-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The return for ctx_load_bytes() isn't being checked #16076
Comments
Hello @pchaigno, Could you assign it to me, pls? |
Could you describe exactly how you reproduced that error? |
The problem occurs when the function skb_load_bytes() is introduced:
|
Ok, I see 👍 AFAIK |
YES, compiler should complain about possible usage of an uninitialized variable but does't while kernel verifier will prohibit loading the code for some reason not so clear for me, but when we do initialize the var accordingly or check the return error for ctx_load_bytes() in that context, the verifier will permit loading bpf_overlay.o. |
No, I mean the compiler would not generated bytecode that results in
I think it is initialized by the helper from compiler's point of view. Anyway, the C code is clearly incorrect and we should fix it 🙂 |
In the datapath, the function ipv6_dec_hoplimit() makes a call to ctx_load_bytes() without checking for return errors. This will let this function code make a evaluation of an uninitialized variable (__u8 hl) when ctx_load_bytes() returned a error. In this case the eBPF compiler will generate a code that won't be accepted by Linux kernel verifier, throwing a "invalid size of register spill" error in the /var/log/syslog.
cilium/bpf/lib/ipv6.h
Line 151 in e9e4c46
Please, add error checks when calling ctx_load_bytes().
The text was updated successfully, but these errors were encountered: