On Sat, 2025-08-16 at 18:06 +0000, Anton Protopopov wrote:
[...]
> --- /dev/null
> +++ b/kernel/bpf/bpf_insn_array.c
[...]
> +int bpf_insn_array_ready(struct bpf_map *map)
> +{
> + struct bpf_insn_array *insn_array = cast_insn_array(map);
> + guard(mutex)(&insn_array->state_mutex);
> + int i;
> +
> + for (i = 0; i < map->max_entries; i++) {
> + if (insn_array->ptrs[i].user_value.xlated_off == INSN_DELETED)
> + continue;
> + if (!insn_array->ips[i]) {
> + /*
> + * Set the map free on failure; the program owning it
> + * might be re-loaded with different log level
> + */
> + insn_array->state = INSN_ARRAY_STATE_FREE;
> + return -EFAULT;
This shouldn't happen, right?
If so, maybe use verifier_bug here with some description?
(and move bpf_insn_array_ready() call to verifier.c:bpf_check(),
so that the log pointer is available).
> + }
> + }
> +
> + insn_array->state = INSN_ARRAY_STATE_READY;
> + return 0;
> +}
[...]
