure (Andrii)
> ---
Patch bot missed this one. Applied yesterday to bpf-next. Thanks.
[...]
prev parent reply other threads:[~2021-10-20 16:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-08 17:07 [PATCH bpf-next] bpf: Silence Coverity warning for find_kfunc_desc_btf Kumar Kartikeya Dwivedi
2021-10-08 20:39 ` Andrii Nakryiko
2021-10-08 22:27 ` [PATCH bpf-next v2] " Kumar Kartikeya Dwivedi
2021-10-09 4:09 ` [PATCH bpf-next v3] " Kumar Kartikeya Dwivedi
2021-10-20 16:57 ` Andrii Nakryiko [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAEf4BzZe+VW+hRMOZpR3ZyRs_6TuTQRXN4tinwnq8krrVt2gOw@mail.gmail.com \
--to=andrii.nakryiko@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=memxor@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.