fix a segfault caused by passing a non-null buffer to bpf_prog_load #59
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
During error handling bcc will attempt to write the message to the
provided buffer. It checks for a provided buffer either by checking the
log_buf_size parameter or by checking log_buf to see if it's non-null.
Because of the inconsistent checks on bcc's side and the specific
parameters that rust-bcc passes, this is only a problem when the call to
bpf_prog_load returns certain errors.
The flow that causes the segfault looks like this: rust-bcc sets log_level=0,log_size=0
as the initial parameters. bcc will issue the syscall, but upon failure will reissue
the bcc_prog_load_xattr with log_level set to 1. At this point, the same error will be
produced and outputted to a new, temporary buffer (since the provided
log_size is 0). Following this, it will attempt to log to the user provided
buffer as log_level is now > 0, checking to see if the provided buffer
is non-null. As rust-bcc provided a non-null ptr, bcc attempts to write
to a zero buffer which causes a SIGSEGV.
Relevant links:
Checks for log_buf_size:
https://github.com/iovisor/bcc/blob/d147588ebe35b7cd2b4d253a7da18bef253ea78d/src/cc/libbpf.c#L519
Checks for log_buf:
https://github.com/iovisor/bcc/blob/d147588ebe35b7cd2b4d253a7da18bef253ea78d/src/cc/libbpf.c#L641