* [PATCH bpf-next] bpf: fix static checker warning
@ 2019-11-26 23:01 Alexei Starovoitov
2019-11-27 0:07 ` Daniel Borkmann
0 siblings, 1 reply; 2+ messages in thread
From: Alexei Starovoitov @ 2019-11-26 23:01 UTC (permalink / raw)
To: davem; +Cc: daniel, dan.carpenter, netdev, bpf, kernel-team
kernel/bpf/btf.c:4023 btf_distill_func_proto()
error: potentially dereferencing uninitialized 't'.
kernel/bpf/btf.c
4012 nargs = btf_type_vlen(func);
4013 if (nargs >= MAX_BPF_FUNC_ARGS) {
4014 bpf_log(log,
4015 "The function %s has %d arguments. Too many.\n",
4016 tname, nargs);
4017 return -EINVAL;
4018 }
4019 ret = __get_type_size(btf, func->type, &t);
^^
t isn't initialized for the first -EINVAL return
This is unlikely path, since BTF should have been validated at this point.
Fix it by returning 'void' BTF.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
---
kernel/bpf/btf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 40efde5eedcb..bd5e11881ba3 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -3976,8 +3976,10 @@ static int __get_type_size(struct btf *btf, u32 btf_id,
t = btf_type_by_id(btf, btf_id);
while (t && btf_type_is_modifier(t))
t = btf_type_by_id(btf, t->type);
- if (!t)
+ if (!t) {
+ *bad_type = btf->types[0];
return -EINVAL;
+ }
if (btf_type_is_ptr(t))
/* kernel size of pointer. Not BPF's size of pointer*/
return sizeof(void *);
--
2.23.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH bpf-next] bpf: fix static checker warning
2019-11-26 23:01 [PATCH bpf-next] bpf: fix static checker warning Alexei Starovoitov
@ 2019-11-27 0:07 ` Daniel Borkmann
0 siblings, 0 replies; 2+ messages in thread
From: Daniel Borkmann @ 2019-11-27 0:07 UTC (permalink / raw)
To: Alexei Starovoitov, davem; +Cc: dan.carpenter, netdev, bpf, kernel-team
On 11/27/19 12:01 AM, Alexei Starovoitov wrote:
> kernel/bpf/btf.c:4023 btf_distill_func_proto()
> error: potentially dereferencing uninitialized 't'.
>
> kernel/bpf/btf.c
> 4012 nargs = btf_type_vlen(func);
> 4013 if (nargs >= MAX_BPF_FUNC_ARGS) {
> 4014 bpf_log(log,
> 4015 "The function %s has %d arguments. Too many.\n",
> 4016 tname, nargs);
> 4017 return -EINVAL;
> 4018 }
> 4019 ret = __get_type_size(btf, func->type, &t);
> ^^
> t isn't initialized for the first -EINVAL return
>
> This is unlikely path, since BTF should have been validated at this point.
> Fix it by returning 'void' BTF.
>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Applied, thanks!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-11-27 0:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-26 23:01 [PATCH bpf-next] bpf: fix static checker warning Alexei Starovoitov
2019-11-27 0:07 ` Daniel Borkmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).