Re: [PATCH bpf-next v3] bpf: Clamp trace length in __bpf_get_stack to fix OOB write

Next message: Jorge Marques: "Re: [PATCH] iio: accel: Change adxl345 depend to negate adxl35x"
Previous message: Lucas Zampieri: "Re: [RFC PATCH 1/1] HID: input: Add support for multiple batteries per device"
In reply to: Lecomte, Arnaud: "Re: [PATCH bpf-next v3] bpf: Clamp trace length in __bpf_get_stack to fix OOB write"
Next in thread: syzbot: "Re: [syzbot] [bpf?] KASAN: stack-out-of-bounds Write in __bpf_get_stack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Laight

Date: Wed Nov 12 2025 - 16:37:42 EST

On Wed, 12 Nov 2025 16:11:41 +0000
"Lecomte, Arnaud" <contact@xxxxxxxxxxxxxx> wrote:

> On 12/11/2025 14:47, Brahmajit Das wrote:
> > On 12.11.2025 13:35, David Laight wrote:
> >> On Tue, 11 Nov 2025 13:42:54 +0530
> >> Brahmajit Das <listout@xxxxxxxxxxx> wrote:
> >>
> > ...snip...
> >> Please can we have no unnecessary min_t().
> >> You wouldn't write:
> >> x = (u32)a < (u32)b ? (u32)a : (u32)b;
> >>
> >> David
> >>
> >>> copy_len = trace_nr * elem_size;
> >>>
> >>> ips = trace->ip + skip;
> > Hi David,
> >
> > Sorry, I didn't quite get that. Would prefer something like:
> > trace_nr = (trace_nr <= num_elem) ? trace_nr : num_elem;
>
> min_t is a min with casting which is unnecessary in this case as
> trace_nr and num_elem are already u32.

Correct

David

>
> > The pre-refactor code.
> >
>