Hi,
I'm getting an "invalid indirect read from stack" when trying to run the
following bcc script:
paul$ cat tmp.py
from bcc import BPF
bpf_text = """
#include <uapi/linux/ptrace.h>
#include <net/sock.h>
#include <bcc/proto.h>
BPF_HASH(currsock, u32, struct sock **);
int trace_entry(struct pt_regs *ctx, struct sock *sk) {
u32 zero = 0;
struct sock **skp = &sk;
currsock.update(&zero, &skp);
return 0;
};
"""
b = BPF(text=bpf_text)
b.load_func("trace_entry", BPF.KPROBE)
paul$ sudo python tmp.py
bpf: Failed to load program: Permission denied
0: (79) r1 = *(u64 *)(r1 +112)
1: (7b) *(u64 *)(r10 -8) = r1
2: (b7) r1 = 0
3: (63) *(u32 *)(r10 -12) = r1
4: (bf) r1 = r10
5: (07) r1 += -8
6: (7b) *(u64 *)(r10 -24) = r1
7: (18) r1 = 0xffff8801ed41b300
9: (bf) r2 = r10
10: (07) r2 += -12
11: (bf) r3 = r10
12: (07) r3 += -24
13: (b7) r4 = 0
14: (85) call 2
invalid indirect read from stack off -24+0 size 8
As far as I can see, that program is valid; the stack offset r10-24 was
initialized on line 6 with the value read from context on line 1. Is this
an error on the verifier's side or am I missing something?
I found the issue on a 4.4 kernel and can reproduce with a 4.16.
Thanks,
Paul
_______________________________________________
iovisor-dev mailing list
[email protected]
https://lists.iovisor.org/mailman/listinfo/iovisor-dev
