| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <e7478657b0308d8c4c16f5f412e92a3dbf565b0777424bd6d163d1d8288cf10a@mail.kernel.org>
Date: Fri, 5 Dec 2025 22:57:52 +0000 (UTC)
From: bot+bpf-ci@...nel.org
To: ihor.solodrai@...ux.dev,ast@...nel.org,daniel@...earbox.net,andrii@...nel.org,martin.lau@...ux.dev,eddyz87@...il.com,song@...nel.org,yonghong.song@...ux.dev,john.fastabend@...il.com,kpsingh@...nel.org,sdf@...ichev.me,haoluo@...gle.com,jolsa@...nel.org,akpm@...ux-foundation.org,nathan@...nel.org,nsc@...nel.org,tj@...nel.org,void@...ifault.com,arighi@...dia.com,changwoo@...lia.com,shuah@...nel.org,nick.desaulniers+lkml@...il.com,morbo@...gle.com,justinstitt@...gle.com,alan.maguire@...cle.com,dolinux.peng@...il.com
Cc: bpf@...r.kernel.org,dwarves@...r.kernel.org,linux-kernel@...r.kernel.org,linux-kbuild@...r.kernel.org,ast@...nel.org,andrii@...nel.org,daniel@...earbox.net,martin.lau@...nel.org,eddyz87@...il.com,yonghong.song@...ux.dev,clm@...a.com,ihor.solodrai@...ux.dev
Subject: Re: [PATCH bpf-next v3 2/6] resolve_btfids: Factor out load_btf()
> diff --git a/tools/bpf/resolve_btfids/main.c b/tools/bpf/resolve_btfids/main.c
> index 164f0c941f04..b4caae1170dd 100644
> --- a/tools/bpf/resolve_btfids/main.c
> +++ b/tools/bpf/resolve_btfids/main.c
[ ... ]
> @@ -529,16 +532,10 @@ static int symbols_collect(struct object *obj)
> return 0;
> }
>
> -static int symbols_resolve(struct object *obj)
> +static int load_btf(struct object *obj)
> {
> - int nr_typedefs = obj->nr_typedefs;
> - int nr_structs = obj->nr_structs;
> - int nr_unions = obj->nr_unions;
> - int nr_funcs = obj->nr_funcs;
> - struct btf *base_btf = NULL;
> - int err, type_id;
> - struct btf *btf;
> - __u32 nr_types;
> + struct btf *base_btf = NULL, *btf = NULL;
> + int err;
>
> if (obj->base_btf_path) {
> base_btf = btf__parse(obj->base_btf_path, NULL);
> err = libbpf_get_error(base_btf);
> if (err) {
> pr_err("FAILED: load base BTF from %s: %s\n",
> obj->base_btf_path, strerror(-err));
> - return -1;
> + goto out_err;
> }
> }
>
> btf = btf__parse_split(obj->btf_path ?: obj->path, base_btf);
> err = libbpf_get_error(btf);
> if (err) {
> pr_err("FAILED: load BTF from %s: %s\n",
> obj->btf_path ?: obj->path, strerror(-err));
> - goto out;
> + goto out_err;
> }
>
> + obj->base_btf = base_btf;
> + obj->btf = btf;
> +
> + return 0;
> +
> +out_err:
> + btf__free(base_btf);
> + btf__free(btf);
> + return err;
Can btf__free() safely handle ERR_PTR values here?
When btf__parse() fails on line 541, it returns ERR_PTR(-err), and
libbpf_get_error() extracts the error code, but base_btf still holds
the ERR_PTR value. The error path then calls btf__free(base_btf)
where base_btf is ERR_PTR rather than NULL or a valid pointer.
The same issue occurs if btf__parse_split() fails on line 550, where
btf contains ERR_PTR when btf__free(btf) is called.
In the old code at symbols_resolve(), if base_btf was ERR_PTR, the
function would return -1 immediately without calling btf__free(),
avoiding this issue. The new error handling with goto out_err changes
this behavior.
> +}
> +
> +static int symbols_resolve(struct object *obj)
> +{
> + int nr_typedefs = obj->nr_typedefs;
> + int nr_structs = obj->nr_structs;
> + int nr_unions = obj->nr_unions;
> + int nr_funcs = obj->nr_funcs;
> + struct btf *btf = obj->btf;
> + int err, type_id;
> + __u32 nr_types;
> +
> err = -1;
> nr_types = btf__type_cnt(btf);
[ ... ]
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/19978081551
Powered by blists - more mailing lists