On Mon, Oct 7, 2024 at 9:46 AM I Hsin Cheng <richard120310@xxxxxxxxx> wrote: > > Fix integer overflow issue discovered by coverity scan, where > "bpf_program_fd()" might return a value less than zero. Assignment of > "prog_fd" to "kern_data" will result in integer overflow in that case. Has this been a real issue other than coverity scan? If so, we will need a Fix tag. Also, some logistics. Please be clear which tree this patch targets, and tag the patches with "[PATCH bpf]" or "[PATCH bpf-next]". > Do a pre-check after the program fd is returned, if it's negative we > should ignore this program and move on, or maybe add some error handling > mechanism here. > > Signed-off-by: I Hsin Cheng <richard120310@xxxxxxxxx> > --- > tools/lib/bpf/libbpf.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c > index a3be6f8fac09..95fb5e48e79e 100644 > --- a/tools/lib/bpf/libbpf.c > +++ b/tools/lib/bpf/libbpf.c > @@ -8458,6 +8458,9 @@ static void bpf_map_prepare_vdata(const struct bpf_map *map) > continue; > > prog_fd = bpf_program__fd(prog); > + if (prog_fd < 0) > + continue; > + AFAICT, this only happens with non-NULL obj->gen_loader. So we can achieve the same with something like: diff --git i/tools/lib/bpf/libbpf.c w/tools/lib/bpf/libbpf.c index 712b95e8891b..6756199a942f 100644 --- i/tools/lib/bpf/libbpf.c +++ w/tools/lib/bpf/libbpf.c @@ -8502,6 +8502,8 @@ static int bpf_object_prepare_struct_ops(struct bpf_object *obj) struct bpf_map *map; int i; + if (obj->gen_loader) + return 0; for (i = 0; i < obj->nr_maps; i++) { map = &obj->maps[i]; Thanks, Song