On Fri, Jul 22, 2022 at 03:01:05PM -0700, Joanne Koong wrote:
> For the case where offset + len == size, bpf_xdp_pointer should return a
> valid pointer to the addr because that access is permitted. We should
> only return NULL in the case where offset + len exceeds size.
>
> Fixes: 3f364222d032 ("net: xdp: introduce bpf_xdp_pointer utility routine")
> Signed-off-by: Joanne Koong <joannelkoong@xxxxxxxxx>
> ---
> net/core/filter.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 289614887ed5..4307a75eeb4c 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -3918,7 +3918,7 @@ static void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len)
> offset -= frag_size;
> }
> out:
> - return offset + len < size ? addr + offset : NULL;
> + return offset + len <= size ? addr + offset : NULL;
This fix should be for the bpf tree.
Acked-by: Martin KaFai Lau <kafai@xxxxxx>
