On Fri, Aug 01, 2025 at 09:09:33AM -0700, Eduard Zingerman wrote:
> On Fri, 2025-08-01 at 11:49 +0200, Paul Chaignon wrote:
> > We've already had two "error during ctx access conversion" warnings
> > triggered by syzkaller. Let's improve the error message by dumping the
> > cnt variable so that we can more easily differentiate between the
> > different error cases.
> >
> > Signed-off-by: Paul Chaignon <paul.chaignon@xxxxxxxxx>
> > ---
>
> Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
Thanks for the review!
>
> > kernel/bpf/verifier.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> > index 399f03e62508..0806295945e4 100644
> > --- a/kernel/bpf/verifier.c
> > +++ b/kernel/bpf/verifier.c
> > @@ -21445,7 +21445,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env)
> > &target_size);
> > if (cnt == 0 || cnt >= INSN_BUF_SIZE ||
> > (ctx_field_size && !target_size)) {
> > - verifier_bug(env, "error during ctx access conversion");
> > + verifier_bug(env, "error during ctx access conversion (%d)", cnt);
>
> Nit: maybe print the rest of the fields as well?
I considered it but didn't want to unnecessarily bloat the message.
Knowing cnt is enough to know which of the three conditions is true. If
the last one is true, then knowing the values of ctx_field_size and
target_size doesn't really help us because the issue is just that one is
set (ctx_field_size in _is_valid_access) while the other wasn't
(target_size in _convert_ctx_accesses). That indicates a mismatch
between the two functions for that particular program type.
>
> > return -EFAULT;
> > }
> >
