[bpf-next,v3,2/3] bpf: Report internal error on incorrect ld_imm64 in check_ld_imm()

Commit Message

Hao Sun Oct. 11, 2023, 9 a.m. UTC

The verifier currently reports "invalid BPF_LD_IMM64 insn" if the size
of ld_imm64 is not BPF_DW. The log is not accurate, bacause we already
have bpf_code_in_insntable() check in resolve_pseudo_idimm64(), which
guarantees the validity of insn code. If the verifier meets an invalid
ld_imm64 in check_ld_imm(), then somewhere else in the verifier must be
wrong. In such case, current log is confusing and does not reflect the
right thing. Therefore, make the verifier report internal error.

Signed-off-by: Hao Sun <sunhao.th@gmail.com>
---
 kernel/bpf/verifier.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Patch

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 725ac0b464cf..d25838a2c430 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -14532,8 +14532,8 @@  static int check_ld_imm(struct bpf_verifier_env *env, struct bpf_insn *insn)
 	int err;
 
 	if (BPF_SIZE(insn->code) != BPF_DW) {
-		verbose(env, "invalid BPF_LD_IMM insn\n");
-		return -EINVAL;
+		verbose(env, "verifier internal error: ld_imm64 size is not BPF_DW\n");
+		return -EFAULT;
 	}
 	if (insn->off != 0) {
 		verbose(env, "BPF_LD_IMM64 uses reserved fields\n");