On Mon, Jul 25, 2022 at 1:17 PM Martin KaFai Lau <kafai@xxxxxx> wrote:
>
> On Fri, Jul 22, 2022 at 03:01:05PM -0700, Joanne Koong wrote:
> > For the case where offset + len == size, bpf_xdp_pointer should return a
> > valid pointer to the addr because that access is permitted. We should
> > only return NULL in the case where offset + len exceeds size.
> >
> > Fixes: 3f364222d032 ("net: xdp: introduce bpf_xdp_pointer utility routine")
> > Signed-off-by: Joanne Koong <joannelkoong@xxxxxxxxx>
> > ---
> > net/core/filter.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/net/core/filter.c b/net/core/filter.c
> > index 289614887ed5..4307a75eeb4c 100644
> > --- a/net/core/filter.c
> > +++ b/net/core/filter.c
> > @@ -3918,7 +3918,7 @@ static void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len)
> > offset -= frag_size;
> > }
> > out:
> > - return offset + len < size ? addr + offset : NULL;
> > + return offset + len <= size ? addr + offset : NULL;
> This fix should be for the bpf tree.
Ah I see. To confirm my understanding, fixes should always go to the
bpf tree (unless it's fixing a patch that only resides in the bpf-next
tree), correct?
>
> Acked-by: Martin KaFai Lau <kafai@xxxxxx>
