diff options
| author | Andrii Nakryiko <andrii@kernel.org> | 2023-03-22 16:25:02 -0700 |
|---|---|---|
| committer | Martin KaFai Lau <martin.lau@kernel.org> | 2023-03-22 17:04:47 -0700 |
| commit | b63cbc490e18d893632929b8faa55bb28da3fcd4 (patch) | |
| tree | a6d2301d8bfc328cd8671bc3211998ab4c128629 /kernel/bpf | |
| parent | 1a3148fc171f5cde11b4c24e808a953ff725a3e2 (diff) | |
| download | linux-b63cbc490e18d893632929b8faa55bb28da3fcd4.tar.gz linux-b63cbc490e18d893632929b8faa55bb28da3fcd4.tar.bz2 linux-b63cbc490e18d893632929b8faa55bb28da3fcd4.zip | |
bpf: remember meta->iter info only for initialized iters
For iter_new() functions iterator state's slot might not be yet
initialized, in which case iter_get_spi() will return -ERANGE. This is
expected and is handled properly. But for iter_next() and iter_destroy()
cases iter slot is supposed to be initialized and correct, so -ERANGE is
not possible.
Move meta->iter.{spi,frameno} initialization into iter_next/iter_destroy
handling branch to make it more explicit that valid information will be
remembered in meta->iter block for subsequent use in process_iter_next_call(),
avoiding confusingly looking -ERANGE assignment for meta->iter.spi.
Reported-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20230322232502.836171-1-andrii@kernel.org
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Diffstat (limited to 'kernel/bpf')
| -rw-r--r-- | kernel/bpf/verifier.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index fd2f216de920..64f06f6e16bf 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -6778,13 +6778,6 @@ static int process_iter_arg(struct bpf_verifier_env *env, int regno, int insn_id t = btf_type_skip_modifiers(meta->btf, t->type, &btf_id); /* STRUCT */ nr_slots = t->size / BPF_REG_SIZE; - spi = iter_get_spi(env, reg, nr_slots); - if (spi < 0 && spi != -ERANGE) - return spi; - - meta->iter.spi = spi; - meta->iter.frameno = reg->frameno; - if (is_iter_new_kfunc(meta)) { /* bpf_iter_<type>_new() expects pointer to uninit iter state */ if (!is_iter_reg_valid_uninit(env, reg, nr_slots)) { @@ -6811,10 +6804,17 @@ static int process_iter_arg(struct bpf_verifier_env *env, int regno, int insn_id return -EINVAL; } + spi = iter_get_spi(env, reg, nr_slots); + if (spi < 0) + return spi; + err = mark_iter_read(env, reg, spi, nr_slots); if (err) return err; + /* remember meta->iter info for process_iter_next_call() */ + meta->iter.spi = spi; + meta->iter.frameno = reg->frameno; meta->ref_obj_id = iter_ref_obj_id(env, reg, spi); if (is_iter_destroy_kfunc(meta)) { |