bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (6adaeae6) · Commits · EulixOS / Software / Kernel

kernel/bpf/helpers.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -521,6 +521,7 @@ BPF_CALL_4(bpf_strtol, const char *, buf, size_t, buf_len, u64, flags,
		long long _res;
		int err;

		*res = 0;
		err = __bpf_strtoll(buf, buf_len, flags, &_res);
		if (err < 0)
		return err;
		@@ -547,6 +548,7 @@ BPF_CALL_4(bpf_strtoul, const char *, buf, size_t, buf_len, u64, flags,
		bool is_negative;
		int err;

		*res = 0;
		err = __bpf_strtoull(buf, buf_len, flags, &_res, &is_negative);
		if (err < 0)
		return err;

kernel/bpf/syscall.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -5688,6 +5688,7 @@ static const struct bpf_func_proto bpf_sys_close_proto = {

		BPF_CALL_4(bpf_kallsyms_lookup_name, const char , name, int, name_sz, int, flags, u64 , res)
		{
		*res = 0;
		if (flags)
		return -EINVAL;

net/core/filter.c

+23 −21

Original line number	Diff line number	Diff line
		@@ -6290,20 +6290,25 @@ BPF_CALL_5(bpf_skb_check_mtu, struct sk_buff *, skb,
		int ret = BPF_MTU_CHK_RET_FRAG_NEEDED;
		struct net_device *dev = skb->dev;
		int skb_len, dev_len;
		int mtu;
		int mtu = 0;

		if (unlikely(flags & ~(BPF_MTU_CHK_SEGS)))
		return -EINVAL;
		if (unlikely(flags & ~(BPF_MTU_CHK_SEGS))) {
		ret = -EINVAL;
		goto out;
		}

		if (unlikely(flags & BPF_MTU_CHK_SEGS && (len_diff \|\| *mtu_len)))
		return -EINVAL;
		if (unlikely(flags & BPF_MTU_CHK_SEGS && (len_diff \|\| *mtu_len))) {
		ret = -EINVAL;
		goto out;
		}

		dev = __dev_via_ifindex(dev, ifindex);
		if (unlikely(!dev))
		return -ENODEV;
		if (unlikely(!dev)) {
		ret = -ENODEV;
		goto out;
		}

		mtu = READ_ONCE(dev->mtu);

		dev_len = mtu + dev->hard_header_len;

		/* If set use mtu_len as input, L3 as iph->tot_len (like fib_lookup) /
		@@ -6321,15 +6326,12 @@ BPF_CALL_5(bpf_skb_check_mtu, struct sk_buff *, skb,
		*/
		if (skb_is_gso(skb)) {
		ret = BPF_MTU_CHK_RET_SUCCESS;

		if (flags & BPF_MTU_CHK_SEGS &&
		!skb_gso_validate_network_len(skb, mtu))
		ret = BPF_MTU_CHK_RET_SEGS_TOOBIG;
		}
		out:
		/* BPF verifier guarantees valid pointer */
		*mtu_len = mtu;

		return ret;
		}

		@@ -6339,19 +6341,21 @@ BPF_CALL_5(bpf_xdp_check_mtu, struct xdp_buff *, xdp,
		struct net_device *dev = xdp->rxq->dev;
		int xdp_len = xdp->data_end - xdp->data;
		int ret = BPF_MTU_CHK_RET_SUCCESS;
		int mtu, dev_len;
		int mtu = 0, dev_len;

		/* XDP variant doesn't support multi-buffer segment check (yet) */
		if (unlikely(flags))
		return -EINVAL;
		if (unlikely(flags)) {
		ret = -EINVAL;
		goto out;
		}

		dev = __dev_via_ifindex(dev, ifindex);
		if (unlikely(!dev))
		return -ENODEV;
		if (unlikely(!dev)) {
		ret = -ENODEV;
		goto out;
		}

		mtu = READ_ONCE(dev->mtu);

		/* Add L2-header as dev MTU is L3 size */
		dev_len = mtu + dev->hard_header_len;

		/* Use mtu_len as input, L3 as iph->tot_len (like fib_lookup) /
		@@ -6361,10 +6365,8 @@ BPF_CALL_5(bpf_xdp_check_mtu, struct xdp_buff *, xdp,
		xdp_len += len_diff; /* minus result pass check */
		if (xdp_len > dev_len)
		ret = BPF_MTU_CHK_RET_FRAG_NEEDED;

		/* BPF verifier guarantees valid pointer */
		out:
		*mtu_len = mtu;

		return ret;
		}