bpf_get_kmem_cache() returns NULL when virt_addr_valid() rejects the
address or when virt_to_slab() does not find a slab. The verifier uses
KF_RET_NULL to add PTR_MAYBE_NULL to kfunc return registers, but the
registration currently lacks that flag.
Add KF_RET_NULL so callers have to prove that the returned kmem_cache
pointer is non-NULL before dereferencing fields.
Fixes: a992d7a397912 ("mm/bpf: Add bpf_get_kmem_cache() kfunc")
Signed-off-by: Nuoqi Gui <[email protected]>
---
kernel/bpf/helpers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index b5314c9fed3cf..57a6ab72ae3cc 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -4817,7 +4817,7 @@ BTF_ID_FLAGS(func, bpf_iter_bits_next, KF_ITER_NEXT |
KF_RET_NULL)
BTF_ID_FLAGS(func, bpf_iter_bits_destroy, KF_ITER_DESTROY)
BTF_ID_FLAGS(func, bpf_copy_from_user_str, KF_SLEEPABLE)
BTF_ID_FLAGS(func, bpf_copy_from_user_task_str, KF_SLEEPABLE)
-BTF_ID_FLAGS(func, bpf_get_kmem_cache)
+BTF_ID_FLAGS(func, bpf_get_kmem_cache, KF_RET_NULL)
BTF_ID_FLAGS(func, bpf_iter_kmem_cache_new, KF_ITER_NEW | KF_SLEEPABLE)
BTF_ID_FLAGS(func, bpf_iter_kmem_cache_next, KF_ITER_NEXT | KF_RET_NULL |
KF_SLEEPABLE)
BTF_ID_FLAGS(func, bpf_iter_kmem_cache_destroy, KF_ITER_DESTROY | KF_SLEEPABLE)
--
2.34.1
