> For the case where offset + len == size, bpf_xdp_pointer should return a
> valid pointer to the addr because that access is permitted. We should
> only return NULL in the case where offset + len exceeds size.
>
> Fixes: 3f364222d032 ("net: xdp: introduce bpf_xdp_pointer utility routine")
> Signed-off-by: Joanne Koong <joannelkoong@xxxxxxxxx>
> ---
> net/core/filter.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 289614887ed5..4307a75eeb4c 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -3918,7 +3918,7 @@ static void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len)
> offset -= frag_size;
> }
> out:
> - return offset + len < size ? addr + offset : NULL;
> + return offset + len <= size ? addr + offset : NULL;
> }
>
> BPF_CALL_4(bpf_xdp_load_bytes, struct xdp_buff *, xdp, u32, offset,
> --
> 2.30.2
>
Acked-by: Lorenzo Bianconi <lorenzo@xxxxxxxxxx>
Attachment:
signature.asc
Description: PGP signature
