bpftool: Fix control flow graph segfault during edge creation

If the last instruction of a control flow graph building block is a BPF_CALL, an incorrect edge with e->dst set to NULL is created and results in a segfault during graph output. Ensure that BPF_CALL as last instruction of a building block is handled correctly and only generates a single edge unlike actual BPF_JUMP* instructions. Signed-off-by: Christoph Werle <christoph.werle@longjmp.de> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Tested-by: Quentin Monnet <qmo@kernel.org> Reviewed-by: Quentin Monnet <qmo@kernel.org> Link: https://lore.kernel.org/bpf/20250108220937.1470029-1-christoph.werle@longjmp.de
author: Christoph Werle <christoph.werle@longjmp.de> 2025-01-08 23:09:37 +0100
committer: Andrii Nakryiko <andrii@kernel.org> 2025-01-10 14:16:13 -0800
commit: defac894af93cb347fae0520fe8f14ca36f6fe87 (patch)
tree: 9f98091dfacbc596023eb1504557623a647a3852 /tools/bpf
parent: a43796b5201270b258b7a418c41816ec03393ce5 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/tools/bpf/bpftool/cfg.c b/tools/bpf/bpftool/cfg.c
index eec437cca2ea..e3785f9a697d 100644
--- a/tools/bpf/bpftool/cfg.c
+++ b/tools/bpf/bpftool/cfg.c
@@ -302,6 +302,7 @@ static bool func_add_bb_edges(struct func_node *func)
 
 		insn = bb->tail;
 		if (!is_jmp_insn(insn->code) ||
+		    BPF_OP(insn->code) == BPF_CALL ||
 		    BPF_OP(insn->code) == BPF_EXIT) {
 			e->dst = bb_next(bb);
 			e->flags |= EDGE_FLAG_FALLTHROUGH;
author	Christoph Werle <christoph.werle@longjmp.de>	2025-01-08 23:09:37 +0100
committer	Andrii Nakryiko <andrii@kernel.org>	2025-01-10 14:16:13 -0800
commit	defac894af93cb347fae0520fe8f14ca36f6fe87 (patch)
tree	9f98091dfacbc596023eb1504557623a647a3852 /tools/bpf
parent	a43796b5201270b258b7a418c41816ec03393ce5 (diff)