| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zv_PP6Gs5cq3W2Ey@krava>
Date: Fri, 4 Oct 2024 13:19:27 +0200
From: Jiri Olsa <olsajiri@...il.com>
To: tyrone-wu <wudevelops@...il.com>
Cc: olsajiri@...il.com, andrii.nakryiko@...il.com, andrii@...nel.org,
ast@...nel.org, bpf@...r.kernel.org, daniel@...earbox.net,
eddyz87@...il.com, haoluo@...gle.com, john.fastabend@...il.com,
kernel-patches-bot@...com, kpsingh@...nel.org, laoar.shao@...il.com,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
martin.lau@...ux.dev, mykolal@...com, sdf@...ichev.me,
shuah@...nel.org, song@...nel.org, yonghong.song@...ux.dev
Subject: Re: [PATCH bpf v3] bpf: fix unpopulated name_len field in perf_event
link info
On Thu, Oct 03, 2024 at 08:23:00PM +0000, tyrone-wu wrote:
> Previously when retrieving `bpf_link_info.perf_event` for
> kprobe/uprobe/tracepoint, the `name_len` field was not populated by the
> kernel, leaving it to reflect the value initially set by the user. This
> behavior was inconsistent with how other input/output string buffer
> fields function (e.g. `raw_tracepoint.tp_name_len`).
>
> This patch fills `name_len` with the actual size of the string name. The
> relevant selftests have also been updated to assert that `name_len`
> contains the correct size rather than 0.
>
> Link: https://lore.kernel.org/bpf/CABVU1kXwQXhqQGe0RTrr7eegtM6SVW_KayZBy16-yb0Snztmtg@mail.gmail.com/
> Fixes: 1b715e1b0ec5 ("bpf: Support ->fill_link_info for perf_event")
> Signed-off-by: tyrone-wu <wudevelops@...il.com>
> ---
> V2 -> V3:
> Link: https://lore.kernel.org/bpf/Zv7sISV0yEyGlEM3@krava/
> - Use clearer variable name for user set/inputted name len (name_len -> input_len)
> - Change (name_len -> input_len) type from size_t to u32 since it's only received and used as u32
looks good, I checked with Daniel and it's better to separate
kernel and selftest changes, so it's easier to get this applied
in stable branches
could you split the change in 2 changes and repost? please keep my ack
thanks,
jirka
>
> V1 -> V2:
> Link: https://lore.kernel.org/bpf/Zv0wl-S13WJnIkb_@krava/
> - Use user set *ulen in bpf_copy_to_user before overwriting *ulen
>
> kernel/bpf/syscall.c | 29 +++++++++++++------
> .../selftests/bpf/prog_tests/fill_link_info.c | 6 ++--
> 2 files changed, 23 insertions(+), 12 deletions(-)
>
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index a8f1808a1ca5..56c556fcf325 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -3565,27 +3565,31 @@ static void bpf_perf_link_dealloc(struct bpf_link *link)
> }
>
> static int bpf_perf_link_fill_common(const struct perf_event *event,
> - char __user *uname, u32 ulen,
> + char __user *uname, u32 *ulen,
> u64 *probe_offset, u64 *probe_addr,
> u32 *fd_type, unsigned long *missed)
> {
> const char *buf;
> - u32 prog_id;
> + u32 prog_id, input_len;
> size_t len;
> int err;
>
> - if (!ulen ^ !uname)
> + if (!(*ulen) ^ !uname)
> return -EINVAL;
>
> err = bpf_get_perf_event_info(event, &prog_id, fd_type, &buf,
> probe_offset, probe_addr, missed);
> if (err)
> return err;
> +
> + input_len = *ulen;
> + len = strlen(buf);
> + *ulen = len + 1;
> if (!uname)
> return 0;
> +
> if (buf) {
> - len = strlen(buf);
> - err = bpf_copy_to_user(uname, buf, ulen, len);
> + err = bpf_copy_to_user(uname, buf, input_len, len);
> if (err)
> return err;
> } else {
> @@ -3609,7 +3613,7 @@ static int bpf_perf_link_fill_kprobe(const struct perf_event *event,
>
> uname = u64_to_user_ptr(info->perf_event.kprobe.func_name);
> ulen = info->perf_event.kprobe.name_len;
> - err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
> + err = bpf_perf_link_fill_common(event, uname, &ulen, &offset, &addr,
> &type, &missed);
> if (err)
> return err;
> @@ -3617,7 +3621,7 @@ static int bpf_perf_link_fill_kprobe(const struct perf_event *event,
> info->perf_event.type = BPF_PERF_EVENT_KRETPROBE;
> else
> info->perf_event.type = BPF_PERF_EVENT_KPROBE;
> -
> + info->perf_event.kprobe.name_len = ulen;
> info->perf_event.kprobe.offset = offset;
> info->perf_event.kprobe.missed = missed;
> if (!kallsyms_show_value(current_cred()))
> @@ -3639,7 +3643,7 @@ static int bpf_perf_link_fill_uprobe(const struct perf_event *event,
>
> uname = u64_to_user_ptr(info->perf_event.uprobe.file_name);
> ulen = info->perf_event.uprobe.name_len;
> - err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
> + err = bpf_perf_link_fill_common(event, uname, &ulen, &offset, &addr,
> &type, NULL);
> if (err)
> return err;
> @@ -3648,6 +3652,7 @@ static int bpf_perf_link_fill_uprobe(const struct perf_event *event,
> info->perf_event.type = BPF_PERF_EVENT_URETPROBE;
> else
> info->perf_event.type = BPF_PERF_EVENT_UPROBE;
> + info->perf_event.uprobe.name_len = ulen;
> info->perf_event.uprobe.offset = offset;
> info->perf_event.uprobe.cookie = event->bpf_cookie;
> return 0;
> @@ -3673,12 +3678,18 @@ static int bpf_perf_link_fill_tracepoint(const struct perf_event *event,
> {
> char __user *uname;
> u32 ulen;
> + int err;
>
> uname = u64_to_user_ptr(info->perf_event.tracepoint.tp_name);
> ulen = info->perf_event.tracepoint.name_len;
> + err = bpf_perf_link_fill_common(event, uname, &ulen, NULL, NULL, NULL, NULL);
> + if (err)
> + return err;
> +
> info->perf_event.type = BPF_PERF_EVENT_TRACEPOINT;
> + info->perf_event.tracepoint.name_len = ulen;
> info->perf_event.tracepoint.cookie = event->bpf_cookie;
> - return bpf_perf_link_fill_common(event, uname, ulen, NULL, NULL, NULL, NULL);
> + return 0;
> }
>
> static int bpf_perf_link_fill_perf_event(const struct perf_event *event,
> diff --git a/tools/testing/selftests/bpf/prog_tests/fill_link_info.c b/tools/testing/selftests/bpf/prog_tests/fill_link_info.c
> index f3932941bbaa..59077f260404 100644
> --- a/tools/testing/selftests/bpf/prog_tests/fill_link_info.c
> +++ b/tools/testing/selftests/bpf/prog_tests/fill_link_info.c
> @@ -67,8 +67,8 @@ static int verify_perf_link_info(int fd, enum bpf_perf_event_type type, long add
>
> ASSERT_EQ(info.perf_event.kprobe.cookie, PERF_EVENT_COOKIE, "kprobe_cookie");
>
> + ASSERT_EQ(info.perf_event.kprobe.name_len, strlen(KPROBE_FUNC) + 1, "name_len");
> if (!info.perf_event.kprobe.func_name) {
> - ASSERT_EQ(info.perf_event.kprobe.name_len, 0, "name_len");
> info.perf_event.kprobe.func_name = ptr_to_u64(&buf);
> info.perf_event.kprobe.name_len = sizeof(buf);
> goto again;
> @@ -79,8 +79,8 @@ static int verify_perf_link_info(int fd, enum bpf_perf_event_type type, long add
> ASSERT_EQ(err, 0, "cmp_kprobe_func_name");
> break;
> case BPF_PERF_EVENT_TRACEPOINT:
> + ASSERT_EQ(info.perf_event.tracepoint.name_len, strlen(TP_NAME) + 1, "name_len");
> if (!info.perf_event.tracepoint.tp_name) {
> - ASSERT_EQ(info.perf_event.tracepoint.name_len, 0, "name_len");
> info.perf_event.tracepoint.tp_name = ptr_to_u64(&buf);
> info.perf_event.tracepoint.name_len = sizeof(buf);
> goto again;
> @@ -96,8 +96,8 @@ static int verify_perf_link_info(int fd, enum bpf_perf_event_type type, long add
> case BPF_PERF_EVENT_URETPROBE:
> ASSERT_EQ(info.perf_event.uprobe.offset, offset, "uprobe_offset");
>
> + ASSERT_EQ(info.perf_event.uprobe.name_len, strlen(UPROBE_FILE) + 1, "name_len");
> if (!info.perf_event.uprobe.file_name) {
> - ASSERT_EQ(info.perf_event.uprobe.name_len, 0, "name_len");
> info.perf_event.uprobe.file_name = ptr_to_u64(&buf);
> info.perf_event.uprobe.name_len = sizeof(buf);
> goto again;
> --
> 2.43.0
>
Powered by blists - more mailing lists