[bug report] bpf: btf: Check members of struct/union

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Martin KaFai Lau,

Commit 179cde8cef7e ("bpf: btf: Check members of struct/union") from
Apr 18, 2018 (linux-next), leads to the following Smatch static
checker warning:

	./kernel/bpf/btf.c:2893 btf_array_check_member()
	error: uninitialized symbol 'array_size'.

./kernel/bpf/btf.c
    2873 static int btf_array_check_member(struct btf_verifier_env *env,
    2874                                   const struct btf_type *struct_type,
    2875                                   const struct btf_member *member,
    2876                                   const struct btf_type *member_type)
    2877 {
    2878         u32 struct_bits_off = member->offset;
    2879         u32 struct_size, bytes_offset;
    2880         u32 array_type_id, array_size;
    2881         struct btf *btf = env->btf;
    2882 
    2883         if (BITS_PER_BYTE_MASKED(struct_bits_off)) {
    2884                 btf_verifier_log_member(env, struct_type, member,
    2885                                         "Member is not byte aligned");
    2886                 return -EINVAL;
    2887         }
    2888 
    2889         array_type_id = member->type;
    2890         btf_type_id_size(btf, &array_type_id, &array_size);

Potentially this is a false positive and btf_type_id_size() can't fail.  But
we're in a check function so intuitively, it feels like we should check for
errors.

Anyway, just let me know if it's a false positive.  These warnings are a one
time thing but it's nice to have the information on lore in case someone is
curious.

    2891         struct_size = struct_type->size;
    2892         bytes_offset = BITS_ROUNDDOWN_BYTES(struct_bits_off);
--> 2893         if (struct_size - bytes_offset < array_size) {
    2894                 btf_verifier_log_member(env, struct_type, member,
    2895                                         "Member exceeds struct_size");
    2896                 return -EINVAL;
    2897         }
    2898 
    2899         return 0;
    2900 }

regards,
dan carpenter
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux