| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEf4BzbnWM9BfQwjQtgwjx+OXBEkejxs2czz3DQbeoCAXPj11g@mail.gmail.com>
Date: Wed, 18 May 2022 16:39:58 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Eugene Syromiatnikov <esyr@...hat.com>
Cc: Jiri Olsa <jolsa@...nel.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Steven Rostedt <rostedt@...dmis.org>,
Ingo Molnar <mingo@...hat.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>,
Shuah Khan <shuah@...nel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>
Subject: Re: [PATCH bpf-next v3 3/4] bpf_trace: handle compat in copy_user_syms
On Tue, May 17, 2022 at 12:36 AM Eugene Syromiatnikov <esyr@...hat.com> wrote:
>
> For compat processes, userspace size for syms pointers is different.
> Provide compat handling for copying array elements from the user space.
>
> Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link")
> Signed-off-by: Eugene Syromiatnikov <esyr@...hat.com>
> ---
> kernel/trace/bpf_trace.c | 20 +++++++++++++++++++-
> 1 file changed, 19 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index a93a54f..9d3028a 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -2253,6 +2253,24 @@ struct user_syms {
> char *buf;
> };
>
> +static inline int get_arr_ptr(unsigned long *p,
> + unsigned long __user *uaddr, u32 idx)
no need for inline, let compiler decide on inlining
> +{
> + if (unlikely(in_compat_syscall())) {
not sure unlikely() is justified for code...
> + compat_uptr_t __user *compat_uaddr = (compat_uptr_t __user *)uaddr;
> + compat_uptr_t val;
> + int err;
> +
> + err = __get_user(val, compat_uaddr + idx);
> + if (!err)
> + *p = val;
> +
> + return err;
> + } else {
> + return __get_user(*p, uaddr + idx);
> + }
> +}
> +
> static int copy_user_syms(struct user_syms *us, unsigned long __user *usyms, u32 cnt)
> {
> unsigned long __user usymbol;
> @@ -2270,7 +2288,7 @@ static int copy_user_syms(struct user_syms *us, unsigned long __user *usyms, u32
> goto error;
>
> for (p = buf, i = 0; i < cnt; i++) {
> - if (__get_user(usymbol, usyms + i)) {
> + if (get_arr_ptr(&usymbol, usyms, i)) {
> err = -EFAULT;
> goto error;
> }
> --
> 2.1.4
>
Powered by blists - more mailing lists