2020-03-12 16:37 UTC+0100 ~ Daniel Borkmann <daniel@xxxxxxxxxxxxx>
> On 3/12/20 3:03 PM, Quentin Monnet wrote:
>> When compiling bpftool with clang 7, after the addition of its recent
>> "bpftool prog profile" feature, Michal reported a segfault. This
>> occurred while the build process was attempting to generate the
>> skeleton needed for the profiling program, with the following command:
>>
>> ./_bpftool gen skeleton skeleton/profiler.bpf.o > profiler.skel.h
>>
>> Tracing the error showed that bpf_object__init_user_btf_maps() does no
>> verification on obj->btf before passing it to btf__get_nr_types(), where
>> btf is dereferenced. Libbpf considers BTF information should be here
>> because of the presence of a ".maps" section in the object file (hence
>> the check on "obj->efile.btf_maps_shndx < 0" fails and we do not exit
>> from the function early), but it was unable to load BTF info as there is
>> no .BTF section.
>>
>> Add a null pointer check and error out if the pointer is null. The final
>> bpftool executable still fails to build, but at least we have a proper
>> error and no more segfault.
>>
>> Fixes: abd29c931459 ("libbpf: allow specifying map definitions using
>> BTF")
>> Cc: Andrii Nakryiko <andriin@xxxxxx>
>> Reported-by: Michal Rostecki <mrostecki@xxxxxxxxxxxx>
>> Signed-off-by: Quentin Monnet <quentin@xxxxxxxxxxxxx>
>
> Applied to bpf-next, thanks! Note ...
>
>> ---
>> tools/lib/bpf/libbpf.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
>> index 223be01dc466..19c0c40e8a80 100644
>> --- a/tools/lib/bpf/libbpf.c
>> +++ b/tools/lib/bpf/libbpf.c
>> @@ -2140,6 +2140,10 @@ static int
>> bpf_object__init_user_btf_maps(struct bpf_object *obj, bool strict,
>> return -EINVAL;
>> }
>> + if (!obj->btf) {
>> + pr_warn("failed to retrieve BTF for map");
>
> I've added a '\n' here
Sorry about that, thank you Daniel!
Quentin
