[DTrace-devel] [PATCH] bpf: use correct loop bound for conf->cpus traversal in cpuinfo map creation
Nick Alcock
nick.alcock at oracle.com
Fri Mar 1 20:45:35 UTC 2024
We were using the wrong bound, causing a buffer overrun on machines with
fewer online CPUs than possible CPUs.
(Add an assertion to verify that there are never more online CPUs
than possible CPUs.)
Orabug: 36356681
Signed-off-by: Nick Alcock <nick.alcock at oracle.com>
---
libdtrace/dt_bpf.c | 5 ++++-
libdtrace/dt_conf.c | 2 ++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/libdtrace/dt_bpf.c b/libdtrace/dt_bpf.c
index 69e41ba7194e9..2ceb9f7ac61cd 100644
--- a/libdtrace/dt_bpf.c
+++ b/libdtrace/dt_bpf.c
@@ -613,10 +613,13 @@ gmap_create_cpuinfo(dtrace_hdl_t *dtp)
int i, rc;
uint32_t key = 0;
dtrace_conf_t *conf = &dtp->dt_conf;
- size_t ncpus = conf->max_cpuid + 1;
+ size_t ncpus = conf->num_online_cpus;
dt_bpf_cpuinfo_t *data;
cpuinfo_t *ci;
+ /*
+ * num_possible_cpus <= num_online_cpus: see dt_conf_init.
+ */
data = dt_calloc(dtp, dtp->dt_conf.num_possible_cpus,
sizeof(dt_bpf_cpuinfo_t));
if (data == NULL)
diff --git a/libdtrace/dt_conf.c b/libdtrace/dt_conf.c
index b1fb46a4ca33d..dff75d77fe35b 100644
--- a/libdtrace/dt_conf.c
+++ b/libdtrace/dt_conf.c
@@ -98,6 +98,8 @@ dt_conf_init(dtrace_hdl_t *dtp)
if (conf->num_online_cpus == 0 || conf->cpus == NULL)
return;
+ assert(conf->num_possible_cpus >= conf->num_online_cpus);
+
conf->max_cpuid = conf->cpus[conf->num_online_cpus - 1].cpu_id;
/* Retrieve the chip ID (physical_package_id) for each CPU. */
--
2.43.0.272.gce700b77fd
More information about the DTrace-devel
mailing list