Re: [PATCH] bpf: verifier: restrict insn_array_maps to jump tables
From: bot+bpf-ci
Date: Mon Apr 06 2026 - 13:34:01 EST
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 84699a428077..83566d2f446e 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -19098,12 +19098,16 @@ static struct bpf_iarray *jt_from_subprog(struct bpf_verifier_env *env,
> int i;
>
> for (i = 0; i < env->insn_array_map_cnt; i++) {
> map = env->insn_array_maps[i];
>
> + /* Only consider instruction array maps with multiple entries.
> + * These correspond to jump tables. Skip others (e.g. static keys,
> + * indirect call maps).
> + */
> + if (map->map_type != BPF_MAP_TYPE_INSN_ARRAY ||
> + map->max_entries <= 1)
> + continue;
Is the map_type check here doing anything? Looking at __add_used_map(),
it only adds maps to insn_array_maps[] when the type is already
BPF_MAP_TYPE_INSN_ARRAY:
__add_used_map() {
...
if (map->map_type == BPF_MAP_TYPE_INSN_ARRAY) {
...
env->insn_array_maps[env->insn_array_map_cnt++] = map;
}
}
Since that is the only place maps are added to the insn_array_maps
array, the first half of this condition can never be true.
The comment also says "Only consider instruction array maps" but every
map in this array is already an instruction array map. The effective
filter is just max_entries <= 1.
Similarly, the commit message says "Restrict processing to
BPF_MAP_TYPE_INSN_ARRAY maps with multiple entries" -- the restriction
to BPF_MAP_TYPE_INSN_ARRAY is already guaranteed by __add_used_map()
and the check here is dead code.
The removed TODO comment said "TODO (when needed)", acknowledging that
distinguishing jump tables from other insn_array_map uses was not yet
necessary. Could this be simplified to just the max_entries <= 1 check
with a comment that reflects the actual invariant?
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/24041578069