On Thu, Dec 20, 2018 at 01:45:56PM -0600, Kangjie Lu wrote:
> check_reg_arg() may fail and not mark correct data in "env". This
> fix inserts a check that ensures check_reg_arg() is successful, and
> if it is not, the fix stops further operations and returns an error
> upstream.
>
> Signed-off-by: Kangjie Lu <k...@umn.edu>
> ---
> kernel/bpf/verifier.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 51ba84d4d34a..ced8cc6470b1 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -2619,7 +2619,9 @@ static int check_func_call(struct bpf_verifier_env
> *env, struct bpf_insn *insn,
> /* after the call registers r0 - r5 were scratched */
> for (i = 0; i < CALLER_SAVED_REGS; i++) {
> mark_reg_not_init(env, caller->regs, caller_saved[i]);
> - check_reg_arg(env, caller_saved[i], DST_OP_NO_MARK);
> + err = check_reg_arg(env, caller_saved[i], DST_OP_NO_MARK);
> + if (err)
> + return err;
it cannot fail here.
we have the same pattern in few other places where we know it cannot fail.
I prefer to leave the code as-is.
