There are currently 6 BPF programs in syscall_tp_kern but the array to hold the corresponding bpf_links in syscall_tp_user only has space for 4 programs, given the array size is hardcoded. This causes the sample program to fail due to an out-of-bound access that corrupts other stack variables: # ./syscall_tp prog #0: map ids 4 5 verify map:4 val: 5 map_lookup failed: Bad file descriptor This patch series aims to solve this issue for now and for the future. It first adds the -fsanitize=bounds flag to make similar bugs more obvious at runtime. It then refactors syscall_tp_user to retrieve the number of programs from the bpf_object and dynamically allocate the array of bpf_links to avoid inconsistencies from hardcoding. Jinghao Jia (3): samples/bpf: Add -fsanitize=bounds to userspace programs samples/bpf: syscall_tp_user: Rename num_progs into nr_tests samples/bpf: syscall_tp_user: Fix array out-of-bound access samples/bpf/Makefile | 1 + samples/bpf/syscall_tp_user.c | 44 ++++++++++++++++++++++++----------- 2 files changed, 31 insertions(+), 14 deletions(-) -- 2.41.0
