On Tue, May 20, 2025 at 12:37 AM Amery Hung <ameryhung@xxxxxxxxx> wrote:
>
> > Then something like:
> > #define tld_get_data(tld_obj, key) \
> > ({
> > void * data = tld_obj->data_map->data;
> > if (data)
> > data += tld_obj->key_map->key.off & (PAGE_SIZE - 1);
> > data;
> > })
> >
> > size is really not needed. The verifier sees it as one page.
> > Bad bpf prog can write into the wrong key and the verifier cannot stop it.
> >
>
> key.off is a variable offset, so the verifier may assume key.off ==
> PAGE_SIZE - 1. If a bpf program tries to dereference a pointer
> returned by the proposed tld_get_data() as an int * without bound
> check, the verifier will still consider this a potential out-of-bound
> access:
>
> invalid access to memory, mem_size=4096 off=4095 size=4
>
> I think if there needs to be a bound check anyways, hiding it
> tld_get_data() makes the user written part less complex.
I see. Yeah off < TLD_DATA_SIZE - size check cannot be removed.
I was hoping to save an extra branch. oh well.
