From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: Daniel Borkmann <daniel@iogearbox.net>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: "Toke Høiland-Jørgensen" <toke@redhat.com>,
lkml <linux-kernel@vger.kernel.org>,
netdev@vger.kernel.org, bpf@vger.kernel.org,
"Martin Lau" <kafai@fb.com>
Subject: [PATCH bpf v2] bpftool: Don't crash on missing jited insns or ksyms
Date: Tue, 10 Dec 2019 19:14:12 +0100 [thread overview]
Message-ID: <20191210181412.151226-1-toke@redhat.com> (raw)
When the kptr_restrict sysctl is set, the kernel can fail to return
jited_ksyms or jited_prog_insns, but still have positive values in
nr_jited_ksyms and jited_prog_len. This causes bpftool to crash when trying
to dump the program because it only checks the len fields not the actual
pointers to the instructions and ksyms.
Fix this by adding the missing checks.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
---
v2:
- The sysctl causing this is kptr_restrict, not bpf_jit_harden; update commit
msg to get this right (Martin).
tools/bpf/bpftool/prog.c | 2 +-
tools/bpf/bpftool/xlated_dumper.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c
index 4535c863d2cd..2ce9c5ba1934 100644
--- a/tools/bpf/bpftool/prog.c
+++ b/tools/bpf/bpftool/prog.c
@@ -493,7 +493,7 @@ static int do_dump(int argc, char **argv)
info = &info_linear->info;
if (mode == DUMP_JITED) {
- if (info->jited_prog_len == 0) {
+ if (info->jited_prog_len == 0 || !info->jited_prog_insns) {
p_info("no instructions returned");
goto err_free;
}
diff --git a/tools/bpf/bpftool/xlated_dumper.c b/tools/bpf/bpftool/xlated_dumper.c
index 494d7ae3614d..5b91ee65a080 100644
--- a/tools/bpf/bpftool/xlated_dumper.c
+++ b/tools/bpf/bpftool/xlated_dumper.c
@@ -174,7 +174,7 @@ static const char *print_call(void *private_data,
struct kernel_sym *sym;
if (insn->src_reg == BPF_PSEUDO_CALL &&
- (__u32) insn->imm < dd->nr_jited_ksyms)
+ (__u32) insn->imm < dd->nr_jited_ksyms && dd->jited_ksyms)
address = dd->jited_ksyms[insn->imm];
sym = kernel_syms_search(dd, address);
--
2.24.0
next reply other threads:[~2019-12-10 18:15 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-10 18:14 Toke Høiland-Jørgensen [this message]
2019-12-10 18:21 ` [PATCH bpf v2] bpftool: Don't crash on missing jited insns or ksyms Martin Lau
2019-12-10 20:54 ` Jakub Kicinski
2019-12-10 21:09 ` Toke Høiland-Jørgensen
2019-12-10 21:24 ` Jakub Kicinski
2019-12-10 21:31 ` Alexei Starovoitov
2019-12-10 21:52 ` Jakub Kicinski
2019-12-10 22:53 ` Alexei Starovoitov
2019-12-11 13:08 ` Daniel Borkmann
2019-12-11 13:20 ` Toke Høiland-Jørgensen
2019-12-11 13:33 ` Daniel Borkmann
2019-12-11 13:01 ` Daniel Borkmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191210181412.151226-1-toke@redhat.com \
--to=toke@redhat.com \
--cc=alexei.starovoitov@gmail.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kafai@fb.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).