Re: [PATCH bpf-next v3] bpf: Clamp trace length in __bpf_get_stack to fix OOB write

Next message: Yue Haibing: "[PATCH net-next] vxlan: Remove unused declarations eth_vni_hash() and fdb_head_index()"
Previous message: Abel Vesa: "Re: [PATCH v2] clk: imx: imx95-blk-ctl: Fix clock leak in error paths"
In reply to: Lecomte, Arnaud: "Re: [PATCH bpf-next v3] bpf: Clamp trace length in __bpf_get_stack to fix OOB write"
Next in thread: Brahmajit Das: "Re: [PATCH bpf-next v3] bpf: Clamp trace length in __bpf_get_stack to fix OOB write"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Brahmajit Das

Date: Wed Nov 12 2025 - 03:59:01 EST

On 12.11.2025 08:40, 'Lecomte, Arnaud' via syzkaller-bugs wrote:
> I am a not sure this is the right solution and I am scared that by
> forcing this clamping, we are hiding something else.
> If we have a look at the code below:
> ```
>
> |
>
> if (trace_in) {
> trace = trace_in;
> trace->nr = min_t(u32, trace->nr, max_depth);
> } else if (kernel && task) {
> trace = get_callchain_entry_for_task(task, max_depth);
> } else {
> trace = get_perf_callchain(regs, kernel, user, max_depth,
> crosstask, false, 0);
> } ``` trace should be (if I remember correctly) clamped there. If not, it
> might hide something else. I would like to have a look at the return for
> each if case through gdb. |

Sure, I can do that.

>
> Thanks,
> Arnaud

--
Regards,
listout