All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jiri Olsa <olsajiri@gmail.com>
To: Rong Tao <rtoax@foxmail.com>
Cc: ast@kernel.org, rongtao@cestc.cn,
	Daniel Borkmann <daniel@iogearbox.net>,
	Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>,
	Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>,
	John Fastabend <john.fastabend@gmail.com>,
	KP Singh <kpsingh@kernel.org>,
	Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
	Mykola Lysenko <mykolal@fb.com>, Shuah Khan <shuah@kernel.org>,
	Nick Terrell <terrelln@fb.com>,
	"open list:BPF [GENERAL] (Safe Dynamic Programs and Tools)" 
	<bpf@vger.kernel.org>,
	"open list:KERNEL SELFTEST FRAMEWORK" 
	<linux-kselftest@vger.kernel.org>,
	open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH bpf-next] selftests/bpf: trace_helpers.c: Fix segfault
Date: Mon, 10 Apr 2023 17:05:20 +0100	[thread overview]
Message-ID: <ZDQzwP3K8WOImluJ@krava> (raw)
In-Reply-To: <tencent_0D62BF818D106C96C26594CAC76BF3281306@qq.com>

On Sun, Apr 09, 2023 at 04:15:25PM +0800, Rong Tao wrote:
> From: Rong Tao <rongtao@cestc.cn>
> 
> When the number of symbols is greater than MAX_SYMS (300000), the access
> array struct ksym syms[MAX_SYMS] goes out of bounds, which will result in
> a segfault.
> 
> Resolve this issue by judging the maximum number and exiting the loop, and
> increasing the default size appropriately. (6.2.9 = 329839 below)
> 
>     $ cat /proc/kallsyms | wc -l
>     329839
> 
>     GDB debugging:
>     $ cd linux/samples/bpf
>     $ sudo gdb ./sampleip
>     ...
>     (gdb) r
>     ...
>     Program received signal SIGSEGV, Segmentation fault.
>     0x00007ffff7e2debf in malloc () from /lib64/libc.so.6
>     Missing separate debuginfos, use: dnf debuginfo-install
>     elfutils-libelf-0.189-1.fc37.x86_64 glibc-2.36-9.fc37.x86_64
>     libzstd-1.5.4-1.fc37.x86_64 zlib-1.2.12-5.fc37.x86_64
>     (gdb) bt
>     #0  0x00007ffff7e2debf in malloc () from /lib64/libc.so.6
>     #1  0x00007ffff7e33f8e in strdup () from /lib64/libc.so.6
>     #2  0x0000000000403fb0 in load_kallsyms_refresh() from trace_helpers.c
>     #3  0x00000000004038b2 in main ()
> 
> Signed-off-by: Rong Tao <rongtao@cestc.cn>

I had to apply by hand, there was some fuzz:

  patching file tools/testing/selftests/bpf/trace_helpers.c
  Hunk #1 succeeded at 18 with fuzz 2 (offset 4 lines).
  Hunk #2 succeeded at 48 (offset 4 lines).

but other than that looks good

Acked-by: Jiri Olsa <jolsa@kernel.org>

jirka

> ---
>  tools/testing/selftests/bpf/trace_helpers.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/tools/testing/selftests/bpf/trace_helpers.c b/tools/testing/selftests/bpf/trace_helpers.c
> index 09a16a77bae4..a9d589c560d2 100644
> --- a/tools/testing/selftests/bpf/trace_helpers.c
> +++ b/tools/testing/selftests/bpf/trace_helpers.c
> @@ -14,7 +14,7 @@
>  
>  #define DEBUGFS "/sys/kernel/debug/tracing/"
>  
> -#define MAX_SYMS 300000
> +#define MAX_SYMS 400000
>  static struct ksym syms[MAX_SYMS];
>  static int sym_cnt;
>  
> @@ -44,7 +44,8 @@ int load_kallsyms_refresh(void)
>  			continue;
>  		syms[i].addr = (long) addr;
>  		syms[i].name = strdup(func);
> -		i++;
> +		if (++i >= MAX_SYMS)
> +			break;
>  	}
>  	fclose(f);
>  	sym_cnt = i;
> -- 
> 2.39.2
> 

      reply	other threads:[~2023-04-10 16:05 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-09  8:15 [PATCH bpf-next] selftests/bpf: trace_helpers.c: Fix segfault Rong Tao
2023-04-10 16:05 ` Jiri Olsa [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZDQzwP3K8WOImluJ@krava \
    --to=olsajiri@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=haoluo@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=kpsingh@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=mykolal@fb.com \
    --cc=rongtao@cestc.cn \
    --cc=rtoax@foxmail.com \
    --cc=sdf@google.com \
    --cc=shuah@kernel.org \
    --cc=song@kernel.org \
    --cc=terrelln@fb.com \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.