> -----Original Message-----
> From: Stephen Hemminger <[email protected]>
> Sent: Saturday 4 July 2026 05:03
> To: [email protected]
> Cc: Stephen Hemminger <[email protected]>; Konstantin Ananyev 
> <[email protected]>;
> Marat Khalili <[email protected]>
> Subject: [PATCH] bpf: fix unitialized warning
> 
> Coverity complains unitialized use of structure.
> 
> Coverity ID: 504611
> Fixes: 17509d474226 ("bpf/validate: fix BPF_ADD of pointer to a scalar")
> 
> Signed-off-by: Stephen Hemminger <[email protected]>
> ---
>  lib/bpf/bpf_validate.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/bpf/bpf_validate.c b/lib/bpf/bpf_validate.c
> index f9960088a2..44db85a5a3 100644
> --- a/lib/bpf/bpf_validate.c
> +++ b/lib/bpf/bpf_validate.c
> @@ -659,7 +659,7 @@ eval_apply_mask(struct bpf_reg_val *rv, uint64_t mask)
>  static void
>  eval_add(struct bpf_reg_val *rd, const struct bpf_reg_val *rs, uint64_t msk)
>  {
> -     struct bpf_reg_val rs_buf;
> +     struct bpf_reg_val rs_buf = { 0 };
>       struct bpf_reg_val rv;
> 
>       if (RTE_BPF_ARG_PTR_TYPE(rs->v.type) != 0) {
> --
> 2.53.0

The bug is real. Based on the intended meaning should then be:

        struct bpf_reg_val rs_buf = { .v.type = RTE_BPF_ARG_RAW };

Setting type to 0 (RTE_BPF_ARG_UNDEF) is too harsh disallowing even reading,
while we only want to disallow dereferencing the result.

(Unfortunately, this whole dimension is still a massive TODO, this check is not
even present on other ALU operations, and neither do sanitized tests pass which
would catch this problem earlier.)

Reply via email to