From: Björn Töpel <[email protected]>
BPF tests that load /proc/kallsyms, e.g. bpf_cookie, will perform a
buffer overrun if the number of syms on the system is larger than
MAX_SYMS.
Bump the MAX_SYMS to 400000, and add a runtime check that bails out if
the maximum is reached.
Signed-off-by: Björn Töpel <[email protected]>
---
tools/testing/selftests/bpf/trace_helpers.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/trace_helpers.c b/tools/testing/selftests/bpf/trace_helpers.c
index 9b070cdf44ac..f83d9f65c65b 100644
--- a/tools/testing/selftests/bpf/trace_helpers.c
+++ b/tools/testing/selftests/bpf/trace_helpers.c
@@ -18,7 +18,7 @@
#define TRACEFS_PIPE "/sys/kernel/tracing/trace_pipe"
#define DEBUGFS_PIPE "/sys/kernel/debug/tracing/trace_pipe"
-#define MAX_SYMS 300000
+#define MAX_SYMS 400000
static struct ksym syms[MAX_SYMS];
static int sym_cnt;
@@ -46,6 +46,9 @@ int load_kallsyms_refresh(void)
break;
if (!addr)
continue;
+ if (i >= MAX_SYMS)
+ return -EFBIG;
+
syms[i].addr = (long) addr;
syms[i].name = strdup(func);
i++;
base-commit: fd283ab196a867f8f65f36913e0fadd031fcb823
--
2.39.2
On 07/06, Björn Töpel wrote:
> From: Björn Töpel <[email protected]>
>
> BPF tests that load /proc/kallsyms, e.g. bpf_cookie, will perform a
> buffer overrun if the number of syms on the system is larger than
> MAX_SYMS.
>
> Bump the MAX_SYMS to 400000, and add a runtime check that bails out if
> the maximum is reached.
>
> Signed-off-by: Björn Töpel <[email protected]>
Acked-by: Stanislav Fomichev <[email protected]>
OTOH, should be easy to convert this to malloc/realloc? That should fix
it once and for all and avoid future need to bump the limit?
> ---
> tools/testing/selftests/bpf/trace_helpers.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/bpf/trace_helpers.c b/tools/testing/selftests/bpf/trace_helpers.c
> index 9b070cdf44ac..f83d9f65c65b 100644
> --- a/tools/testing/selftests/bpf/trace_helpers.c
> +++ b/tools/testing/selftests/bpf/trace_helpers.c
> @@ -18,7 +18,7 @@
> #define TRACEFS_PIPE "/sys/kernel/tracing/trace_pipe"
> #define DEBUGFS_PIPE "/sys/kernel/debug/tracing/trace_pipe"
>
> -#define MAX_SYMS 300000
> +#define MAX_SYMS 400000
> static struct ksym syms[MAX_SYMS];
> static int sym_cnt;
>
> @@ -46,6 +46,9 @@ int load_kallsyms_refresh(void)
> break;
> if (!addr)
> continue;
> + if (i >= MAX_SYMS)
> + return -EFBIG;
> +
> syms[i].addr = (long) addr;
> syms[i].name = strdup(func);
> i++;
>
> base-commit: fd283ab196a867f8f65f36913e0fadd031fcb823
> --
> 2.39.2
>
Hello:
This patch was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <[email protected]>:
On Thu, 6 Jul 2023 16:22:28 +0200 you wrote:
> From: Björn Töpel <[email protected]>
>
> BPF tests that load /proc/kallsyms, e.g. bpf_cookie, will perform a
> buffer overrun if the number of syms on the system is larger than
> MAX_SYMS.
>
> Bump the MAX_SYMS to 400000, and add a runtime check that bails out if
> the maximum is reached.
>
> [...]
Here is the summary with links:
- [bpf-next] selftests/bpf: Bump and validate MAX_SYMS
https://git.kernel.org/bpf/bpf-next/c/e76a014334a6
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html