search

iovisor / bcc

BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
Apache License 2.0
20.36k stars 3.86k forks source link

inject.py: fix BPF verification fails due to register offset #5008

Closed ethercflow closed 3 months ago

ethercflow commented 4 months ago

run ./inject.py kmalloc -v '__x64_sys_mount() gets the error: "math between map_value pointer and register with unbounded min value is not allowed", as the array len is 2:

struct pid_struct {
        u64 curr_call; /* book keeping to handle recursion */
        u64 conds_met; /* stack pointer */
        u64 stack[2];
};

but in __x64_sys_mount_exit

/*
 * Generate exit logic */

if (p->conds_met < 1 || p->conds_met >= 3)
        return 0;

if (p->stack[p->conds_met - 1] == p->curr_call)
        p->conds_met--;

The check for the upper bound of the array is 3.

ethercflow commented 4 months ago

@chenhengqi @yonghong-song PTAL, thanks!