There are currently 6 BPF programs in syscall_tp_kern but the array to hold the corresponding bpf_links in syscall_tp_user only has space for 4 programs, given the array size is hardcoded. This causes the sample program to fail due to an out-of-bound access that corrupts other stack variables: # ./syscall_tp prog #0: map ids 4 5 verify map:4 val: 5 map_lookup failed: Bad file descriptor This patch series aims to solve this issue for now and for the future. It first adds the -fsanitize=bounds flag to make similar bugs more obvious at runtime. It then refactors syscall_tp_user to retrieve the number of programs from the bpf_object and dynamically allocate the array of bpf_links to avoid inconsistencies from hardcoding. Changelog: --- v1 -> v2 v1: https://lore.kernel.org/all/20230818164643.97782-1-jinghao@xxxxxxxxxxxxx/ * Address feedback from Daniel * Add missing NULL check for calloc return value. * Remove the extra operation that sets links pointer to NULL after free. Jinghao Jia (3): samples/bpf: Add -fsanitize=bounds to userspace programs samples/bpf: syscall_tp_user: Rename num_progs into nr_tests samples/bpf: syscall_tp_user: Fix array out-of-bound access samples/bpf/Makefile | 1 + samples/bpf/syscall_tp_user.c | 45 ++++++++++++++++++++++++----------- 2 files changed, 32 insertions(+), 14 deletions(-) -- 2.42.0
