lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zv7sISV0yEyGlEM3@krava>
Date: Thu, 3 Oct 2024 21:10:25 +0200
From: Jiri Olsa <olsajiri@...il.com>
To: tyrone-wu <wudevelops@...il.com>
Cc: olsajiri@...il.com, andrii.nakryiko@...il.com, andrii@...nel.org,
	ast@...nel.org, bpf@...r.kernel.org, daniel@...earbox.net,
	eddyz87@...il.com, haoluo@...gle.com, john.fastabend@...il.com,
	kernel-patches-bot@...com, kpsingh@...nel.org, laoar.shao@...il.com,
	linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
	martin.lau@...ux.dev, mykolal@...com, sdf@...ichev.me,
	shuah@...nel.org, song@...nel.org, yonghong.song@...ux.dev
Subject: Re: [PATCH bpf v2] bpf: fix unpopulated name_len field in perf_event
 link info

On Wed, Oct 02, 2024 at 09:38:39PM +0000, tyrone-wu wrote:
> Previously when retrieving `bpf_link_info.perf_event` for
> kprobe/uprobe/tracepoint, the `name_len` field was not populated by the
> kernel, leaving it to reflect the value initially set by the user. This
> behavior was inconsistent with how other input/output string buffer
> fields function (e.g. `raw_tracepoint.tp_name_len`).
> 
> This patch fills `name_len` with the actual size of the string name. The
>  relevant selftests have also been updated to assert that `name_len`
> contains the correct size rather than 0.
> 
> Link: https://lore.kernel.org/bpf/CABVU1kXwQXhqQGe0RTrr7eegtM6SVW_KayZBy16-yb0Snztmtg@mail.gmail.com/
> Fixes: 1b715e1b0ec5 ("bpf: Support ->fill_link_info for perf_event")
> Signed-off-by: tyrone-wu <wudevelops@...il.com>
> ---
> V1 -> V2:
> Link: https://lore.kernel.org/bpf/Zv0wl-S13WJnIkb_@krava/
> - Use user set *ulen in bpf_copy_to_user before overwriting *ulen
> 
>  kernel/bpf/syscall.c                          | 29 +++++++++++++------
>  .../selftests/bpf/prog_tests/fill_link_info.c |  6 ++--
>  2 files changed, 23 insertions(+), 12 deletions(-)
> 
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index a8f1808a1ca5..26cc18693924 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -3565,27 +3565,31 @@ static void bpf_perf_link_dealloc(struct bpf_link *link)
>  }
>  
>  static int bpf_perf_link_fill_common(const struct perf_event *event,
> -				     char __user *uname, u32 ulen,
> +				     char __user *uname, u32 *ulen,
>  				     u64 *probe_offset, u64 *probe_addr,
>  				     u32 *fd_type, unsigned long *missed)
>  {
>  	const char *buf;
>  	u32 prog_id;
> -	size_t len;
> +	size_t len, name_len;

>  	int err;
>  
> -	if (!ulen ^ !uname)
> +	if (!(*ulen) ^ !uname)
>  		return -EINVAL;
>  
>  	err = bpf_get_perf_event_info(event, &prog_id, fd_type, &buf,
>  				      probe_offset, probe_addr, missed);
>  	if (err)
>  		return err;
> +
> +	name_len = *ulen;
> +	len = strlen(buf);
> +	*ulen = len + 1;
>  	if (!uname)
>  		return 0;
> +
>  	if (buf) {
> -		len = strlen(buf);
> -		err = bpf_copy_to_user(uname, buf, ulen, len);
> +		err = bpf_copy_to_user(uname, buf, name_len, len);
>  		if (err)
>  			return err;
>  	} else {

small nit.. up to you but I'd suggest bit different naming like below,
otherwise looks good

Acked-by: Jiri Olsa <jolsa@...nel.org>

thanks,
jirka


---
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index a8f1808a1ca5..b637e9dced5a 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -3565,26 +3565,28 @@ static void bpf_perf_link_dealloc(struct bpf_link *link)
 }
 
 static int bpf_perf_link_fill_common(const struct perf_event *event,
-				     char __user *uname, u32 ulen,
+				     char __user *uname, u32 *ulenp,
 				     u64 *probe_offset, u64 *probe_addr,
 				     u32 *fd_type, unsigned long *missed)
 {
 	const char *buf;
-	u32 prog_id;
+	u32 prog_id, ulen;
 	size_t len;
 	int err;
 
-	if (!ulen ^ !uname)
+	if (!(*ulenp) ^ !uname)
 		return -EINVAL;
 
 	err = bpf_get_perf_event_info(event, &prog_id, fd_type, &buf,
 				      probe_offset, probe_addr, missed);
 	if (err)
 		return err;
+	ulen = *ulenp;
+	len = strlen(buf);
+	*ulenp = len + 1;
 	if (!uname)
 		return 0;
 	if (buf) {
-		len = strlen(buf);
 		err = bpf_copy_to_user(uname, buf, ulen, len);
 		if (err)
 			return err;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ