Re: [PATCH bpf-next v3 2/2] selftests/bpf: add tests for PTR_TO_FLOW_KEYS offset bounds

Next message: david . laight . linux: "[PATCH next] kernel/trace/trace_printk: Use kstrdup() instead of kmalloc() and strcpy()"
Previous message: david . laight . linux: "[PATCH next] drivers/scsi/aic7xxx/aic79xx_osm: Use kstrdup() instead of kmalloc() and strcpy()"
In reply to: bot+bpf-ci: "Re: [PATCH bpf-next v3 2/2] selftests/bpf: add tests for PTR_TO_FLOW_KEYS offset bounds"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH bpf-next v3 0/2] bpf, verifier: fix PTR_TO_FLOW_KEYS constant-offset OOB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eduard Zingerman

Date: Sat Jun 06 2026 - 16:34:36 EST

On Sat, 2026-06-06 at 18:50 +0800, Nuoqi Gui wrote:
> Add verifier tests covering pointer arithmetic on a PTR_TO_FLOW_KEYS
> register. This covers the bpf-next regression where an out-of-bounds
> constant offset introduced as flow_keys += K and then dereferenced at
> insn->off 0 was accepted, while the equivalent flow_keys + K direct offset
> was rejected.
>
> The tests check that in-bounds constant arithmetic on the keys pointer is
> still accepted, out-of-bounds constant arithmetic is rejected for both read
> and write, and a truly varying offset from bpf_get_prandom_u32() remains
> rejected by the existing PTR_TO_FLOW_KEYS pointer arithmetic rules.
>
> Signed-off-by: Nuoqi Gui <gnq25@xxxxxxxxxxxxxxxxxxxxx>
> ---

Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>

[...]