| Summary: | False positive for null key passed to bpf_map_get_next_key syscall. | ||
|---|---|---|---|
| Product: | [Developer tools] valgrind | Reporter: | Ryan Mack <rmack> |
| Component: | memcheck | Assignee: | Paul Floyd <pjfloyd> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | pjfloyd |
| Priority: | NOR | ||
| Version First Reported In: | 3.22.0 | ||
| Target Milestone: | --- | ||
| Platform: | Ubuntu | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: | Self contained reproduction case. | ||
Thanks. Bpf needs some attention. Do you have a small reproducer for this case? Created attachment 176031 [details]
Self contained reproduction case.
Thanks for the quick reply. I'll test the patch and testcase this weekend. Thanks for the patch! commit 75ca7437c97a703b7a729d8694743ddde3762713 (HEAD -> master, origin/master, origin/HEAD) Author: Ryan Mack <rmack@uptycs.com> Date: Sat Nov 23 18:02:21 2024 +0100 Bug 496571 - False positive for null key passed to bpf_map_get_next_key syscall. No regtest added because BPF requires privileges. See the bugzilla item for example usage. |
The BPF function bpf_map_get_next_key takes a null key parameter to get the first key in a map. Valgrind should not warn of an invalid pointer in this case. Locally tested fix: diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c index 177712117..9be77992c 100644 --- a/coregrind/m_syswrap/syswrap-linux.c +++ b/coregrind/m_syswrap/syswrap-linux.c @@ -12993,7 +12993,10 @@ PRE(sys_bpf) } /* Get size of key for this map. */ if (bpf_map_get_sizes(attr->map_fd, &key_size, &value_size)) { - PRE_MEM_READ("bpf(attr->key)", attr->key, key_size); + /* Key is null when getting first entry in map. */ + if (attr->key) { + PRE_MEM_READ("bpf(attr->key)", attr->key, key_size); + } PRE_MEM_WRITE("bpf(attr->next_key)", attr->next_key, key_size); } }