On 10/11/20 12:02 AM, Andrii Nakryiko wrote:
On Sat, Oct 10, 2020 at 1:54 PM Daniel Borkmann <[email protected]> wrote:
[...]
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index f3e36eade3d4..d578875df1ad 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -11049,6 +11049,8 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env) if (insn->imm == BPF_FUNC_map_lookup_elem && ops->map_gen_lookup) { cnt = ops->map_gen_lookup(map_ptr, insn_buf); + if (cnt < 0) + goto patch_map_ops_generic;but now any reported error will be silently skipped. The logic should be: if (cnt == -EOPNOTSUPP) goto patch_map_ops_generic; if (cnt <= 0 || cnt >= ARRAY_SIZE(insn_buf)) verbose(env, "bpf verifier is misconfigured\n"); This way only -EOPNOTSUPP is silently skipped, all other cases where error is returned, cnt == 0, or cnt is too big would be reported as error.
Fair enough, I might have misunderstood earlier mail, but agree, that one is more robust overall. Fixed. Thanks, Daniel
