tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'bpf-fix-end-of-list-detection-in-cgroup_storage_get_next_key'

Weiming Shi says:

====================
bpf: fix end-of-list detection in cgroup_storage_get_next_key()

list_next_entry() never returns NULL, so the NULL check in
cgroup_storage_get_next_key() is dead code. When iterating past the last
element, the function reads storage->key from a bogus pointer that aliases
internal map fields and copies the result to userspace.

Patch 1 replaces the NULL check with list_entry_is_head() so the function
correctly returns -ENOENT when there are no more entries.

Patch 2 adds a selftest to cover this corner case, as suggested by Sun Jian
and Paul Chaignon.

v2:
- Added selftest (Paul Chaignon)
- Collected Reviewed-by and Acked-by tags
====================

Link: https://patch.msgid.link/20260403132951.43533-1-bestswngs@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

Alexei Starovoitov c6095cb9 24dbbf8a

+6 -1
+1 -1
kernel/bpf/local_storage.c
··· 270 270 goto enoent; 271 271 272 272 storage = list_next_entry(storage, list_map); 273 - if (!storage) 273 + if (list_entry_is_head(storage, &map->list, list_map)) 274 274 goto enoent; 275 275 } else { 276 276 storage = list_first_entry(&map->list,
+5
tools/testing/selftests/bpf/prog_tests/cgroup_storage.c
··· 86 86 err = SYS_NOFAIL(PING_CMD); 87 87 ASSERT_OK(err, "sixth ping"); 88 88 89 + err = bpf_map__get_next_key(skel->maps.cgroup_storage, &key, &key, 90 + sizeof(key)); 91 + ASSERT_ERR(err, "bpf_map__get_next_key should fail"); 92 + ASSERT_EQ(errno, ENOENT, "no second key"); 93 + 89 94 cleanup_progs: 90 95 cgroup_storage__destroy(skel); 91 96 cleanup_network: