From 1b22393f44802d738f28fb98581640525ecebef4 Mon Sep 17 00:00:00 2001 From: Luis Gerhorst <gerhorst@cs.fau.de> Date: Fri, 2 Jun 2023 21:24:17 +0200 Subject: [PATCH] [DRAFT] bpf: Fix push_stack() in process_iter_next_call() TODO: Can BUG_ON be triggered if the current path is already speculative? --- kernel/bpf/verifier.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index d1f1c7ad92f2..8366dd81a0d4 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -7449,9 +7449,10 @@ static int process_iter_next_call(struct bpf_verifier_env *env, int insn_idx, if (cur_iter->iter.state == BPF_ITER_STATE_ACTIVE) { /* branch out active iter state */ - queued_st = push_stack(env, insn_idx + 1, insn_idx, false); - if (!queued_st) - return -ENOMEM; + int err = push_stack(env, insn_idx + 1, insn_idx, false, &queued_st); + if (err) + return err; + BUG_ON(!queued_st); queued_iter = &queued_st->frame[iter_frameno]->stack[iter_spi].spilled_ptr; queued_iter->iter.state = BPF_ITER_STATE_ACTIVE; -- GitLab