| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250905051814.291254-1-hoyeon.lee@suse.com>
Date: Fri, 5 Sep 2025 14:18:11 +0900
From: Hoyeon Lee <hoyeon.lee@...e.com>
To:
Cc: netdev@...r.kernel.org,
Hoyeon Lee <hoyeon.lee@...e.com>,
Andrii Nakryiko <andrii@...nel.org>,
Eduard Zingerman <eddyz87@...il.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Song Liu <song@...nel.org>,
Yonghong Song <yonghong.song@...ux.dev>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...ichev.me>,
Hao Luo <haoluo@...gle.com>,
Jiri Olsa <jolsa@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <nick.desaulniers+lkml@...il.com>,
Bill Wendling <morbo@...gle.com>,
Justin Stitt <justinstitt@...gle.com>,
bpf@...r.kernel.org (open list:BPF [LIBRARY] (libbpf)),
linux-kernel@...r.kernel.org (open list),
llvm@...ts.linux.dev (open list:CLANG/LLVM BUILD SUPPORT:Keyword:\b(?i:clang|llvm)\b)
Subject: [RFC bpf-next v2 0/1] libbpf: add compile-time OOB warning to bpf_tail_call_static
This RFC adds a compile-time check to bpf_tail_call_static() to warn
when a constant slot(index) is >= map->max_entries. This uses a small
BPF_MAP_ENTRIES() macro together with Clang's diagnose_if attribute.
Clang front-end keeps the map type with a '(*max_entries)[N]' field,
so the expression
sizeof(*(m)->max_entries) / sizeof(**(m)->max_entries)
is resolved to N entirely at compile time. This allows diagnose_if()
to emit a warning when a constant slot index is out of range.
Example:
struct { /* BPF_MAP_TYPE_PROG_ARRAY = 3 */
__uint(type, 3); // int (*type)[3];
__uint(max_entries, 100); // int (*max_entries)[100];
__type(key, __u32); // typeof(__u32) *key;
__type(value, __u32); // typeof(__u32) *value;
} progs SEC(".maps");
bpf_tail_call_static(ctx, &progs, 111);
produces:
bound.bpf.c:26:9: warning: bpf_tail_call: slot >= max_entries [-Wuser-defined-warnings]
26 | bpf_tail_call_static(ctx, &progs, 111);
| ^
/usr/local/include/bpf/bpf_helpers.h:190:54: note: expanded from macro 'bpf_tail_call_static'
190 | __bpf_tail_call_warn(__slot >= BPF_MAP_ENTRIES(map)); \
| ^
/usr/local/include/bpf/bpf_helpers.h:183:20: note: from 'diagnose_if' attribute on '__bpf_tail_call_warn':
183 | __attribute__((diagnose_if(oob, "bpf_tail_call: slot >= max_entries", "warning")));
| ^ ~~~
Out-of-bounds tail call checkup is no-ops at runtime. Emitting a
compile-time warning can help developers detect mistakes earlier. The
check is currently limited to Clang (due to diagnose_if) and constant
indices, but should catch common errors.
---
Changes in V2:
- add function definition for __bpf_tail_call_warn for compile error
Hoyeon Lee (1):
libbpf: add compile-time OOB warning to bpf_tail_call_static
tools/lib/bpf/bpf_helpers.h | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
--
2.51.0
Powered by blists - more mailing lists