| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251001142127.37559-1-suchitkarunakaran@gmail.com>
Date: Wed, 1 Oct 2025 19:51:26 +0530
From: Suchit Karunakaran <suchitkarunakaran@...il.com>
To: ast@...nel.org,
daniel@...earbox.net,
john.fastabend@...il.com,
andrii@...nel.org,
martin.lau@...ux.dev,
eddyz87@...il.com,
song@...nel.org,
yonghong.song@...ux.dev,
kpsingh@...nel.org,
sdf@...ichev.me,
haoluo@...gle.com,
jolsa@...nel.org,
bpf@...r.kernel.org
Cc: skhan@...uxfoundation.org,
linux-kernel@...r.kernel.org
Subject: verifier: should we handle mark_chain_precision return value properly in loop_flag_is_zero?
Hi folks,
While going through the verifier code, I noticed that the integer return value of mark_chain_precision() is ignored within loop_flag_is_zero().
static bool loop_flag_is_zero(struct bpf_verifier_env *env)
{
struct bpf_reg_state *regs = cur_regs(env);
struct bpf_reg_state *reg = ®s[BPF_REG_4];
bool reg_is_null = register_is_null(reg);
if (reg_is_null)
mark_chain_precision(env, BPF_REG_4);
return reg_is_null;
}
My question is:
Is this behavior intentional (i.e., errors from mark_chain_precision() are safe to ignore here)?
Or should loop_flag_is_zero() propagate the error to update_loop_inline_state() and from there to check_helper_call() function?
I’d appreciate any clarification or suggestions. Apologies if this kind of question isn’t appropriate for the mailing list, I wanted to clarify the intended semantics before attempting a fix.
Thanks,
Suchit Karunakaran
Powered by blists - more mailing lists