On Mon, Oct 7, 2024 at 9:46 AM I Hsin Cheng <richard120310@xxxxxxxxx> wrote:
>
> Fix integer overflow issue discovered by coverity scan, where
> "bpf_program_fd()" might return a value less than zero. Assignment of
> "prog_fd" to "kern_data" will result in integer overflow in that case.
Has this been a real issue other than coverity scan? If so, we will need
a Fix tag.
Also, some logistics. Please be clear which tree this patch targets,
and tag the patches with "[PATCH bpf]" or "[PATCH bpf-next]".
> Do a pre-check after the program fd is returned, if it's negative we
> should ignore this program and move on, or maybe add some error handling
> mechanism here.
>
> Signed-off-by: I Hsin Cheng <richard120310@xxxxxxxxx>
> ---
> tools/lib/bpf/libbpf.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index a3be6f8fac09..95fb5e48e79e 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -8458,6 +8458,9 @@ static void bpf_map_prepare_vdata(const struct bpf_map *map)
> continue;
>
> prog_fd = bpf_program__fd(prog);
> + if (prog_fd < 0)
> + continue;
> +
AFAICT, this only happens with non-NULL obj->gen_loader. So we can
achieve the same with something like:
diff --git i/tools/lib/bpf/libbpf.c w/tools/lib/bpf/libbpf.c
index 712b95e8891b..6756199a942f 100644
--- i/tools/lib/bpf/libbpf.c
+++ w/tools/lib/bpf/libbpf.c
@@ -8502,6 +8502,8 @@ static int bpf_object_prepare_struct_ops(struct
bpf_object *obj)
struct bpf_map *map;
int i;
+ if (obj->gen_loader)
+ return 0;
for (i = 0; i < obj->nr_maps; i++) {
map = &obj->maps[i];
Thanks,
Song
