Re: [PATCH bpf-next] selftests/bpf: Bump and validate MAX_SYMS
From: Stanislav Fomichev
Date: Thu Jul 06 2023 - 13:46:33 EST
On 07/06, Björn Töpel wrote:
> From: Björn Töpel <bjorn@xxxxxxxxxxxx>
>
> BPF tests that load /proc/kallsyms, e.g. bpf_cookie, will perform a
> buffer overrun if the number of syms on the system is larger than
> MAX_SYMS.
>
> Bump the MAX_SYMS to 400000, and add a runtime check that bails out if
> the maximum is reached.
>
> Signed-off-by: Björn Töpel <bjorn@xxxxxxxxxxxx>
Acked-by: Stanislav Fomichev <sdf@xxxxxxxxxx>
OTOH, should be easy to convert this to malloc/realloc? That should fix
it once and for all and avoid future need to bump the limit?
> ---
> tools/testing/selftests/bpf/trace_helpers.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/bpf/trace_helpers.c b/tools/testing/selftests/bpf/trace_helpers.c
> index 9b070cdf44ac..f83d9f65c65b 100644
> --- a/tools/testing/selftests/bpf/trace_helpers.c
> +++ b/tools/testing/selftests/bpf/trace_helpers.c
> @@ -18,7 +18,7 @@
> #define TRACEFS_PIPE "/sys/kernel/tracing/trace_pipe"
> #define DEBUGFS_PIPE "/sys/kernel/debug/tracing/trace_pipe"
>
> -#define MAX_SYMS 300000
> +#define MAX_SYMS 400000
> static struct ksym syms[MAX_SYMS];
> static int sym_cnt;
>
> @@ -46,6 +46,9 @@ int load_kallsyms_refresh(void)
> break;
> if (!addr)
> continue;
> + if (i >= MAX_SYMS)
> + return -EFBIG;
> +
> syms[i].addr = (long) addr;
> syms[i].name = strdup(func);
> i++;
>
> base-commit: fd283ab196a867f8f65f36913e0fadd031fcb823
> --
> 2.39.2
>