| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <fb8c16dc-07ee-48bb-a370-0a4931dbba08@linux.dev>
Date: Fri, 5 Dec 2025 15:12:01 -0800
From: Ihor Solodrai <ihor.solodrai@...ux.dev>
To: bot+bpf-ci@...nel.org, ast@...nel.org, daniel@...earbox.net,
andrii@...nel.org, martin.lau@...ux.dev, eddyz87@...il.com, song@...nel.org,
yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org,
sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org,
akpm@...ux-foundation.org, nathan@...nel.org, nsc@...nel.org, tj@...nel.org,
void@...ifault.com, arighi@...dia.com, changwoo@...lia.com,
shuah@...nel.org, nick.desaulniers+lkml@...il.com, morbo@...gle.com,
justinstitt@...gle.com, alan.maguire@...cle.com, dolinux.peng@...il.com
Cc: bpf@...r.kernel.org, dwarves@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org,
martin.lau@...nel.org, clm@...a.com
Subject: Re: [PATCH bpf-next v3 2/6] resolve_btfids: Factor out load_btf()
On 12/5/25 2:57 PM, bot+bpf-ci@...nel.org wrote:
>> diff --git a/tools/bpf/resolve_btfids/main.c b/tools/bpf/resolve_btfids/main.c
>> index 164f0c941f04..b4caae1170dd 100644
>> --- a/tools/bpf/resolve_btfids/main.c
>> +++ b/tools/bpf/resolve_btfids/main.c
>
> [ ... ]
>
>> @@ -529,16 +532,10 @@ static int symbols_collect(struct object *obj)
>> return 0;
>> }
>>
>> -static int symbols_resolve(struct object *obj)
>> +static int load_btf(struct object *obj)
>> {
>> - int nr_typedefs = obj->nr_typedefs;
>> - int nr_structs = obj->nr_structs;
>> - int nr_unions = obj->nr_unions;
>> - int nr_funcs = obj->nr_funcs;
>> - struct btf *base_btf = NULL;
>> - int err, type_id;
>> - struct btf *btf;
>> - __u32 nr_types;
>> + struct btf *base_btf = NULL, *btf = NULL;
>> + int err;
>>
>> if (obj->base_btf_path) {
>> base_btf = btf__parse(obj->base_btf_path, NULL);
>> err = libbpf_get_error(base_btf);
>> if (err) {
>> pr_err("FAILED: load base BTF from %s: %s\n",
>> obj->base_btf_path, strerror(-err));
>> - return -1;
>> + goto out_err;
>> }
>> }
>>
>> btf = btf__parse_split(obj->btf_path ?: obj->path, base_btf);
>> err = libbpf_get_error(btf);
>> if (err) {
>> pr_err("FAILED: load BTF from %s: %s\n",
>> obj->btf_path ?: obj->path, strerror(-err));
>> - goto out;
>> + goto out_err;
>> }
>>
>> + obj->base_btf = base_btf;
>> + obj->btf = btf;
>> +
>> + return 0;
>> +
>> +out_err:
>> + btf__free(base_btf);
>> + btf__free(btf);
>> + return err;
>
> Can btf__free() safely handle ERR_PTR values here?
>
> When btf__parse() fails on line 541, it returns ERR_PTR(-err), and
> libbpf_get_error() extracts the error code, but base_btf still holds
> the ERR_PTR value. The error path then calls btf__free(base_btf)
> where base_btf is ERR_PTR rather than NULL or a valid pointer.
>
> The same issue occurs if btf__parse_split() fails on line 550, where
> btf contains ERR_PTR when btf__free(btf) is called.
>
> In the old code at symbols_resolve(), if base_btf was ERR_PTR, the
> function would return -1 immediately without calling btf__free(),
> avoiding this issue. The new error handling with goto out_err changes
> this behavior.
That's a good observation. Interesting that AI noticed this only on
third try, probably due to changes in prompts.
btf__free() checks for error values [1], so this is not an issue.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/lib/bpf/btf.c?h=v6.18#n968
>
>> +}
>> +
>> +static int symbols_resolve(struct object *obj)
>> +{
>> + int nr_typedefs = obj->nr_typedefs;
>> + int nr_structs = obj->nr_structs;
>> + int nr_unions = obj->nr_unions;
>> + int nr_funcs = obj->nr_funcs;
>> + struct btf *btf = obj->btf;
>> + int err, type_id;
>> + __u32 nr_types;
>> +
>> err = -1;
>> nr_types = btf__type_cnt(btf);
>
> [ ... ]
>
>
> ---
> AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
> See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
>
> CI run summary: https://github.com/kernel-patches/bpf/actions/runs/19978081551
Powered by blists - more mailing lists