Commit 0af02eb2 authored May 17, 2021 by Florent Revest Committed by Daniel Borkmann May 20, 2021

bpf: Avoid using ARRAY_SIZE on an uninitialized pointer



The cppcheck static code analysis reported the following error:

    if (WARN_ON_ONCE(nest_level > ARRAY_SIZE(bufs->tmp_bufs))) {
                                             ^
ARRAY_SIZE is a macro that expands to sizeofs, so bufs is not actually
dereferenced at runtime, and the code is actually safe. But to keep
things tidy, this patch removes the need for a call to ARRAY_SIZE by
extracting the size of the array into a macro. Cppcheck should no longer
be confused and the code ends up being a bit cleaner.

Fixes: e2d5b2bb ("bpf: Fix nested bpf_bprintf_prepare with more per-cpu buffers")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Florent Revest <revest@chromium.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/bpf/20210517092830.1026418-2-revest@chromium.org

parent 8afcc19f

kernel/bpf/helpers.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -698,8 +698,9 @@ static int bpf_trace_copy_string(char buf, void unsafe_ptr, char fmt_ptype,
		#define MAX_BPRINTF_BUF_LEN 512

		/* Support executing three nested bprintf helper calls on a given CPU */
		#define MAX_BPRINTF_NEST_LEVEL 3
		struct bpf_bprintf_buffers {
		char tmp_bufs[3][MAX_BPRINTF_BUF_LEN];
		char tmp_bufs[MAX_BPRINTF_NEST_LEVEL][MAX_BPRINTF_BUF_LEN];
		};
		static DEFINE_PER_CPU(struct bpf_bprintf_buffers, bpf_bprintf_bufs);
		static DEFINE_PER_CPU(int, bpf_bprintf_nest_level);
		@@ -711,7 +712,7 @@ static int try_get_fmt_tmp_buf(char **tmp_buf)

		preempt_disable();
		nest_level = this_cpu_inc_return(bpf_bprintf_nest_level);
		if (WARN_ON_ONCE(nest_level > ARRAY_SIZE(bufs->tmp_bufs))) {
		if (WARN_ON_ONCE(nest_level > MAX_BPRINTF_NEST_LEVEL)) {
		this_cpu_dec(bpf_bprintf_nest_level);
		preempt_enable();
		return -EBUSY;