Re: [RFC 1/4] objtool/klp: add --symvers option to klp diff

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
- [Medium] NULL pointer dereference and crash when the implicitly generated `--no-symvers` option is passed.
- [Medium] The fallback file resolution logic incorrectly concatenates absolute paths to the kernel root directory, resulting in malformed paths and unintended file resolution.
- [Low] Misleading error diagnostics for custom path failures.
--

commit ad4674adedd0ef34b67a931273e6e044219ae8b0
Author: Joe Lawrence <joe.lawrence@redhat.com>

objtool/klp: add --symvers option to klp diff

This commit adds a --symvers (-s) option to klp diff that allows specifying
a custom path to Module.symvers. The change aims to support out-of-tree
module patching by decoupling the tool from the default Module.symvers
location while preserving the existing fallback detection logic.

> diff --git a/tools/objtool/klp-diff.c b/tools/objtool/klp-diff.c
> --- a/tools/objtool/klp-diff.c
> +++ b/tools/objtool/klp-diff.c
[ ... ]
> @@ -46,6 +47,7 @@ static const struct option klp_diff_options[] = {
>  	OPT_BOOLEAN('d', "debug", &debug, "enable all debug output"),
>  	OPT_BOOLEAN(0, "debug-correlate", &debug_correlate, "enable correlation debug output"),
>  	OPT_BOOLEAN(0, "debug-clone", &debug_clone, "enable cloning debug output"),
> +	OPT_STRING('s', "symvers", &symvers_path, "path", "path to Module.symvers (default: Module.symvers)"),

Could this cause a NULL pointer dereference if a user passes --no-symvers?

Since OPT_STRING doesn't include the PARSE_OPT_NONEG flag, the option
parsing machinery will automatically accept --no-symvers and set
symvers_path to NULL. Later in read_exports(), this would result in calling
fopen(NULL, "r").

>  	OPT_END(),
>  };
[ ... ]
> @@ -85,16 +87,15 @@ static char *escape_str(const char *orig)
>  
>  static int read_exports(void)
>  {
> -	const char *symvers = "Module.symvers";
>  	char line[1024], *path = NULL;
>  	unsigned int line_num = 1;
>  	FILE *file;
>  
> -	file = fopen(symvers, "r");
> +	file = fopen(symvers_path, "r");
>  	if (!file) {
> -		path = top_level_dir(symvers);
> +		path = top_level_dir(symvers_path);

What happens here if the user supplies an absolute path like
/build/out-of-tree/Module.symvers that fails the initial fopen()?

It looks like top_level_dir() will unconditionally append the absolute path
to the kernel root directory, resulting in a malformed path like
/path/to/linux//build/out-of-tree/Module.symvers. Is it intentional to
apply the top-level directory fallback to absolute paths?

>  		if (!path) {
> -			ERROR("can't open '%s', \"objtool diff\" should be run from the kernel tree", symvers);
> +			ERROR("can't open '%s', \"objtool diff\" should be run from the kernel tree", symvers_path);

Since the goal of this patch is to enable out-of-tree module patching, does
this error message still make sense when a custom path is provided?

It might be confusing to tell users they must run from the kernel tree when
they explicitly passed an out-of-tree --symvers path.

Additionally, if the fallback fopen() fails later on, the code calls
ERROR_GLIBC("fopen") which prints "fopen: No such file or directory" without
indicating which path failed. Would it be helpful to include the actual file
path in these error diagnostics?

[ ... ]

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260512221102.2720763-1-joe.lawrence@redhat.com?part=1