Fix ksym buffer overflow on i386

Commit 78074c5 ("info: expose more prog jited info"), which made its way into v0.17.0, resulted in random runc CI failures on i386 (see [1]). In some cases it manifested in a panic or SIGSEGV, and in others we saw a slightly broken JSON, in which the first 4 bytes of a key were replaced with 0xff byte. Changing uintptr (which is 32 bit) back to uint64 fixes the issue for runc. It changes the public API but I see no way around it (and the uintptr cast of uint64 which was there before does not look correct either). Alas, I don't have a good reproducer, nor a unit test. For a rather complicated one, see [1]. [1]: opencontainers/runc#4594 Signed-off-by: Kir Kolyshkin <[email protected]>
cilium · Jan 31, 2025 · 3cfde93 · 3cfde93
1 parent 9f20115
commit 3cfde93
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/info.go b/info.go
@@ -185,7 +185,7 @@ type programJitedInfo struct {
 	// subprograms.
 	//
 	// Available from 4.18.
-	ksyms    []uintptr
+	ksyms    []uint64
 	numKsyms uint32
 
 	// insns holds the JITed machine native instructions of the program,
@@ -344,7 +344,7 @@ func newProgramInfoFromFd(fd *sys.FD) (*ProgramInfo, error) {
 
 	if info.NrJitedKsyms > 0 {
 		pi.jitedInfo.numKsyms = info.NrJitedKsyms
-		pi.jitedInfo.ksyms = make([]uintptr, info.NrJitedKsyms)
+		pi.jitedInfo.ksyms = make([]uint64, info.NrJitedKsyms)
 		info2.JitedKsyms = sys.NewSlicePointer(pi.jitedInfo.ksyms)
 		info2.NrJitedKsyms = info.NrJitedKsyms
 		makeSecondCall = true
@@ -630,7 +630,7 @@ func (pi *ProgramInfo) VerifiedInstructions() (uint32, bool) {
 // programs without subprograms (bpf2bpf calls).
 //
 // The bool return value indicates whether this optional field is available.
-func (pi *ProgramInfo) JitedKsymAddrs() ([]uintptr, bool) {
+func (pi *ProgramInfo) JitedKsymAddrs() ([]uint64, bool) {
 	return pi.jitedInfo.ksyms, len(pi.jitedInfo.ksyms) > 0
 }