| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bcbfcab2-1a2a-4301-8811-2ebe998d49d3@meta.com>
Date: Fri, 5 Dec 2025 18:18:14 -0500
From: Chris Mason <clm@...a.com>
To: Ihor Solodrai <ihor.solodrai@...ux.dev>, bot+bpf-ci@...nel.org,
ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, eddyz87@...il.com, song@...nel.org,
yonghong.song@...ux.dev, john.fastabend@...il.com, kpsingh@...nel.org,
sdf@...ichev.me, haoluo@...gle.com, jolsa@...nel.org,
akpm@...ux-foundation.org, nathan@...nel.org, nsc@...nel.org,
tj@...nel.org, void@...ifault.com, arighi@...dia.com,
changwoo@...lia.com, shuah@...nel.org, nick.desaulniers+lkml@...il.com,
morbo@...gle.com, justinstitt@...gle.com, alan.maguire@...cle.com,
dolinux.peng@...il.com
Cc: bpf@...r.kernel.org, dwarves@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kbuild@...r.kernel.org, martin.lau@...nel.org
Subject: Re: [PATCH bpf-next v3 2/6] resolve_btfids: Factor out load_btf()
On 12/5/25 6:12 PM, Ihor Solodrai wrote:
> On 12/5/25 2:57 PM, bot+bpf-ci@...nel.org wrote:
>>> diff --git a/tools/bpf/resolve_btfids/main.c b/tools/bpf/resolve_btfids/main.c
>>> index 164f0c941f04..b4caae1170dd 100644
>>> --- a/tools/bpf/resolve_btfids/main.c
>>> +++ b/tools/bpf/resolve_btfids/main.c
>>
>> [ ... ]
>>
>>> @@ -529,16 +532,10 @@ static int symbols_collect(struct object *obj)
>>> return 0;
>>> }
>>>
>>> -static int symbols_resolve(struct object *obj)
>>> +static int load_btf(struct object *obj)
>>> {
>>> - int nr_typedefs = obj->nr_typedefs;
>>> - int nr_structs = obj->nr_structs;
>>> - int nr_unions = obj->nr_unions;
>>> - int nr_funcs = obj->nr_funcs;
>>> - struct btf *base_btf = NULL;
>>> - int err, type_id;
>>> - struct btf *btf;
>>> - __u32 nr_types;
>>> + struct btf *base_btf = NULL, *btf = NULL;
>>> + int err;
>>>
>>> if (obj->base_btf_path) {
>>> base_btf = btf__parse(obj->base_btf_path, NULL);
>>> err = libbpf_get_error(base_btf);
>>> if (err) {
>>> pr_err("FAILED: load base BTF from %s: %s\n",
>>> obj->base_btf_path, strerror(-err));
>>> - return -1;
>>> + goto out_err;
>>> }
>>> }
>>>
>>> btf = btf__parse_split(obj->btf_path ?: obj->path, base_btf);
>>> err = libbpf_get_error(btf);
>>> if (err) {
>>> pr_err("FAILED: load BTF from %s: %s\n",
>>> obj->btf_path ?: obj->path, strerror(-err));
>>> - goto out;
>>> + goto out_err;
>>> }
>>>
>>> + obj->base_btf = base_btf;
>>> + obj->btf = btf;
>>> +
>>> + return 0;
>>> +
>>> +out_err:
>>> + btf__free(base_btf);
>>> + btf__free(btf);
>>> + return err;
>>
>> Can btf__free() safely handle ERR_PTR values here?
>>
>> When btf__parse() fails on line 541, it returns ERR_PTR(-err), and
>> libbpf_get_error() extracts the error code, but base_btf still holds
>> the ERR_PTR value. The error path then calls btf__free(base_btf)
>> where base_btf is ERR_PTR rather than NULL or a valid pointer.
>>
>> The same issue occurs if btf__parse_split() fails on line 550, where
>> btf contains ERR_PTR when btf__free(btf) is called.
>>
>> In the old code at symbols_resolve(), if base_btf was ERR_PTR, the
>> function would return -1 immediately without calling btf__free(),
>> avoiding this issue. The new error handling with goto out_err changes
>> this behavior.
>
> That's a good observation. Interesting that AI noticed this only on
> third try, probably due to changes in prompts.
>
> btf__free() checks for error values [1], so this is not an issue.
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/lib/bpf/btf.c?h=v6.18#n968
>
Hmm, it should have read btf__free() to answer this question on its own.
I'll check a look.
-chris
Powered by blists - more mailing lists