On 3/12/20 3:03 PM, Quentin Monnet wrote:
> When compiling bpftool with clang 7, after the addition of its recent
> "bpftool prog profile" feature, Michal reported a segfault. This
> occurred while the build process was attempting to generate the
> skeleton needed for the profiling program, with the following command:
>
> ./_bpftool gen skeleton skeleton/profiler.bpf.o > profiler.skel.h
>
> Tracing the error showed that bpf_object__init_user_btf_maps() does no
> verification on obj->btf before passing it to btf__get_nr_types(), where
> btf is dereferenced. Libbpf considers BTF information should be here
> because of the presence of a ".maps" section in the object file (hence
> the check on "obj->efile.btf_maps_shndx < 0" fails and we do not exit
> from the function early), but it was unable to load BTF info as there is
> no .BTF section.
>
> Add a null pointer check and error out if the pointer is null. The final
> bpftool executable still fails to build, but at least we have a proper
> error and no more segfault.
>
> Fixes: abd29c931459 ("libbpf: allow specifying map definitions using BTF")
> Cc: Andrii Nakryiko <andriin@xxxxxx>
> Reported-by: Michal Rostecki <mrostecki@xxxxxxxxxxxx>
> Signed-off-by: Quentin Monnet <quentin@xxxxxxxxxxxxx>
> ---
> tools/lib/bpf/libbpf.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 223be01dc466..19c0c40e8a80 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -2140,6 +2140,10 @@ static int bpf_object__init_user_btf_maps(struct bpf_object *obj, bool strict,
> return -EINVAL;
> }
>
> + if (!obj->btf) {
> + pr_warn("failed to retrieve BTF for map");
> + return -EINVAL;
> + }
> nr_types = btf__get_nr_types(obj->btf);
> for (i = 1; i <= nr_types; i++) {
> t = btf__type_by_id(obj->btf, i);
>
Tested-by: Michal Rostecki <mrostecki@xxxxxxxxxxxx>
Thanks!
