bpftool
bpftool copied to clipboard
libbpf
Smatch: potential NULL pointer dereferencing in prog_dump()
Commit b053b439b72a ("bpf: libbpf: bpftool: Print bpf_line_info
during prog dump") from Dec 7, 2018 (linux-next), leads to the
following Smatch static checker warning:
./tools/bpf/bpftool/prog.c:827 prog_dump()
error: we previously assumed 'ksyms' could be null (see line 793)
tools/bpf/bpftool/prog.c
775 if (info->nr_jited_func_lens && info->jited_func_lens) {
776 struct kernel_sym *sym = NULL;
777 struct bpf_func_info *record;
778 char sym_name[SYM_MAX_NAME];
779 unsigned char *img = buf;
780 __u64 *ksyms = NULL;
781 __u32 *lens;
782 __u32 i;
783 if (info->nr_jited_ksyms) {
784 kernel_syms_load(&dd);
785 ksyms = u64_to_ptr(info->jited_ksyms);
786 }
ksyms is NULL on else path
787
788 if (json_output)
789 jsonw_start_array(json_wtr);
790
791 lens = u64_to_ptr(info->jited_func_lens);
792 for (i = 0; i < info->nr_jited_func_lens; i++) {
793 if (ksyms) {
794 sym = kernel_syms_search(&dd, ksyms[i]);
795 if (sym)
796 sprintf(sym_name, "%s", sym->name);
797 else
798 sprintf(sym_name, "0x%016llx", ksyms[i]);
799 } else {
800 strcpy(sym_name, "unknown");
801 }
802
803 if (func_info) {
804 record = func_info + i * info->func_info_rec_size;
805 btf_dumper_type_only(btf, record->type_id,
806 func_sig,
807 sizeof(func_sig));
808 }
809
810 if (json_output) {
811 jsonw_start_object(json_wtr);
812 if (func_info && func_sig[0] != '\0') {
813 jsonw_name(json_wtr, "proto");
814 jsonw_string(json_wtr, func_sig);
815 }
816 jsonw_name(json_wtr, "name");
817 jsonw_string(json_wtr, sym_name);
818 jsonw_name(json_wtr, "insns");
819 } else {
820 if (func_info && func_sig[0] != '\0')
821 printf("%s:\n", func_sig);
822 printf("%s:\n", sym_name);
823 }
824
825 if (disasm_print_insn(img, lens[i], opcodes,
826 name, disasm_opt, btf,
--> 827 prog_linfo, ksyms[i], i,
^^^^^^^^
Dereferenced
828 linum))
829 goto exit_free;
830
831 img += lens[i];
832
833 if (json_output)
834 jsonw_end_object(json_wtr);
835 else
836 printf("\n");
837 }
838
839 if (json_output)
840 jsonw_end_array(json_wtr);
841 } else {
842 if (disasm_print_insn(buf, member_len, opcodes, name,
843 disasm_opt, btf, NULL, 0, 0,
844 false))
845 goto exit_free;
846 }
https://lore.kernel.org/bpf/[email protected]/
