[PATCH bpf-next] selftests/bpf: Fix segfault in bpf_tcp_ca

[PATCH bpf-next] selftests/bpf: Fix segfault in bpf_tcp_ca

[Jean-Philippe Brucker]

Since commit ad9a7f96445b ("libbpf: Improve logging around BPF program
loading"), libbpf_debug_print() gets an additional prog_name parameter
but doesn't pass it to printf(). Since the format string now expects two
arguments, printf() may read uninitialized data and segfault. Pass
prog_name through.

Fixes: ad9a7f96445b ("libbpf: Improve logging around BPF program loading")
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
---
 tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c b/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
index 8daca0ac909f..8f7a1cef7d87 100644
--- a/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
+++ b/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
@@ -217,7 +217,7 @@ static bool found;
 static int libbpf_debug_print(enum libbpf_print_level level,
 			      const char *format, va_list args)
 {
-	const char *log_buf;
+	const char *prog_name, *log_buf;
 
 	if (level != LIBBPF_WARN ||
 	    !strstr(format, "-- BEGIN PROG LOAD LOG --")) {
@@ -225,15 +225,14 @@ static int libbpf_debug_print(enum libbpf_print_level level,
 		return 0;
 	}
 
-	/* skip prog_name */
-	va_arg(args, char *);
+	prog_name = va_arg(args, char *);
 	log_buf = va_arg(args, char *);
 	if (!log_buf)
 		goto out;
 	if (err_str && strstr(log_buf, err_str) != NULL)
 		found = true;
 out:
-	printf(format, log_buf);
+	printf(format, prog_name, log_buf);
 	return 0;
 }
 
-- 
2.34.1

Re: [PATCH bpf-next] selftests/bpf: Fix segfault in bpf_tcp_ca

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@kernel.org>:

On Mon, 13 Dec 2021 18:30:59 +0000 you wrote:
> Since commit ad9a7f96445b ("libbpf: Improve logging around BPF program
> loading"), libbpf_debug_print() gets an additional prog_name parameter
> but doesn't pass it to printf(). Since the format string now expects two
> arguments, printf() may read uninitialized data and segfault. Pass
> prog_name through.
> 
> Fixes: ad9a7f96445b ("libbpf: Improve logging around BPF program loading")
> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
> 
> [...]

Here is the summary with links:
  - [bpf-next] selftests/bpf: Fix segfault in bpf_tcp_ca
    https://git.kernel.org/bpf/bpf-next/c/acd143eefb82

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html