[PATCH bpf-next v2] bpf: Fix resetting logic for unreferenced kptrs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sparse reported a warning at bpf_map_free_kptrs()

"warning: Using plain integer as NULL pointer"

During the process of fixing this warning,
it was discovered that the current code
erroneously writes to the pointer variable
instead of deferencing and writing to the actual kptr.
Hence, Sparse tool accidentally helped to uncover this problem.

Fix this by doing WRITE_ONCE(*p, 0) instead of WRITE_ONCE(p, 0).

Note that the effect of this bug is that
unreferenced kptrs will not be cleared during check_and_free_fields.
It is not a problem if the clearing is not done during map_free stage,
as there is nothing to free for them.

Signed-off-by: Jules Irenge <jbi.octave@xxxxxxxxx>
---
Changes in v2:
 - Make commit message clearer
 - Change commit headline
   from Fixes: 14a324f6a67e ("bpf: Wire up freeing of referenced kptr")
   to bpf: Fix resetting logic for unreferenced kptrs

 kernel/bpf/syscall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 27760627370d..f798acd43a28 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -598,7 +598,7 @@ void bpf_map_free_kptrs(struct bpf_map *map, void *map_value)
 		if (off_desc->type == BPF_KPTR_UNREF) {
 			u64 *p = (u64 *)btf_id_ptr;
 
-			WRITE_ONCE(p, 0);
+			WRITE_ONCE(*p, 0);
 			continue;
 		}
 		old_ptr = xchg(btf_id_ptr, 0);
-- 
2.35.1




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux