lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <444267200b59241e9da104eab8af2d7189aa401005887a2cd0128cd6aeda98e2@mail.kernel.org>
Date: Fri,  6 Feb 2026 12:51:36 +0000 (UTC)
From: bot+bpf-ci@...nel.org
To: menglong8.dong@...il.com,ast@...nel.org,bjorn@...nel.org
Cc: daniel@...earbox.net,andrii@...nel.org,martin.lau@...ux.dev,eddyz87@...il.com,song@...nel.org,yonghong.song@...ux.dev,john.fastabend@...il.com,kpsingh@...nel.org,sdf@...ichev.me,haoluo@...gle.com,jolsa@...nel.org,pulehui@...wei.com,puranjay@...nel.org,pjw@...nel.org,palmer@...belt.com,aou@...s.berkeley.edu,alex@...ti.fr,bpf@...r.kernel.org,linux-riscv@...ts.infradead.org,linux-kernel@...r.kernel.org,jiang.biao@...ux.dev,ast@...nel.org,andrii@...nel.org,daniel@...earbox.net,martin.lau@...nel.org,eddyz87@...il.com,yonghong.song@...ux.dev,clm@...a.com,ihor.solodrai@...ux.dev
Subject: Re: [PATCH bpf-next v3 2/3] bpf, riscv: add fsession support for trampolines

> diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c
> --- a/arch/riscv/net/bpf_jit_comp64.c
> +++ b/arch/riscv/net/bpf_jit_comp64.c

[ ... ]

> +static int invoke_bpf(struct bpf_tramp_links *tl, int args_off, int retval_off,
> +		      int run_ctx_off, int func_meta_off, bool save_ret, u64 func_meta,
> +		      int cookie_off, struct rv_jit_context *ctx)
> +{
> +	int i, cur_cookie = (cookie_off - args_off) / 8;
> +
> +	for (i = 0; i < tl->nr_links; i++) {
> +		int err;
> +
> +		if (bpf_prog_calls_session_cookie(&tl->links[i])) {
                                                ^^^^^^^^^^^^^^

Should this be tl->links[i] instead of &tl->links[i]?

The function bpf_prog_calls_session_cookie() expects a struct bpf_tramp_link
pointer, but tl->links is an array of pointers, so tl->links[i] is already
a struct bpf_tramp_link pointer. The extra & passes a pointer-to-pointer.

For comparison, arm64 uses:

    if (bpf_prog_calls_session_cookie(fentry->links[i]))

And include/linux/bpf.h uses:

    if (bpf_prog_calls_session_cookie(fentries.links[i]))

Both without the &.

> +			u64 meta = func_meta | ((u64)cur_cookie << BPF_TRAMP_COOKIE_INDEX_SHIFT);
> +
> +			emit_store_stack_imm64(RV_REG_T1, -func_meta_off, meta, ctx);
> +			cur_cookie--;
> +		}
> +		err = invoke_bpf_prog(tl->links[i], args_off, retval_off, run_ctx_off,
> +				      save_ret, ctx);

Note that invoke_bpf_prog() correctly uses tl->links[i] without the &.


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/21750727924

AI-authorship-score: low
AI-authorship-explanation: The code follows kernel conventions and has been reviewed by maintainers with acked-by tags, indicating human authorship.
issues-found: 1
issue-severity-score: high
issue-severity-explanation: Wrong pointer type passed to bpf_prog_calls_session_cookie() will cause undefined behavior when accessing session cookie state, breaking fsession functionality on RISC-V.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ