diff mbox series

[bpf-next,v1,1/1] bpf: Fix bpf_xdp_pointer return pointer

Message ID 20220722220105.2065466-1-joannelkoong@gmail.com (mailing list archive)
State Accepted
Commit bbd52178e249fe893ef4a9b87cde5b6c473b0a7c
Delegated to: BPF
Headers show
Series [bpf-next,v1,1/1] bpf: Fix bpf_xdp_pointer return pointer | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for bpf-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 23 this patch: 23
netdev/cc_maintainers fail 3 blamed authors not CCed: john.fastabend@gmail.com toke@redhat.com echaudro@redhat.com; 16 maintainers not CCed: davem@davemloft.net song@kernel.org jolsa@kernel.org netdev@vger.kernel.org martin.lau@linux.dev john.fastabend@gmail.com hawk@kernel.org toke@redhat.com echaudro@redhat.com yhs@fb.com sdf@google.com pabeni@redhat.com kpsingh@kernel.org haoluo@google.com edumazet@google.com kuba@kernel.org
netdev/build_clang success Errors and warnings before: 6 this patch: 6
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 23 this patch: 23
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-PR success PR summary
bpf/vmtest-bpf-next-VM_Test-3 success Logs for Kernel LATEST on z15 with gcc
bpf/vmtest-bpf-next-VM_Test-1 success Logs for Kernel LATEST on ubuntu-latest with gcc
bpf/vmtest-bpf-next-VM_Test-2 success Logs for Kernel LATEST on ubuntu-latest with llvm-15

Commit Message

Joanne Koong July 22, 2022, 10:01 p.m. UTC 
For the case where offset + len == size, bpf_xdp_pointer should return a
valid pointer to the addr because that access is permitted. We should
only return NULL in the case where offset + len exceeds size.

Fixes: 3f364222d032 ("net: xdp: introduce bpf_xdp_pointer utility routine")
Signed-off-by: Joanne Koong <joannelkoong@gmail.com>
---
 net/core/filter.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Martin KaFai Lau July 25, 2022, 8:16 p.m. UTC | #1 
On Fri, Jul 22, 2022 at 03:01:05PM -0700, Joanne Koong wrote:
> For the case where offset + len == size, bpf_xdp_pointer should return a
> valid pointer to the addr because that access is permitted. We should
> only return NULL in the case where offset + len exceeds size.
> 
> Fixes: 3f364222d032 ("net: xdp: introduce bpf_xdp_pointer utility routine")
> Signed-off-by: Joanne Koong <joannelkoong@gmail.com>
> ---
>  net/core/filter.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 289614887ed5..4307a75eeb4c 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -3918,7 +3918,7 @@ static void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len)
>  		offset -= frag_size;
>  	}
>  out:
> -	return offset + len < size ? addr + offset : NULL;
> +	return offset + len <= size ? addr + offset : NULL;
This fix should be for the bpf tree.

Acked-by: Martin KaFai Lau <kafai@fb.com>
Lorenzo Bianconi July 25, 2022, 9:28 p.m. UTC | #2 
> For the case where offset + len == size, bpf_xdp_pointer should return a
> valid pointer to the addr because that access is permitted. We should
> only return NULL in the case where offset + len exceeds size.
> 
> Fixes: 3f364222d032 ("net: xdp: introduce bpf_xdp_pointer utility routine")
> Signed-off-by: Joanne Koong <joannelkoong@gmail.com>
> ---
>  net/core/filter.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 289614887ed5..4307a75eeb4c 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -3918,7 +3918,7 @@ static void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len)
>  		offset -= frag_size;
>  	}
>  out:
> -	return offset + len < size ? addr + offset : NULL;
> +	return offset + len <= size ? addr + offset : NULL;
>  }
>  
>  BPF_CALL_4(bpf_xdp_load_bytes, struct xdp_buff *, xdp, u32, offset,
> -- 
> 2.30.2
> 

Acked-by: Lorenzo Bianconi <lorenzo@kernel.org>
Joanne Koong July 25, 2022, 9:55 p.m. UTC | #3 
On Mon, Jul 25, 2022 at 1:17 PM Martin KaFai Lau <kafai@fb.com> wrote:
>
> On Fri, Jul 22, 2022 at 03:01:05PM -0700, Joanne Koong wrote:
> > For the case where offset + len == size, bpf_xdp_pointer should return a
> > valid pointer to the addr because that access is permitted. We should
> > only return NULL in the case where offset + len exceeds size.
> >
> > Fixes: 3f364222d032 ("net: xdp: introduce bpf_xdp_pointer utility routine")
> > Signed-off-by: Joanne Koong <joannelkoong@gmail.com>
> > ---
> >  net/core/filter.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/net/core/filter.c b/net/core/filter.c
> > index 289614887ed5..4307a75eeb4c 100644
> > --- a/net/core/filter.c
> > +++ b/net/core/filter.c
> > @@ -3918,7 +3918,7 @@ static void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len)
> >               offset -= frag_size;
> >       }
> >  out:
> > -     return offset + len < size ? addr + offset : NULL;
> > +     return offset + len <= size ? addr + offset : NULL;
> This fix should be for the bpf tree.
Ah I see. To confirm my understanding, fixes should always go to the
bpf tree (unless it's fixing a patch that only resides in the bpf-next
tree), correct?
>
> Acked-by: Martin KaFai Lau <kafai@fb.com>
Daniel Borkmann July 26, 2022, 11:19 a.m. UTC | #4 
On 7/25/22 11:55 PM, Joanne Koong wrote:
> On Mon, Jul 25, 2022 at 1:17 PM Martin KaFai Lau <kafai@fb.com> wrote:
>>
>> On Fri, Jul 22, 2022 at 03:01:05PM -0700, Joanne Koong wrote:
>>> For the case where offset + len == size, bpf_xdp_pointer should return a
>>> valid pointer to the addr because that access is permitted. We should
>>> only return NULL in the case where offset + len exceeds size.
>>>
>>> Fixes: 3f364222d032 ("net: xdp: introduce bpf_xdp_pointer utility routine")
>>> Signed-off-by: Joanne Koong <joannelkoong@gmail.com>
>>> ---
>>>   net/core/filter.c | 2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/net/core/filter.c b/net/core/filter.c
>>> index 289614887ed5..4307a75eeb4c 100644
>>> --- a/net/core/filter.c
>>> +++ b/net/core/filter.c
>>> @@ -3918,7 +3918,7 @@ static void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len)
>>>                offset -= frag_size;
>>>        }
>>>   out:
>>> -     return offset + len < size ? addr + offset : NULL;
>>> +     return offset + len <= size ? addr + offset : NULL;
>> This fix should be for the bpf tree.
> Ah I see. To confirm my understanding, fixes should always go to the
> bpf tree (unless it's fixing a patch that only resides in the bpf-next
> tree), correct?

Yes, correct. Given we're really late in the cycle with rc8 my preference is to
only queue really urgent fixes to bpf tree at this point. This one I just took
to bpf-next given merge window is opening this Sun, thus this will go to Linus'
tree with just few days offset anyway.

Thanks,
Daniel
patchwork-bot+netdevbpf@kernel.org July 26, 2022, 11:20 a.m. UTC | #5 
Hello:

This patch was applied to bpf/bpf-next.git (master)
by Daniel Borkmann <daniel@iogearbox.net>:

On Fri, 22 Jul 2022 15:01:05 -0700 you wrote:
> For the case where offset + len == size, bpf_xdp_pointer should return a
> valid pointer to the addr because that access is permitted. We should
> only return NULL in the case where offset + len exceeds size.
> 
> Fixes: 3f364222d032 ("net: xdp: introduce bpf_xdp_pointer utility routine")
> Signed-off-by: Joanne Koong <joannelkoong@gmail.com>
> 
> [...]

Here is the summary with links:
  - [bpf-next,v1,1/1] bpf: Fix bpf_xdp_pointer return pointer
    https://git.kernel.org/bpf/bpf-next/c/bbd52178e249

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/core/filter.c b/net/core/filter.c
index 289614887ed5..4307a75eeb4c 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3918,7 +3918,7 @@  static void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len)
 		offset -= frag_size;
 	}
 out:
-	return offset + len < size ? addr + offset : NULL;
+	return offset + len <= size ? addr + offset : NULL;
 }
 
 BPF_CALL_4(bpf_xdp_load_bytes, struct xdp_buff *, xdp, u32, offset,