On Fri, Sep 6, 2024 at 6:56 AM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
>
> Both bpf_strtol() and bpf_strtoul() helpers passed a temporary "long long"
> respectively "unsigned long long" to __bpf_strtoll() / __bpf_strtoull().
>
> Later, the result was checked for truncation via _res != ({unsigned,} long)_res
> as the destination buffer for the BPF helpers was of type {unsigned,} long
> which is 32bit on 32bit architectures.
>
> Given the latter was a bug in the helper signatures where the destination buffer
> got adjusted to {s,u}64, the truncation check can now be removed.
>
> Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
> ---
> v3 -> v4:
> - added patch
>
Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
> kernel/bpf/helpers.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index 0cf42be52890..5404bb964d83 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -526,8 +526,6 @@ BPF_CALL_4(bpf_strtol, const char *, buf, size_t, buf_len, u64, flags,
> err = __bpf_strtoll(buf, buf_len, flags, &_res);
> if (err < 0)
> return err;
> - if (_res != (long)_res)
> - return -ERANGE;
> *res = _res;
> return err;
> }
> @@ -554,8 +552,6 @@ BPF_CALL_4(bpf_strtoul, const char *, buf, size_t, buf_len, u64, flags,
> return err;
> if (is_negative)
> return -EINVAL;
> - if (_res != (unsigned long)_res)
> - return -ERANGE;
> *res = _res;
> return err;
> }
> --
> 2.43.0
>
