From 78b49c13e994621679591c334a5e6274a59b76f5 Mon Sep 17 00:00:00 2001 From: vdasu Date: Sat, 2 May 2026 19:40:13 -0400 Subject: [PATCH] Fix ringbuf leaks --- examples/c/bootstrap.bpf.c | 6 ++++++ examples/c/profile.bpf.c | 11 +++++++++++ examples/c/sockfilter.bpf.c | 4 ++++ 3 files changed, 21 insertions(+) diff --git a/examples/c/bootstrap.bpf.c b/examples/c/bootstrap.bpf.c index 2963bdab..82886d84 100644 --- a/examples/c/bootstrap.bpf.c +++ b/examples/c/bootstrap.bpf.c @@ -45,6 +45,9 @@ int handle_exec(struct trace_event_raw_sched_process_exec *ctx) if (!e) return 0; + /* zero out buffer to avoid leaking prior record bytes */ + __builtin_memset(e, 0, sizeof(*e)); + /* fill out the sample with data */ task = (struct task_struct *)bpf_get_current_task(); @@ -95,6 +98,9 @@ int handle_exit(struct trace_event_raw_sched_process_template *ctx) if (!e) return 0; + /* zero out buffer to avoid leaking prior record bytes */ + __builtin_memset(e, 0, sizeof(*e)); + /* fill out the sample with data */ task = (struct task_struct *)bpf_get_current_task(); diff --git a/examples/c/profile.bpf.c b/examples/c/profile.bpf.c index bdcc029f..abde1de9 100644 --- a/examples/c/profile.bpf.c +++ b/examples/c/profile.bpf.c @@ -14,6 +14,13 @@ struct { __uint(max_entries, 256 * 1024); } events SEC(".maps"); +/* zero out buffer (manual byte loop, struct is too big for inline memset) */ +static __noinline void zero_buf(void *p, __u64 sz) +{ + for (__u64 i = 0; i < sz; i++) + *(volatile char *)((char *)p + i) = 0; +} + SEC("perf_event") int profile(void *ctx) { @@ -26,6 +33,10 @@ int profile(void *ctx) if (!event) return 1; + /* zero out buffer to avoid leaking prior record bytes (kstack/ustack + * tail past *_sz is only partially written by bpf_get_stack) */ + zero_buf(event, sizeof(*event)); + event->pid = pid; event->cpu_id = cpu_id; diff --git a/examples/c/sockfilter.bpf.c b/examples/c/sockfilter.bpf.c index 0f2f82dc..0a68335e 100644 --- a/examples/c/sockfilter.bpf.c +++ b/examples/c/sockfilter.bpf.c @@ -49,6 +49,10 @@ int socket_handler(struct __sk_buff *skb) if (!e) return 0; + /* zero out buffer to avoid leaking prior record bytes (the GRE + * branch below skips writing src_addr/dst_addr) */ + __builtin_memset(e, 0, sizeof(*e)); + bpf_skb_load_bytes(skb, nhoff + offsetof(struct iphdr, protocol), &e->ip_proto, 1); if (e->ip_proto != IPPROTO_GRE) {