bcc icon indicating copy to clipboard operation
bcc copied to clipboard
verified publisher icon iovisor

inject.py: fix BPF verification fails due to register offset

Open ethercflow opened this issue 1 year ago • 1 comments

run ./inject.py kmalloc -v '__x64_sys_mount() gets the error: "math between map_value pointer and register with unbounded min value is not allowed", as the array len is 2:

struct pid_struct {
        u64 curr_call; /* book keeping to handle recursion */
        u64 conds_met; /* stack pointer */
        u64 stack[2];
};

but in __x64_sys_mount_exit

/*
 * Generate exit logic */

if (p->conds_met < 1 || p->conds_met >= 3)
        return 0;

if (p->stack[p->conds_met - 1] == p->curr_call)
        p->conds_met--;

The check for the upper bound of the array is 3.

ethercflow avatar May 20 '24 11:05 ethercflow

@chenhengqi @yonghong-song PTAL, thanks!

ethercflow avatar May 20 '24 11:05 ethercflow