Re: NULL pointer deref when running BPF monitor program (6.11.0-rc1)

[Josh Poimboeuf]

On Wed, Oct 09, 2024 at 10:41:42PM +0200, Jiri Olsa wrote:
> > AFAICS we'd need to do roughly:
> >   - for each tracepoint we'd need to interpret one of the functions
> >     where TP_fast_assign macro gets unwinded:
> >       perf_trace_##call
> >       trace_custom_event_raw_event_##call
> >       trace_event_raw_event_##call
> >   - we can't tell at this point which argument is kernel object,
> >     so we'd need to check all arguments (assuming we can get their count)
> >   - store argument info (if it has null check) into some elf tables and
> >     use those later in bpf verifier
> >   - it's all arch specific 
> > 
> > on first look it seems hard and fragile (given it's arch specific)
> > but I might be easily wrong with above.. do you have an idea on how
> > this could work?
> 
> Hi Josh,
> we'd like to have information on which of tracepoint's arguments can be NULL
> 
> Steven had an idea that objtool could help with that by doing something like
> what's described above.. would you have any thoughts on that?

Objtool doesn't know anything about function arguments, I'm not sure how
this could be done unless I'm missing something.

-- 
Josh