lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEf4BzayBd9e5c9fiEPgDKPoRm-E4uB_u__xKcRpXDz18kNnkA@mail.gmail.com>
Date: Thu, 12 Jun 2025 16:27:37 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: Tao Chen <chen.dylane@...ux.dev>, KP Singh <kpsingh@...nel.org>, 
	Matt Bobrowski <mattbobrowski@...gle.com>, Alexei Starovoitov <ast@...nel.org>, 
	Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, 
	Martin KaFai Lau <martin.lau@...ux.dev>, Eduard <eddyz87@...il.com>, Song Liu <song@...nel.org>, 
	Yonghong Song <yonghong.song@...ux.dev>, John Fastabend <john.fastabend@...il.com>, 
	Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, 
	Steven Rostedt <rostedt@...dmis.org>, Masami Hiramatsu <mhiramat@...nel.org>, 
	Mathieu Desnoyers <mathieu.desnoyers@...icios.com>, bpf <bpf@...r.kernel.org>, 
	LKML <linux-kernel@...r.kernel.org>, 
	linux-trace-kernel <linux-trace-kernel@...r.kernel.org>
Subject: Re: [PATCH bpf-next] bpf: clear user buf when bpf_d_path failed

On Thu, Jun 12, 2025 at 2:40 PM Alexei Starovoitov
<alexei.starovoitov@...il.com> wrote:
>
> On Thu, Jun 12, 2025 at 2:29 PM Andrii Nakryiko
> <andrii.nakryiko@...il.com> wrote:
> >
> > On Wed, Jun 11, 2025 at 8:49 AM Tao Chen <chen.dylane@...ux.dev> wrote:
> > >
> > > The bpf_d_path() function may fail. If it does,
> > > clear the user buf, like bpf_probe_read etc.
> > >
> >
> > But that doesn't mean we *have to* do memset(0) for bpf_d_path(),
> > though. Especially given that path buffer can be pretty large (4KB).
> >
> > Is there an issue you are trying to address with this, or is it more
> > of a consistency clean up? Note, that more or less recently we made
> > this zero filling behavior an option with an extra flag
> > (BPF_F_PAD_ZEROS) for newer APIs. And if anything, bpf_d_path() is
> > more akin to variable-sized string probing APIs rather than
> > fixed-sized bpf_probe_read* family.
>
> All old helpers had this BPF_F_PAD_ZEROS behavior
> (or rather should have had).
> So it makes sense to zero in this helper too for consistency.
> I don't share performance concerns. This is an error path.

It's just a bizarre behavior as it stands right now.

On error, you'll have a zeroed out buffer, OK, good so far.

On success, though, you'll have a buffer where first N bytes are
filled out with good path information, but then the last sizeof(buf) -
N bytes would be, effectively, garbage.

All in all, you can't use that buffer as a key for hashmap looking
(because of leftover non-zeroed bytes at the end), yet on error we
still zero out bytes for no apparently useful reason.

And then for the bpf_path_d_path(). What do we do about that one? It
doesn't have zeroing out either in the error path, nor in the success
path. So just more inconsistency all around.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ