Re: [PATCH bpf-next 4/6] bpftool: Support 24-bit vlen

[sashiko-bot@kernel.org]

Sashiko AI review found 1 potential issue(s):
- [Medium] Infinite loop in bpftool when dumping BTF enum types with 65536 or more members.
--

commit 0557506c731dab5c8d22900a9797fac53be5f625
Author: Alan Maguire <alan.maguire@oracle.com>

bpftool: Support 24-bit vlen

This commit updates bpftool to handle the new 24-bit BTF vlen by changing
variables and loop counters from 16-bit to 32-bit integers across various
BTF dumping functions.

> diff --git a/tools/bpf/bpftool/btf.c b/tools/bpf/bpftool/btf.c
> index 2e899e9400341..6ef908adf3a4a 100644
> --- a/tools/bpf/bpftool/btf.c
> +++ b/tools/bpf/bpftool/btf.c
[ ... ]
> @@ -225,9 +224,8 @@ static int dump_btf_type(const struct btf *btf, __u32 id,
>  	}
>  	case BTF_KIND_ENUM: {
>  		const struct btf_enum *v = (const void *)(t + 1);
> -		__u16 vlen = BTF_INFO_VLEN(t->info);
> +		__u32 i, vlen = BTF_INFO_VLEN(t->info);
>  		const char *encoding;
> -		int i;

Are there missing updates to btf_dumper_enum() and btf_dumper_enum64() in
tools/bpf/bpftool/btf_dumper.c?

In btf_dumper_enum(), the loop counter i is still declared as a 16-bit
integer:

static int btf_dumper_enum(const struct btf_dumper *d,
			    const struct btf_type *t,
			    const void *data)
{
	const struct btf_enum *enums = btf_enum(t);
	__s64 value;
	__u16 i;
	...
	for (i = 0; i < btf_vlen(t); i++) {
		if (value == enums[i].val) {
	...

If a BTF enum type has 65536 or more members, btf_vlen(t) will return a value
greater than or equal to 65536. The __u16 i counter will overflow to 0 upon
reaching 65536, meaning i < btf_vlen(t) will always remain true.

If the dumped variable's value does not match any of the first 65536 enum
members, will the function loop infinitely instead of falling back to
jsonw_int()?

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260414195019.684531-1-alan.maguire@oracle.com?part=4