Re: [PATCH] kernel: bpf: remove dead code

From: David Miller
Date: Mon May 22 2017 - 12:27:55 EST

Next message: Jan Kiszka: "Re: [PATCH v2 6/6] serial: exar: Add support for IOT2040 device"
Previous message: David Howells: "[PATCH 2/9] Implement containers as kernel objects"
In reply to: Daniel Borkmann: "Re: [PATCH] kernel: bpf: remove dead code"
Next in thread: Daniel Borkmann: "Re: [PATCH] kernel: bpf: remove dead code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Date: Mon, 22 May 2017 16:52:24 +0200

> On 05/22/2017 04:38 PM, David Miller wrote:
>> From: "Gustavo A. R. Silva" <garsilva@xxxxxxxxxxxxxx>
>> Date: Mon, 22 May 2017 09:07:46 -0500
>>
>>> Execution cannot reach NET_IP_ALIGN inside the following statement:
>>> ip_align = strict ? 2 : NET_IP_ALIGN
>>>
>>> Addresses-Coverity-ID: 1409762
>>> Signed-off-by: Gustavo A. R. Silva <garsilva@xxxxxxxxxxxxxx>
>>> ---
>>> NOTE: variable ip_align could also be removed and use value 2
>>> directly.
>>
>> Incorrect.
>>
>> Some platforms define NET_IP_ALIGN to zero, so the code must remain
>> as is.
>
> In the check_pkt_ptr_alignment(), when !strict you would already
> return earlier from that function.
>
> So, above test in ip_align will always give 2, meaning technically
> the patch is correct, although hard-coded value less clean.
>
> Perhaps something like the below to keep intentions more clear (and
> it will get resolved during compile time anyway ...):

Ok I understand the issue now. Thanks for explaining.

I guess a hard-coded value of 2 and an adjusted comment above the
assignment of ip_align is the way to go.

I'll push the following, thanks everyone:

====================
net: Make IP alignment calulations clearer.

The assignmnet:

ip_align = strict ? 2 : NET_IP_ALIGN;

in compare_pkt_ptr_alignment() trips up Coverity because we can only
get to this code when strict is true, therefore ip_align will always
be 2 regardless of NET_IP_ALIGN's value.

So just assign directly to '2' and explain the situation in the
comment above.

Reported-by: "Gustavo A. R. Silva" <garsilva@xxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
---
kernel/bpf/verifier.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 1eddb71..c72cd41 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -808,11 +808,15 @@ static int check_pkt_ptr_alignment(const struct bpf_reg_state *reg,
reg_off += reg->aux_off;
}

- /* skb->data is NET_IP_ALIGN-ed, but for strict alignment checking
- * we force this to 2 which is universally what architectures use
- * when they don't set CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS.
+ /* For platforms that do not have a Kconfig enabling
+ * CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS the value of
+ * NET_IP_ALIGN is universally set to '2'. And on platforms
+ * that do set CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS, we get
+ * to this code only in strict mode where we want to emulate
+ * the NET_IP_ALIGN==2 checking. Therefore use an
+ * unconditional IP align value of '2'.
*/
- ip_align = strict ? 2 : NET_IP_ALIGN;
+ ip_align = 2;
if ((ip_align + reg_off + off) % size != 0) {
verbose("misaligned packet access off %d+%d+%d size %d\n",
ip_align, reg_off, off, size);
--
2.4.11

Next message: Jan Kiszka: "Re: [PATCH v2 6/6] serial: exar: Add support for IOT2040 device"
Previous message: David Howells: "[PATCH 2/9] Implement containers as kernel objects"
In reply to: Daniel Borkmann: "Re: [PATCH] kernel: bpf: remove dead code"
Next in thread: Daniel Borkmann: "Re: [PATCH] kernel: bpf: remove dead code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]