[Bug bpf/23875] New: 'stack smashing error' on foreach iteration

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug bpf/23875] New: 'stack smashing error' on foreach iteration

cbiesinger at google dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=23875

            Bug ID: 23875
           Summary: 'stack smashing error' on foreach iteration
           Product: systemtap
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: bpf
          Assignee: systemtap at sourceware dot org
          Reporter: me at serhei dot io
  Target Milestone: ---

global t

probe kernel.function("vfs_read") {
  t["key"] = 6
  exit()
}

probe end {
  c = 0
  foreach (k in t)
    c++
  printf("%d\n", c)
}

Pass 1: parsed user script and 49 library scripts using
120048virt/21872res/8376shr/13356data kb, in 0usr/0sys/7real ms.
Pass 2: analyzed script: 2 probes, 2 functions, 0 embeds, 1 global using
175628virt/78164res/9264shr/68936data kb, in 590usr/20sys/602real ms.
Pass 4: compiled BPF into "stap_12352.bo" in 0usr/0sys/3real ms.
Pass 5: starting run.
1
*** stack smashing detected ***: <unknown> terminated
WARNING: /opt/systemtap/bin/stapbpf exited with signal: 6 (Aborted)
Pass 5: run completed in 0usr/0sys/113real ms.
Pass 5: run failed.  [man error::pass5]

--
You are receiving this mail because:
You are the assignee for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug bpf/23875] support string map keys in foreach iteration

cbiesinger at google dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=23875

Serhei Makarov <me at serhei dot io> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|'stack smashing error' on   |support string map keys in
                   |foreach iteration           |foreach iteration

--- Comment #1 from Serhei Makarov <me at serhei dot io> ---
The foreach loop functionality needs to be extended to support iteration of
string keys.

Current code assumes keys are int64_t, which is what causes the 'stack
smashing' error (attempt to copy 64-byte string into 8-byte stack variable).
There are other problems e.g. potential to infinite-loop, segfault and so
forth.

Wrote testcases to cover the known issues and (for the time being) added commit
0eaf4f196 to cleanly reject foreach loops with string keys in the translator.
Keeping the PR open to track work on foreach string key support.

--
You are receiving this mail because:
You are the assignee for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug bpf/23875] support string map keys in foreach iteration

cbiesinger at google dot com
In reply to this post by cbiesinger at google dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=23875

--- Comment #2 from Serhei Makarov <me at serhei dot io> ---
Have some code for this, but there are regressions I need to fix. The parts
that needed to be changed so far:

- in bpf-translate.cxx, visit_foreach_loop() needs to create correctly sized
stack slots for string keys
- in bpfinterp.cxx, create a separate map_str_keys vector and use the
appropriate vectors depending on type. Some unavoidable code duplication as the
string handling code is similar but not quite the same as the code for ints.

--
You are receiving this mail because:
You are the assignee for the bug.
Reply | Threaded
Open this post in threaded view
|

[Bug bpf/23875] support string map keys in foreach iteration

cbiesinger at google dot com
In reply to this post by cbiesinger at google dot com
https://sourceware.org/bugzilla/show_bug.cgi?id=23875

Serhei Makarov <me at serhei dot io> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Serhei Makarov <me at serhei dot io> ---
should be fixed in commit ceed4889 apart from issues to be fixed in PR23858

--
You are receiving this mail because:
You are the assignee for the bug.