Hello:
This series was applied to bpf/bpf.git (master)
by Martin KaFai Lau <martin.lau@xxxxxxxxxx>:
On Thu, 22 Dec 2022 10:44:13 +0800 you wrote:
> After befae75856ab, the verifier would propagate null information after
> JEQ/JNE, e.g., if two pointers, one is maybe_null and the other is not,
> the former would be marked as non-null in eq path. However, as comment
> "PTR_TO_BTF_ID points to a kernel struct that does not need to be null
> checked by the BPF program ... The verifier must keep this in mind and
> can make no assumptions about null or non-null when doing branch ...".
> If one pointer is maybe_null and the other is PTR_TO_BTF, the former is
> incorrectly marked non-null. The following BPF prog can trigger a
> null-ptr-deref, also see this report for more details[1]:
>
> [...]
Here is the summary with links:
- [bpf-next,v3,1/2] bpf: fix nullness propagation for reg to reg comparisons
https://git.kernel.org/bpf/bpf/c/8374bfd5a3c9
- [bpf-next,v3,2/2] selftests/bpf: check null propagation only neither reg is PTR_TO_BTF_ID
https://git.kernel.org/bpf/bpf/c/cedebd74cf38
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
