From 8b036cd652e230b03f76132fab41afcf0655ded2 Mon Sep 17 00:00:00 2001 From: Alon Zivony <87267148+AlonZivony@users.noreply.github.com> Date: Mon, 4 Sep 2023 14:18:22 +0300 Subject: [PATCH] Fix(capture): fix verifier issue with elf capture (#3433) Force the verifier to use the right registers for read, avoiding verifier errors about reading of possible negative value with bpf_probe_read. --- pkg/ebpf/c/common/filesystem.h | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/pkg/ebpf/c/common/filesystem.h b/pkg/ebpf/c/common/filesystem.h index e1d8a5c028da..3bf5688a0756 100644 --- a/pkg/ebpf/c/common/filesystem.h +++ b/pkg/ebpf/c/common/filesystem.h @@ -453,18 +453,22 @@ statfunc void fill_file_header(u8 header[FILE_MAGIC_HDR_SIZE], io_data_t io_data { u32 len = (u32) io_data.len; if (io_data.is_buf) { - if (len < FILE_MAGIC_HDR_SIZE) - bpf_probe_read(header, len & FILE_MAGIC_MASK, io_data.ptr); - else - bpf_probe_read(header, FILE_MAGIC_HDR_SIZE, io_data.ptr); + // inline bounds check to force compiler to use the register of len + asm volatile("if %[size] < %[max_size] goto +1;\n" + "%[size] = %[max_size];\n" + : + : [size] "r"(len), [max_size] "i"(FILE_MAGIC_HDR_SIZE)); + bpf_probe_read(header, len, io_data.ptr); } else { struct iovec io_vec; __builtin_memset(&io_vec, 0, sizeof(io_vec)); bpf_probe_read(&io_vec, sizeof(struct iovec), io_data.ptr); - if (len < FILE_MAGIC_HDR_SIZE) - bpf_probe_read(header, len & FILE_MAGIC_MASK, io_vec.iov_base); - else - bpf_probe_read(header, FILE_MAGIC_HDR_SIZE, io_vec.iov_base); + // inline bounds check to force compiler to use the register of len + asm volatile("if %[size] < %[max_size] goto +1;\n" + "%[size] = %[max_size];\n" + : + : [size] "r"(len), [max_size] "i"(FILE_MAGIC_HDR_SIZE)); + bpf_probe_read(header, len, io_vec.iov_base); } }