lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALOAHbAtfbd4KYjMr08o2raUQ6R4YZYSRJHMf3rV6hx7nHRTgQ@mail.gmail.com>
Date: Mon, 7 Oct 2024 10:09:01 +0800
From: Yafang Shao <laoar.shao@...il.com>
To: tyrone-wu <wudevelops@...il.com>
Cc: andrii.nakryiko@...il.com, andrii@...nel.org, ast@...nel.org, 
	bpf@...r.kernel.org, daniel@...earbox.net, eddyz87@...il.com, 
	haoluo@...gle.com, john.fastabend@...il.com, jolsa@...nel.org, 
	kernel-patches-bot@...com, kpsingh@...nel.org, linux-kernel@...r.kernel.org, 
	linux-kselftest@...r.kernel.org, martin.lau@...ux.dev, mykolal@...com, 
	olsajiri@...il.com, sdf@...ichev.me, shuah@...nel.org, song@...nel.org, 
	yonghong.song@...ux.dev
Subject: Re: [PATCH bpf v5 1/2] bpf: fix unpopulated name_len field in
 perf_event link info

On Mon, Oct 7, 2024 at 3:51 AM tyrone-wu <wudevelops@...il.com> wrote:
>
> Previously when retrieving `bpf_link_info.perf_event` for
> kprobe/uprobe/tracepoint, the `name_len` field was not populated by the
> kernel, leaving it to reflect the value initially set by the user. This
> behavior was inconsistent with how other input/output string buffer
> fields function (e.g. `raw_tracepoint.tp_name_len`).
>
> This patch fills `name_len` with the actual size of the string name.
>
> Link: https://lore.kernel.org/bpf/CABVU1kXwQXhqQGe0RTrr7eegtM6SVW_KayZBy16-yb0Snztmtg@mail.gmail.com/
> Fixes: 1b715e1b0ec5 ("bpf: Support ->fill_link_info for perf_event")
> Signed-off-by: tyrone-wu <wudevelops@...il.com>
> Acked-by: Jiri Olsa <jolsa@...nel.org>

LGTM
Acked-by: Yafang Shao <laoar.shao@...il.com>

> ---
> V4 -> V5:
> Link: https://lore.kernel.org/bpf/CALOAHbC5xm7Cbfhau3z5X2PqUhiHECNWAPtJCWiOVqTKmdZp-Q@mail.gmail.com/
> - Check that buf is not NULL before retrieving/using its length
>
> V3 -> V4:
> Link: https://lore.kernel.org/bpf/Zv_PP6Gs5cq3W2Ey@krava/
> - Split patch into separate kernel and selftest change
>
> V2 -> V3:
> Link: https://lore.kernel.org/bpf/Zv7sISV0yEyGlEM3@krava/
> - Use clearer variable name for user set/inputted name len (name_len -> input_len)
> - Change (name_len -> input_len) type from size_t to u32 since it's only received and used as u32
>
> V1 -> V2:
> Link: https://lore.kernel.org/bpf/Zv0wl-S13WJnIkb_@krava/
> - Use user set *ulen in bpf_copy_to_user before overwriting *ulen
>
>  kernel/bpf/syscall.c | 38 ++++++++++++++++++++++++--------------
>  1 file changed, 24 insertions(+), 14 deletions(-)
>
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index a8f1808a1ca5..3df192a6bdcc 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -3565,32 +3565,35 @@ static void bpf_perf_link_dealloc(struct bpf_link *link)
>  }
>
>  static int bpf_perf_link_fill_common(const struct perf_event *event,
> -                                    char __user *uname, u32 ulen,
> +                                    char __user *uname, u32 *ulen,
>                                      u64 *probe_offset, u64 *probe_addr,
>                                      u32 *fd_type, unsigned long *missed)
>  {
>         const char *buf;
> -       u32 prog_id;
> +       u32 prog_id, input_len;
>         size_t len;
>         int err;
>
> -       if (!ulen ^ !uname)
> +       if (!(*ulen) ^ !uname)
>                 return -EINVAL;
>
>         err = bpf_get_perf_event_info(event, &prog_id, fd_type, &buf,
>                                       probe_offset, probe_addr, missed);
>         if (err)
>                 return err;
> -       if (!uname)
> -               return 0;
> +
>         if (buf) {
> +               input_len = *ulen;
>                 len = strlen(buf);
> -               err = bpf_copy_to_user(uname, buf, ulen, len);
> -               if (err)
> -                       return err;
> -       } else {
> -               char zero = '\0';
> +               *ulen = len + 1;
>
> +               if (uname) {
> +                       err = bpf_copy_to_user(uname, buf, input_len, len);
> +                       if (err)
> +                               return err;
> +               }
> +       } else if (uname) {
> +               char zero = '\0';
>                 if (put_user(zero, uname))
>                         return -EFAULT;
>         }
> @@ -3609,7 +3612,7 @@ static int bpf_perf_link_fill_kprobe(const struct perf_event *event,
>
>         uname = u64_to_user_ptr(info->perf_event.kprobe.func_name);
>         ulen = info->perf_event.kprobe.name_len;
> -       err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
> +       err = bpf_perf_link_fill_common(event, uname, &ulen, &offset, &addr,
>                                         &type, &missed);
>         if (err)
>                 return err;
> @@ -3617,7 +3620,7 @@ static int bpf_perf_link_fill_kprobe(const struct perf_event *event,
>                 info->perf_event.type = BPF_PERF_EVENT_KRETPROBE;
>         else
>                 info->perf_event.type = BPF_PERF_EVENT_KPROBE;
> -
> +       info->perf_event.kprobe.name_len = ulen;
>         info->perf_event.kprobe.offset = offset;
>         info->perf_event.kprobe.missed = missed;
>         if (!kallsyms_show_value(current_cred()))
> @@ -3639,7 +3642,7 @@ static int bpf_perf_link_fill_uprobe(const struct perf_event *event,
>
>         uname = u64_to_user_ptr(info->perf_event.uprobe.file_name);
>         ulen = info->perf_event.uprobe.name_len;
> -       err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
> +       err = bpf_perf_link_fill_common(event, uname, &ulen, &offset, &addr,
>                                         &type, NULL);
>         if (err)
>                 return err;
> @@ -3648,6 +3651,7 @@ static int bpf_perf_link_fill_uprobe(const struct perf_event *event,
>                 info->perf_event.type = BPF_PERF_EVENT_URETPROBE;
>         else
>                 info->perf_event.type = BPF_PERF_EVENT_UPROBE;
> +       info->perf_event.uprobe.name_len = ulen;
>         info->perf_event.uprobe.offset = offset;
>         info->perf_event.uprobe.cookie = event->bpf_cookie;
>         return 0;
> @@ -3673,12 +3677,18 @@ static int bpf_perf_link_fill_tracepoint(const struct perf_event *event,
>  {
>         char __user *uname;
>         u32 ulen;
> +       int err;
>
>         uname = u64_to_user_ptr(info->perf_event.tracepoint.tp_name);
>         ulen = info->perf_event.tracepoint.name_len;
> +       err = bpf_perf_link_fill_common(event, uname, &ulen, NULL, NULL, NULL, NULL);
> +       if (err)
> +               return err;
> +
>         info->perf_event.type = BPF_PERF_EVENT_TRACEPOINT;
> +       info->perf_event.tracepoint.name_len = ulen;
>         info->perf_event.tracepoint.cookie = event->bpf_cookie;
> -       return bpf_perf_link_fill_common(event, uname, ulen, NULL, NULL, NULL, NULL);
> +       return 0;
>  }
>
>  static int bpf_perf_link_fill_perf_event(const struct perf_event *event,
> --
> 2.43.0
>


-- 
Regards
Yafang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ