[bpf,0/3] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug

Message

Jinghao Jia Aug. 18, 2023, 4:46 p.m. UTC

There are currently 6 BPF programs in syscall_tp_kern but the array to
hold the corresponding bpf_links in syscall_tp_user only has space for 4
programs, given the array size is hardcoded. This causes the sample
program to fail due to an out-of-bound access that corrupts other stack
variables:

  # ./syscall_tp
  prog #0: map ids 4 5
  verify map:4 val: 5
  map_lookup failed: Bad file descriptor

This patch series aims to solve this issue for now and for the future.
It first adds the -fsanitize=bounds flag to make similar bugs more
obvious at runtime. It then refactors syscall_tp_user to retrieve the
number of programs from the bpf_object and dynamically allocate the
array of bpf_links to avoid inconsistencies from hardcoding.

Jinghao Jia (3):
  samples/bpf: Add -fsanitize=bounds to userspace programs
  samples/bpf: syscall_tp_user: Rename num_progs into nr_tests
  samples/bpf: syscall_tp_user: Fix array out-of-bound access

 samples/bpf/Makefile          |  1 +
 samples/bpf/syscall_tp_user.c | 44 ++++++++++++++++++++++++-----------
 2 files changed, 31 insertions(+), 14 deletions(-)