bpf_get_kmem_cache() can return NULL when the supplied address is not a
valid kernel address or when no slab is found for it. Its kfunc
registration does not currently advertise that to the verifier.
Add KF_RET_NULL to the registration and add verifier coverage for the direct
field-read case. The selftest rejects a read of s->size after
bpf_get_kmem_cache(0) without a null check, while the null-checked variant
remains accepted.
The issue dates back to a992d7a397912 ("mm/bpf: Add bpf_get_kmem_cache()
kfunc").
Signed-off-by: Nuoqi Gui <[email protected]>
---
Nuoqi Gui (2):
bpf: Mark bpf_get_kmem_cache() as nullable
selftests/bpf: Cover bpf_get_kmem_cache() null return
kernel/bpf/helpers.c | 2 +-
.../bpf/progs/verifier_kfunc_prog_types.c | 29 ++++++++++++++++++++++
2 files changed, 30 insertions(+), 1 deletion(-)
---
base-commit: 76f62d237538b456354a44e796a541cde03c6e28
change-id: 20260617-f01-16-kmem-cache-ret-null-53a9f52fd835
Best regards,
--
Nuoqi Gui <[email protected]>
