| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0bcbff49-1d0a-4e59-83ea-f5c568f736a9@wanadoo.fr>
Date: Wed, 21 Aug 2024 15:41:38 +0200
From: Christophe JAILLET <christophe.jaillet@...adoo.fr>
To: Soma Nakata <soma.nakata01@...il.com>
Cc: Andrii Nakryiko <andrii@...nel.org>, Eduard Zingerman
<eddyz87@...il.com>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <martin.lau@...ux.dev>, Song Liu <song@...nel.org>,
Yonghong Song <yonghong.song@...ux.dev>,
John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>,
Jiri Olsa <jolsa@...nel.org>, bpf@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] libbpf: Initialize st_ops->tname with strdup()
Le 21/08/2024 à 15:30, Soma Nakata a écrit :
> On Wed, Aug 21, 2024 at 9:16 PM Christophe JAILLET
> <christophe.jaillet@...adoo.fr> wrote:
>>
>> Le 21/08/2024 à 13:23, Soma Nakata a écrit :
>>> `tname` is returned by `btf__name_by_offset()` as well as `var_name`,
>>> and these addresses point to strings in the btf. Since their locations
>>> may change while loading the bpf program, using `strdup()` ensures
>>> `tname` is safely stored.
>>>
>>> Signed-off-by: Soma Nakata <soma.nakata01@...il.com>
>>> ---
>>> tools/lib/bpf/libbpf.c | 7 +++++--
>>> 1 file changed, 5 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
>>> index a3be6f8fac09..f4ad1b993ec5 100644
>>> --- a/tools/lib/bpf/libbpf.c
>>> +++ b/tools/lib/bpf/libbpf.c
>>> @@ -496,7 +496,7 @@ struct bpf_program {
>>> };
>>>
>>> struct bpf_struct_ops {
>>> - const char *tname;
>>> + char *tname;
>>> const struct btf_type *type;
>>> struct bpf_program **progs;
>>> __u32 *kern_func_off;
>>> @@ -1423,7 +1423,9 @@ static int init_struct_ops_maps(struct bpf_object *obj, const char *sec_name,
>>> memcpy(st_ops->data,
>>> data->d_buf + vsi->offset,
>>> type->size);
>>> - st_ops->tname = tname;
>>> + st_ops->tname = strdup(tname);
>>> + if (!st_ops->tname)
>>> + return -ENOMEM;
>>
>> Certainly a matter of taste, but I would personally move it just after
>> "st_ops->kern_func_off = malloc()" and add the NULL check with the
>> existing ones.
>>
>> BTW, there are some memory leaks if 1 or more allocations fail in this
>> function.
>> Not sure if it is an issue or not, and what should be done in this case.
>
> You mean the line below?
> if (!st_ops->data || !st_ops->progs || !st_ops->kern_func_off)
Yes.
> seems it says the size of them are in descending order or something.
> But regardless, this looks like a memory leak.
> I will send another patch on this.
>
> thanks,
>
>>
>> CJ
>>
>>
>>> st_ops->type = type;
>>> st_ops->type_id = type_id;
>>>
>>> @@ -8984,6 +8986,7 @@ static void bpf_map__destroy(struct bpf_map *map)
>>> map->mmaped = NULL;
>>>
>>> if (map->st_ops) {
>>> + zfree(&map->st_ops->tname);
>>> zfree(&map->st_ops->data);
>>> zfree(&map->st_ops->progs);
>>> zfree(&map->st_ops->kern_func_off);
>>
>
>
Powered by blists - more mailing lists