| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Aug 2022 17:15:50 -0700
From: Hao Luo <haoluo@...gle.com>
To: Jiri Olsa <olsajiri@...il.com>
Cc: linux-kernel@...r.kernel.org, bpf@...r.kernel.org,
Alexei Starovoitov <ast@...nel.org>,
Andrii Nakryiko <andrii@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>,
KP Singh <kpsingh@...nel.org>,
John Fastabend <john.fastabend@...il.com>,
Stanislav Fomichev <sdf@...gle.com>
Subject: Re: [PATCH bpf-next v1] bpf, iter: clean up bpf_seq_read().
On Tue, Aug 2, 2022 at 4:14 AM Jiri Olsa <olsajiri@...il.com> wrote:
>
> On Mon, Aug 01, 2022 at 01:50:39PM -0700, Hao Luo wrote:
>
> SNIP
>
> > +static int do_seq_show(struct seq_file *seq, void *p, size_t offs)
> > +{
> > + int err;
> > +
> > + WARN_ON(IS_ERR_OR_NULL(p));
> > +
> > + err = seq->op->show(seq, p);
> > + if (err > 0) {
> > + /* object is skipped, decrease seq_num, so next
> > + * valid object can reuse the same seq_num.
> > + */
> > + bpf_iter_dec_seq_num(seq);
> > + seq->count = offs;
> > + return err;
> > + }
> > +
> > + if (err < 0 || seq_has_overflowed(seq)) {
> > + seq->count = offs;
> > + return err ? err : -E2BIG;
> > + }
> > +
> > + /* err == 0 and no overflow */
> > + return 0;
> > +}
> > +
> > +/* do_seq_stop, stops at the given object 'p'. 'p' could be an ERR or NULL. If
> > + * 'p' is an ERR or there was an overflow, reset seq->count to 'offs' and
> > + * returns error. Returns 0 otherwise.
> > + */
> > +static int do_seq_stop(struct seq_file *seq, void *p, size_t offs)
> > +{
> > + if (IS_ERR(p)) {
> > + seq->op->stop(seq, NULL);
> > + seq->count = offs;
>
> should we set seq->count to 0 in case of error?
>
Thanks Jiri. To be honest, I don't know. There are two paths that may
lead to an error "p".
First, seq->op->start() could return ERR, in that case, '"offs'" is
zero and we set it to zero already. This is fine.
The other one, seq->op->next() could return ERR. This is a case where
bpf_seq_read() fails to handle right now, so I am not sure what to do.
Based on my understanding reading the code, if seq->count isn't
zeroed, the current read() will not copy data, but the next read()
will copy data (see the "if (seq->count)" at the beginning of
bpf_seq_read). If seq->count is zeroed, the data in buffer will be
discarded. I don't know what is right.
> jirka
>
> > + return PTR_ERR(p);
> > + }
> > +
> > + seq->op->stop(seq, p);
> > + if (!p) {
> > + if (!seq_has_overflowed(seq)) {
> > + bpf_iter_done_stop(seq);
> > + } else {
> > + seq->count = offs;
> > + if (offs == 0)
> > + return -E2BIG;
> > + }
> > + }
> > + return 0;
> > +}
> > +
> > /* maximum visited objects before bailing out */
> > #define MAX_ITER_OBJECTS 1000000
> >
>
> SNIP
Powered by blists - more mailing lists