Re: NULL pointer deref when running BPF monitor program (6.11.0-rc1)
From: Jiri Olsa
Date: Thu Oct 10 2024 - 05:05:16 EST
On Wed, Oct 09, 2024 at 08:17:27PM -0700, Josh Poimboeuf wrote:
> On Wed, Oct 09, 2024 at 08:57:50PM -0400, Steven Rostedt wrote:
> > On Wed, 9 Oct 2024 20:56:47 -0400
> > Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
> >
> > > I was thinking if something like objtool (could be something else that can
> > > read the executable code) and know of where functions are. It could just
> > > see if anything tests rdi, rsi, rdx, rcx, r8 or r9 (or their 32 bit
> > > alternatives) for NULL before using or setting it.
> > >
> > > If it does, then we know that one of the arguments could possibly be NULL.
> >
> > Oh, and it only needs to look at functions that are named:
> >
> > trace_event_raw_event_*()
>
> Unfortunately it's not that simple, the args could be moved around to
> other registers. And objtool doesn't have an emulator.
>
> Also it's not clear how that would deal with >6 args, or IS_ERR() as
> Jirka pointed out upthread.
another complication might be that the code in tracepoint's fast assign
can potentially call global function (?), that could do the argument NULL
check and we won't have its code at objtool invocation time
jirka