Re: [bug report] selftest: bpf: Test bpf_sk_assign_tcp_reqsk().

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
Date: Mon, 19 Aug 2024 12:07:04 -0700
> > >     488         mssind = (cookie & (3 << 6)) >> 6;
> > >     489         if (ctx->ipv4) {
> > >     490                 if (mssind > ARRAY_SIZE(msstab4))
> > >                                    ^
> > > Should be >= instead of >.
> > > 
> > >     491                         goto err;
> > >     492 
> > > --> 493                 ctx->attrs.mss = msstab4[mssind];
> > >     494         } else {
> > >     495                 if (mssind > ARRAY_SIZE(msstab6))
> >                                      ^
> > 
> > Here too, I guess.
> 
> Thanks for reporting.
> 
> Will fix it.
> 
> But I'm curious why BPF verifier couldn't catch it.

Ok, this off-by-one report is false-positive as the test has

  mssind = (cookie & (3 << 6)) >> 6;

and the following (mssind > ARRAY_SIZE()) is just to make verifier happy.
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux