Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net
History
Paul Chaignon 6557f1565d bpf: Fix bpf_xdp_store_bytes proto for read-only arg 
While making some maps in Cilium read-only from the BPF side, we noticed
that the bpf_xdp_store_bytes proto is incorrect. In particular, the
verifier was throwing the following error:

  ; ret = ctx_store_bytes(ctx, l3_off + offsetof(struct iphdr, saddr),
                          &nat->address, 4, 0);
  635: (79) r1 = *(u64 *)(r10 -144)     ; R1=ctx() R10=fp0 fp-144=ctx()
  636: (b4) w2 = 26                     ; R2=26
  637: (b4) w4 = 4                      ; R4=4
  638: (b4) w5 = 0                      ; R5=0
  639: (85) call bpf_xdp_store_bytes#190
  write into map forbidden, value_size=6 off=0 size=4

nat comes from a BPF_F_RDONLY_PROG map, so R3 is a PTR_TO_MAP_VALUE.
The verifier checks the helper's memory access to R3 in
check_mem_size_reg, as it reaches ARG_CONST_SIZE argument. The third
argument has expected type ARG_PTR_TO_UNINIT_MEM, which includes the
MEM_WRITE flag. The verifier thus checks for a BPF_WRITE access on R3.
Given R3 points to a read-only map, the check fails.

Conversely, ARG_PTR_TO_UNINIT_MEM can also lead to the helper reading
from uninitialized memory.

This patch simply fixes the expected argument type to match that of
bpf_skb_store_bytes.

Fixes: 3f364222d0 ("net: xdp: introduce bpf_xdp_pointer utility routine")
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Link: https://lore.kernel.org/r/9fa3c9f72d806e82541071c4df88b8cba28ad6a9.1769875479.git.paul.chaignon@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
 		2026-01-31 13:49:43 -08:00
..
6lowpan
9p - fix a bug with O_APPEND in cached mode causing data to be written multiple times on server 2025-12-07 08:29:09 -08:00
802
8021q net: vlan: sync VLAN features with lower device 2025-10-31 17:42:35 -07:00
appletalk net: Convert proto_ops connect() callbacks to use sockaddr_unsized 2025-11-04 19:10:32 -08:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-11-27 12:19:08 -08:00
ax25 net: Convert proto_ops connect() callbacks to use sockaddr_unsized 2025-11-04 19:10:32 -08:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-10-31 06:46:03 -07:00
bluetooth Bluetooth: MGMT: report BIS capability flags in supported settings 2025-12-19 17:11:27 -05:00
bpf bpf: add fsession support 2026-01-24 18:49:35 -08:00
bridge netfilter pull request nf-26-01-02 2026-01-04 10:59:59 -08:00
caif caif: fix integer underflow in cffrml_receive() 2025-12-11 01:35:41 -08:00
can can: j1939: make j1939_sk_bind() fail if device is no longer registered 2025-12-17 10:47:33 +01:00
ceph libceph: make calc_target() set t->paused, not just clear it 2026-01-06 00:39:43 +01:00
core bpf: Fix bpf_xdp_store_bytes proto for read-only arg 2026-01-31 13:49:43 -08:00
dcb Revert "Documentation: net: add flow control guide and document ethtool API" 2025-10-01 09:48:21 +02:00
devlink tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
dns_resolver net/dns_resolver: use credential guards in dns_query() 2025-11-04 12:36:51 +01:00
dsa net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() 2025-12-23 10:32:08 +01:00
ethernet net: optimize eth_type_trans() vs CONFIG_STACKPROTECTOR_STRONG=y 2025-11-24 19:27:31 -08:00
ethtool ethtool: Avoid overflowing userspace buffer on stats query 2025-12-18 12:24:25 +01:00
handshake net/handshake: Fix null-ptr-deref in handshake_complete() 2025-12-22 12:36:40 +01:00
hsr net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() 2025-12-04 11:15:13 +01:00
ieee802154 net: Convert proto callbacks from sockaddr to sockaddr_unsized 2025-11-04 19:10:33 -08:00
ife
ipv4 bpf, sockmap: Fix FIONREAD for sockmap 2026-01-27 09:11:30 -08:00
ipv6 ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT 2025-12-30 12:04:36 +01:00
iucv net: Remove KMSG_COMPONENT macro 2025-11-28 19:20:27 -08:00
kcm Networking changes for 6.19. 2025-12-03 17:24:33 -08:00
key pfkey: Deprecate pfkey 2025-10-30 09:03:12 +01:00
l2tp l2tp: correct debugfs label for tunnel tx stats 2025-12-01 12:03:09 -08:00
l3mdev
lapb
llc net: Convert proto_ops connect() callbacks to use sockaddr_unsized 2025-11-04 19:10:32 -08:00
mac80211 wifi: mac80211: collect station statistics earlier when disconnect 2026-01-08 13:33:11 +01:00
mac802154
mctp net: mctp: test: move TX packetqueue from dst to dev 2025-12-01 13:52:13 -08:00
mpls mpls: Drop RTNL for RTM_NEWROUTE, RTM_DELROUTE, and RTM_GETROUTE. 2025-11-03 17:40:54 -08:00
mptcp mptcp: ensure context reset on disconnect() 2025-12-23 09:12:25 +01:00
ncsi
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf after rc5 2026-01-14 15:22:01 -08:00
netlabel
netlink net: Convert proto_ops connect() callbacks to use sockaddr_unsized 2025-11-04 19:10:32 -08:00
netrom netrom: Fix memory leak in nr_sendmsg() 2025-12-04 11:01:17 +01:00
nfc net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write 2025-12-28 09:15:42 +01:00
nsh
openvswitch net: openvswitch: Avoid needlessly taking the RTNL on vport destroy 2025-12-22 12:25:11 +01:00
packet net: Convert struct sockaddr to fixed-size "sa_data[14]" 2025-11-04 19:10:33 -08:00
phonet net: Convert proto callbacks from sockaddr to sockaddr_unsized 2025-11-04 19:10:33 -08:00
psample
psp tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
qrtr net: Convert proto_ops connect() callbacks to use sockaddr_unsized 2025-11-04 19:10:32 -08:00
rds net: Convert proto_ops connect() callbacks to use sockaddr_unsized 2025-11-04 19:10:32 -08:00
rfkill net: replace use of system_wq with system_percpu_wq 2025-09-22 17:40:30 -07:00
rose net: rose: fix invalid array index in rose_kill_by_device() 2025-12-30 11:45:51 +01:00
rxrpc net: Convert proto_ops connect() callbacks to use sockaddr_unsized 2025-11-04 19:10:32 -08:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf after rc5 2026-01-14 15:22:01 -08:00
sctp sctp: Clear inet_opt in sctp_v6_copy_ip_options(). 2025-12-18 16:18:00 +01:00
shaper tools: ynl-gen: add regeneration comment 2025-11-25 19:20:42 -08:00
smc net: smc: SMC_HS_CTRL_BPF should depend on BPF_JIT 2025-12-04 11:07:18 -08:00
strparser Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-11-13 12:35:38 -08:00
sunrpc nfsd-6.19 fixes: 2025-12-24 09:23:04 -08:00
switchdev
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-11-13 12:35:38 -08:00
tls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-10-31 06:46:03 -07:00
unix net: do not write to msg_get_inq in callee 2026-01-08 08:45:13 -08:00
vmw_vsock vsock: Make accept()ed sockets use custom setsockopt() 2026-01-05 16:14:50 -08:00
wireless wifi: avoid kernel-infoleak from struct iw_point 2026-01-08 13:33:05 +01:00
x25 net: Convert proto_ops connect() callbacks to use sockaddr_unsized 2025-11-04 19:10:32 -08:00
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-11-27 12:19:08 -08:00
xfrm bpf: xfrm: drop dead NULL check in bpf_xdp_get_xfrm_state() 2026-01-02 12:04:29 -08:00
Kconfig net: Kconfig: discourage drop_monitor enablement 2025-10-17 16:29:26 -07:00
Kconfig.debug
Makefile
compat.c socket: Unify getsockname and getpeername implementation 2025-11-26 13:45:23 -07:00
devres.c
socket.c vfs-6.19-rc1.fixes 2025-12-05 15:52:30 -08:00
sysctl_net.c