bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index

The calculation of the index used to access the mask field in 'struct
bpf_raw_tp_null_args' is done with 'int' type, which could overflow when
the tracepoint being attached has more than 8 arguments.

While none of the tracepoints mentioned in raw_tp_null_args[] currently
have more than 8 arguments, there do exist tracepoints that had more
than 8 arguments (e.g. iocost_iocg_forgive_debt), so use the correct
type for calculation and avoid Smatch static checker warning.

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/bpf/20250418074946.35569-1-shung-hsi.yu@suse.com
Closes: https://lore.kernel.org/r/843a3b94-d53d-42db-93d4-be10a4090146@stanley.mountain/

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 16ba36f34dfab7531babf5753cab9f368cddefa3..656ee11aff67629b0d1a366895af617e8581af99 100644 (file)
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -6829,10 +6829,10 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
                        /* Is this a func with potential NULL args? */
                        if (strcmp(tname, raw_tp_null_args[i].func))
                                continue;
-                       if (raw_tp_null_args[i].mask & (0x1 << (arg * 4)))
+                       if (raw_tp_null_args[i].mask & (0x1ULL << (arg * 4)))
                                info->reg_type |= PTR_MAYBE_NULL;
                        /* Is the current arg IS_ERR? */
-                       if (raw_tp_null_args[i].mask & (0x2 << (arg * 4)))
+                       if (raw_tp_null_args[i].mask & (0x2ULL << (arg * 4)))
                                ptr_err_raw_tp = true;
                        break;
                }