Re: [PATCH v3 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc

Next message: Eliot Courtney: "Re: [PATCH v2 3/3] gpu: nova-core: switch to kernel bitfield macro"
Previous message: Ryan Chen: "RE: [PATCH v28 2/4] dt-bindings: i2c: ast2600-i2c.yaml: Add global-regs and enable-dma properties"
In reply to: Menglong Dong: " Re: [PATCH v3 bpf-next 1/2] bpf: Fix Null-Pointer Dereference in kernel_clone() via BPF fmod_ret on security_task_alloc"
Next in thread: Feng Yang: "[PATCH v3 bpf-next 2/2] selftests/bpf: Add selftests for verifying return values of fmod_ret."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Feng Yang

Date: Sun Apr 12 2026 - 22:00:06 EST

On Sun, 12 Apr 2026 11:39:53 +0800, Menglong Dong wrote:
> > static bool return_retval_range(struct bpf_verifier_env *env, struct bpf_retval_range *range)
> > {
> > @@ -18416,8 +18522,13 @@ static bool return_retval_range(struct bpf_verifier_env *env, struct bpf_retval_
> > *range = retval_range(0, 0);
> > break;
> > case BPF_TRACE_RAW_TP:
> > - case BPF_MODIFY_RETURN:
> > return false;
> > + case BPF_MODIFY_RETURN:
> > + if (!bpf_security_get_retval_range(env->prog, range))
> > + break;
> > + if (modify_return_get_retval_range(env->prog, range))
> > + return false;
> > + break;
>
> return false by default, as what we did in the previous logic?
>
> + case BPF_MODIFY_RETURN:
> + if (!bpf_security_get_retval_range(env->prog, range))
> + break;
> + if (!modify_return_get_retval_range(env->prog, range))
> + break;
> + return false;
>

Okay, thank you very much.

> > case BPF_TRACE_ITER: