diff mbox series

[PATCHv3,bpf-next,3/6] bpf: Add link_info support for uprobe multi link

Message ID 20231120145639.3179656-4-jolsa@kernel.org (mailing list archive)
State Superseded
Delegated to: BPF
Headers show
Series bpf: Add link_info support for uprobe multi link | expand

Checks

Context Check Description
bpf/vmtest-bpf-next-PR success PR summary
netdev/series_format success Posting correctly formatted
netdev/codegen success Generated files up to date
netdev/tree_selection success Clearly marked for bpf-next, async
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 2931 this patch: 2931
netdev/cc_maintainers warning 7 maintainers not CCed: kpsingh@kernel.org mhiramat@kernel.org yonghong.song@linux.dev martin.lau@linux.dev linux-trace-kernel@vger.kernel.org rostedt@goodmis.org song@kernel.org
netdev/build_clang success Errors and warnings before: 1298 this patch: 1298
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 3015 this patch: 3015
netdev/checkpatch warning WARNING: line length of 100 exceeds 80 columns WARNING: line length of 101 exceeds 80 columns WARNING: line length of 91 exceeds 80 columns
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-VM_Test-2 success Logs for Validate matrix.py
bpf/vmtest-bpf-next-VM_Test-1 success Logs for ShellCheck
bpf/vmtest-bpf-next-VM_Test-0 success Logs for Lint
bpf/vmtest-bpf-next-VM_Test-3 success Logs for aarch64-gcc / build / build for aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-8 success Logs for aarch64-gcc / veristat
bpf/vmtest-bpf-next-VM_Test-4 success Logs for aarch64-gcc / test (test_maps, false, 360) / test_maps on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-7 success Logs for aarch64-gcc / test (test_verifier, false, 360) / test_verifier on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-6 success Logs for aarch64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-5 success Logs for aarch64-gcc / test (test_progs, false, 360) / test_progs on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-9 success Logs for s390x-gcc / build / build for s390x with gcc
bpf/vmtest-bpf-next-VM_Test-15 success Logs for set-matrix
bpf/vmtest-bpf-next-VM_Test-14 success Logs for s390x-gcc / veristat
bpf/vmtest-bpf-next-VM_Test-17 success Logs for x86_64-gcc / test (test_maps, false, 360) / test_maps on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-16 success Logs for x86_64-gcc / build / build for x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-18 success Logs for x86_64-gcc / test (test_progs, false, 360) / test_progs on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-19 success Logs for x86_64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-20 success Logs for x86_64-gcc / test (test_progs_no_alu32_parallel, true, 30) / test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-21 success Logs for x86_64-gcc / test (test_progs_parallel, true, 30) / test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-22 success Logs for x86_64-gcc / test (test_verifier, false, 360) / test_verifier on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-23 success Logs for x86_64-gcc / veristat / veristat on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-24 success Logs for x86_64-llvm-16 / build / build for x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-25 success Logs for x86_64-llvm-16 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-26 success Logs for x86_64-llvm-16 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-27 success Logs for x86_64-llvm-16 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-28 success Logs for x86_64-llvm-16 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-29 success Logs for x86_64-llvm-16 / veristat
bpf/vmtest-bpf-next-VM_Test-13 success Logs for s390x-gcc / test (test_verifier, false, 360) / test_verifier on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-12 success Logs for s390x-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-10 success Logs for s390x-gcc / test (test_maps, false, 360) / test_maps on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-11 success Logs for s390x-gcc / test (test_progs, false, 360) / test_progs on s390x with gcc

Commit Message

Jiri Olsa Nov. 20, 2023, 2:56 p.m. UTC 
Adding support to get uprobe_link details through bpf_link_info
interface.

Adding new struct uprobe_multi to struct bpf_link_info to carry
the uprobe_multi link details.

The uprobe_multi.count is passed from user space to denote size
of array fields (offsets/ref_ctr_offsets/cookies). The actual
array size is stored back to uprobe_multi.count (allowing user
to find out the actual array size) and array fields are populated
up to the user passed size.

All the non-array fields (path/count/flags/pid) are always set.

Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
 include/uapi/linux/bpf.h       | 10 +++++
 kernel/trace/bpf_trace.c       | 72 ++++++++++++++++++++++++++++++++++
 tools/include/uapi/linux/bpf.h | 10 +++++
 3 files changed, 92 insertions(+)

Comments

Yonghong Song Nov. 20, 2023, 6:04 p.m. UTC | #1 
On 11/20/23 9:56 AM, Jiri Olsa wrote:
> Adding support to get uprobe_link details through bpf_link_info
> interface.
>
> Adding new struct uprobe_multi to struct bpf_link_info to carry
> the uprobe_multi link details.
>
> The uprobe_multi.count is passed from user space to denote size
> of array fields (offsets/ref_ctr_offsets/cookies). The actual
> array size is stored back to uprobe_multi.count (allowing user
> to find out the actual array size) and array fields are populated
> up to the user passed size.
>
> All the non-array fields (path/count/flags/pid) are always set.
>
> Signed-off-by: Jiri Olsa <jolsa@kernel.org>
> ---
>   include/uapi/linux/bpf.h       | 10 +++++
>   kernel/trace/bpf_trace.c       | 72 ++++++++++++++++++++++++++++++++++
>   tools/include/uapi/linux/bpf.h | 10 +++++
>   3 files changed, 92 insertions(+)
>
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index 7a5498242eaa..a63b5eb7f9ec 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -6562,6 +6562,16 @@ struct bpf_link_info {
>   			__u32 flags;
>   			__u64 missed;
>   		} kprobe_multi;
> +		struct {
> +			__aligned_u64 path;
> +			__aligned_u64 offsets;
> +			__aligned_u64 ref_ctr_offsets;
> +			__aligned_u64 cookies;
> +			__u32 path_size; /* in/out: real path size on success */
> +			__u32 count; /* in/out: uprobe_multi offsets/ref_ctr_offsets/cookies count */
> +			__u32 flags;
> +			__u32 pid;
> +		} uprobe_multi;
>   		struct {
>   			__u32 type; /* enum bpf_perf_event_type */
>   			__u32 :32;
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index ad0323f27288..ca453b642819 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -3044,6 +3044,7 @@ struct bpf_uprobe_multi_link {
>   	u32 cnt;
>   	struct bpf_uprobe *uprobes;
>   	struct task_struct *task;
> +	u32 flags;
>   };
>   
>   struct bpf_uprobe_multi_run_ctx {
> @@ -3083,9 +3084,79 @@ static void bpf_uprobe_multi_link_dealloc(struct bpf_link *link)
>   	kfree(umulti_link);
>   }
>   
> +static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link,
> +						struct bpf_link_info *info)
> +{
> +	u64 __user *uref_ctr_offsets = u64_to_user_ptr(info->uprobe_multi.ref_ctr_offsets);
> +	u64 __user *ucookies = u64_to_user_ptr(info->uprobe_multi.cookies);
> +	u64 __user *uoffsets = u64_to_user_ptr(info->uprobe_multi.offsets);
> +	u64 __user *upath = u64_to_user_ptr(info->uprobe_multi.path);
> +	u32 upath_size = info->uprobe_multi.path_size;
> +	struct bpf_uprobe_multi_link *umulti_link;
> +	u32 ucount = info->uprobe_multi.count;
> +	int err = 0, i;
> +	long left;
> +
> +	if (!upath ^ !upath_size)
> +		return -EINVAL;
> +
> +	if ((uoffsets || uref_ctr_offsets || ucookies) && !ucount)
> +		return -EINVAL;
> +
> +	umulti_link = container_of(link, struct bpf_uprobe_multi_link, link);
> +	info->uprobe_multi.count = umulti_link->cnt;
> +	info->uprobe_multi.flags = umulti_link->flags;
> +	info->uprobe_multi.pid = umulti_link->task ?
> +				 task_pid_nr_ns(umulti_link->task, task_active_pid_ns(current)) : 0;
> +
> +	if (upath) {
> +		char *p, *buf;
> +
> +		upath_size = min_t(u32, upath_size, PATH_MAX);
> +
> +		buf = kmalloc(upath_size, GFP_KERNEL);
> +		if (!buf)
> +			return -ENOMEM;
> +		p = d_path(&umulti_link->path, buf, upath_size);
> +		if (IS_ERR(p)) {
> +			kfree(buf);
> +			return -ENOSPC;

Should we just return PTR_ERR(p)? In d_path, it is possible that
-ENAMETOOLONG is returned. But path->dentry->d_op->d_dname() might
return a different error reason than  -ENAMETOOLONG or -ENOSPC?

> +		}
> +		upath_size = buf + upath_size - p;
> +		left = copy_to_user(upath, p, upath_size);

Here, the data copied to user may contain more than
actual path itself. I am okay with this since this
is not in critical path. But early buf allocation is using
kmalloc whose content could be arbitrary. Should we
use kzalloc for the above 'buf' allocation?


> +		kfree(buf);
> +		if (left)
> +			return -EFAULT;
> +		info->uprobe_multi.path_size = upath_size - 1 /* NULL */;
> +	}
> +
> +	if (!uoffsets && !ucookies && !uref_ctr_offsets)
> +		return 0;
> +
> +	if (ucount < umulti_link->cnt)
> +		err = -ENOSPC;
> +	else
> +		ucount = umulti_link->cnt;
> +
> +	for (i = 0; i < ucount; i++) {
> +		if (uoffsets &&
> +		    put_user(umulti_link->uprobes[i].offset, uoffsets + i))
> +			return -EFAULT;
> +		if (uref_ctr_offsets &&
> +		    put_user(umulti_link->uprobes[i].ref_ctr_offset, uref_ctr_offsets + i))
> +			return -EFAULT;
> +		if (ucookies &&
> +		    put_user(umulti_link->uprobes[i].cookie, ucookies + i))
> +			return -EFAULT;
> +	}
> +
> +	return err;
> +}
> +
>   [...]
Andrii Nakryiko Nov. 21, 2023, 6:41 p.m. UTC | #2 
On Mon, Nov 20, 2023 at 6:57 AM Jiri Olsa <jolsa@kernel.org> wrote:
>
> Adding support to get uprobe_link details through bpf_link_info
> interface.
>
> Adding new struct uprobe_multi to struct bpf_link_info to carry
> the uprobe_multi link details.
>
> The uprobe_multi.count is passed from user space to denote size
> of array fields (offsets/ref_ctr_offsets/cookies). The actual
> array size is stored back to uprobe_multi.count (allowing user
> to find out the actual array size) and array fields are populated
> up to the user passed size.
>
> All the non-array fields (path/count/flags/pid) are always set.
>
> Signed-off-by: Jiri Olsa <jolsa@kernel.org>
> ---
>  include/uapi/linux/bpf.h       | 10 +++++
>  kernel/trace/bpf_trace.c       | 72 ++++++++++++++++++++++++++++++++++
>  tools/include/uapi/linux/bpf.h | 10 +++++
>  3 files changed, 92 insertions(+)
>
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index 7a5498242eaa..a63b5eb7f9ec 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -6562,6 +6562,16 @@ struct bpf_link_info {
>                         __u32 flags;
>                         __u64 missed;
>                 } kprobe_multi;
> +               struct {
> +                       __aligned_u64 path;
> +                       __aligned_u64 offsets;
> +                       __aligned_u64 ref_ctr_offsets;
> +                       __aligned_u64 cookies;
> +                       __u32 path_size; /* in/out: real path size on success */
> +                       __u32 count; /* in/out: uprobe_multi offsets/ref_ctr_offsets/cookies count */
> +                       __u32 flags;
> +                       __u32 pid;
> +               } uprobe_multi;
>                 struct {
>                         __u32 type; /* enum bpf_perf_event_type */
>                         __u32 :32;
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index ad0323f27288..ca453b642819 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -3044,6 +3044,7 @@ struct bpf_uprobe_multi_link {
>         u32 cnt;
>         struct bpf_uprobe *uprobes;
>         struct task_struct *task;
> +       u32 flags;

this fits better after cnt to avoid increasing the size of
bpf_uprobe_multi_link, please it move up

>  };
>
>  struct bpf_uprobe_multi_run_ctx {
> @@ -3083,9 +3084,79 @@ static void bpf_uprobe_multi_link_dealloc(struct bpf_link *link)
>         kfree(umulti_link);
>  }
>
> +static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link,
> +                                               struct bpf_link_info *info)
> +{
> +       u64 __user *uref_ctr_offsets = u64_to_user_ptr(info->uprobe_multi.ref_ctr_offsets);
> +       u64 __user *ucookies = u64_to_user_ptr(info->uprobe_multi.cookies);
> +       u64 __user *uoffsets = u64_to_user_ptr(info->uprobe_multi.offsets);
> +       u64 __user *upath = u64_to_user_ptr(info->uprobe_multi.path);
> +       u32 upath_size = info->uprobe_multi.path_size;
> +       struct bpf_uprobe_multi_link *umulti_link;
> +       u32 ucount = info->uprobe_multi.count;
> +       int err = 0, i;
> +       long left;
> +
> +       if (!upath ^ !upath_size)
> +               return -EINVAL;
> +
> +       if ((uoffsets || uref_ctr_offsets || ucookies) && !ucount)
> +               return -EINVAL;
> +
> +       umulti_link = container_of(link, struct bpf_uprobe_multi_link, link);
> +       info->uprobe_multi.count = umulti_link->cnt;
> +       info->uprobe_multi.flags = umulti_link->flags;
> +       info->uprobe_multi.pid = umulti_link->task ?
> +                                task_pid_nr_ns(umulti_link->task, task_active_pid_ns(current)) : 0;
> +
> +       if (upath) {
> +               char *p, *buf;
> +
> +               upath_size = min_t(u32, upath_size, PATH_MAX);
> +
> +               buf = kmalloc(upath_size, GFP_KERNEL);
> +               if (!buf)
> +                       return -ENOMEM;
> +               p = d_path(&umulti_link->path, buf, upath_size);
> +               if (IS_ERR(p)) {
> +                       kfree(buf);
> +                       return -ENOSPC;
> +               }
> +               upath_size = buf + upath_size - p;
> +               left = copy_to_user(upath, p, upath_size);
> +               kfree(buf);
> +               if (left)
> +                       return -EFAULT;
> +               info->uprobe_multi.path_size = upath_size - 1 /* NULL */;

why subtract zero terminating byte? I think we should drop this -1 and
return filled out buffer content size, including zero terminator.


> +       }
> +
> +       if (!uoffsets && !ucookies && !uref_ctr_offsets)
> +               return 0;
> +
> +       if (ucount < umulti_link->cnt)
> +               err = -ENOSPC;
> +       else
> +               ucount = umulti_link->cnt;
> +
> +       for (i = 0; i < ucount; i++) {
> +               if (uoffsets &&
> +                   put_user(umulti_link->uprobes[i].offset, uoffsets + i))
> +                       return -EFAULT;
> +               if (uref_ctr_offsets &&
> +                   put_user(umulti_link->uprobes[i].ref_ctr_offset, uref_ctr_offsets + i))
> +                       return -EFAULT;
> +               if (ucookies &&
> +                   put_user(umulti_link->uprobes[i].cookie, ucookies + i))
> +                       return -EFAULT;
> +       }
> +
> +       return err;
> +}
> +
>  static const struct bpf_link_ops bpf_uprobe_multi_link_lops = {
>         .release = bpf_uprobe_multi_link_release,
>         .dealloc = bpf_uprobe_multi_link_dealloc,
> +       .fill_link_info = bpf_uprobe_multi_link_fill_link_info,
>  };
>
>  static int uprobe_prog_run(struct bpf_uprobe *uprobe,
> @@ -3274,6 +3345,7 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
>         link->uprobes = uprobes;
>         link->path = path;
>         link->task = task;
> +       link->flags = flags;
>
>         bpf_link_init(&link->link, BPF_LINK_TYPE_UPROBE_MULTI,
>                       &bpf_uprobe_multi_link_lops, prog);
> diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> index 7a5498242eaa..a63b5eb7f9ec 100644
> --- a/tools/include/uapi/linux/bpf.h
> +++ b/tools/include/uapi/linux/bpf.h
> @@ -6562,6 +6562,16 @@ struct bpf_link_info {
>                         __u32 flags;
>                         __u64 missed;
>                 } kprobe_multi;
> +               struct {
> +                       __aligned_u64 path;
> +                       __aligned_u64 offsets;
> +                       __aligned_u64 ref_ctr_offsets;
> +                       __aligned_u64 cookies;
> +                       __u32 path_size; /* in/out: real path size on success */
> +                       __u32 count; /* in/out: uprobe_multi offsets/ref_ctr_offsets/cookies count */
> +                       __u32 flags;
> +                       __u32 pid;
> +               } uprobe_multi;
>                 struct {
>                         __u32 type; /* enum bpf_perf_event_type */
>                         __u32 :32;
> --
> 2.42.0
>
Jiri Olsa Nov. 22, 2023, 1:48 p.m. UTC | #3 
On Tue, Nov 21, 2023 at 10:41:24AM -0800, Andrii Nakryiko wrote:
> On Mon, Nov 20, 2023 at 6:57 AM Jiri Olsa <jolsa@kernel.org> wrote:
> >
> > Adding support to get uprobe_link details through bpf_link_info
> > interface.
> >
> > Adding new struct uprobe_multi to struct bpf_link_info to carry
> > the uprobe_multi link details.
> >
> > The uprobe_multi.count is passed from user space to denote size
> > of array fields (offsets/ref_ctr_offsets/cookies). The actual
> > array size is stored back to uprobe_multi.count (allowing user
> > to find out the actual array size) and array fields are populated
> > up to the user passed size.
> >
> > All the non-array fields (path/count/flags/pid) are always set.
> >
> > Signed-off-by: Jiri Olsa <jolsa@kernel.org>
> > ---
> >  include/uapi/linux/bpf.h       | 10 +++++
> >  kernel/trace/bpf_trace.c       | 72 ++++++++++++++++++++++++++++++++++
> >  tools/include/uapi/linux/bpf.h | 10 +++++
> >  3 files changed, 92 insertions(+)
> >
> > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> > index 7a5498242eaa..a63b5eb7f9ec 100644
> > --- a/include/uapi/linux/bpf.h
> > +++ b/include/uapi/linux/bpf.h
> > @@ -6562,6 +6562,16 @@ struct bpf_link_info {
> >                         __u32 flags;
> >                         __u64 missed;
> >                 } kprobe_multi;
> > +               struct {
> > +                       __aligned_u64 path;
> > +                       __aligned_u64 offsets;
> > +                       __aligned_u64 ref_ctr_offsets;
> > +                       __aligned_u64 cookies;
> > +                       __u32 path_size; /* in/out: real path size on success */
> > +                       __u32 count; /* in/out: uprobe_multi offsets/ref_ctr_offsets/cookies count */
> > +                       __u32 flags;
> > +                       __u32 pid;
> > +               } uprobe_multi;
> >                 struct {
> >                         __u32 type; /* enum bpf_perf_event_type */
> >                         __u32 :32;
> > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> > index ad0323f27288..ca453b642819 100644
> > --- a/kernel/trace/bpf_trace.c
> > +++ b/kernel/trace/bpf_trace.c
> > @@ -3044,6 +3044,7 @@ struct bpf_uprobe_multi_link {
> >         u32 cnt;
> >         struct bpf_uprobe *uprobes;
> >         struct task_struct *task;
> > +       u32 flags;
> 
> this fits better after cnt to avoid increasing the size of
> bpf_uprobe_multi_link, please it move up

ok

> 
> >  };
> >
> >  struct bpf_uprobe_multi_run_ctx {
> > @@ -3083,9 +3084,79 @@ static void bpf_uprobe_multi_link_dealloc(struct bpf_link *link)
> >         kfree(umulti_link);
> >  }
> >
> > +static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link,
> > +                                               struct bpf_link_info *info)
> > +{
> > +       u64 __user *uref_ctr_offsets = u64_to_user_ptr(info->uprobe_multi.ref_ctr_offsets);
> > +       u64 __user *ucookies = u64_to_user_ptr(info->uprobe_multi.cookies);
> > +       u64 __user *uoffsets = u64_to_user_ptr(info->uprobe_multi.offsets);
> > +       u64 __user *upath = u64_to_user_ptr(info->uprobe_multi.path);
> > +       u32 upath_size = info->uprobe_multi.path_size;
> > +       struct bpf_uprobe_multi_link *umulti_link;
> > +       u32 ucount = info->uprobe_multi.count;
> > +       int err = 0, i;
> > +       long left;
> > +
> > +       if (!upath ^ !upath_size)
> > +               return -EINVAL;
> > +
> > +       if ((uoffsets || uref_ctr_offsets || ucookies) && !ucount)
> > +               return -EINVAL;
> > +
> > +       umulti_link = container_of(link, struct bpf_uprobe_multi_link, link);
> > +       info->uprobe_multi.count = umulti_link->cnt;
> > +       info->uprobe_multi.flags = umulti_link->flags;
> > +       info->uprobe_multi.pid = umulti_link->task ?
> > +                                task_pid_nr_ns(umulti_link->task, task_active_pid_ns(current)) : 0;
> > +
> > +       if (upath) {
> > +               char *p, *buf;
> > +
> > +               upath_size = min_t(u32, upath_size, PATH_MAX);
> > +
> > +               buf = kmalloc(upath_size, GFP_KERNEL);
> > +               if (!buf)
> > +                       return -ENOMEM;
> > +               p = d_path(&umulti_link->path, buf, upath_size);
> > +               if (IS_ERR(p)) {
> > +                       kfree(buf);
> > +                       return -ENOSPC;
> > +               }
> > +               upath_size = buf + upath_size - p;
> > +               left = copy_to_user(upath, p, upath_size);
> > +               kfree(buf);
> > +               if (left)
> > +                       return -EFAULT;
> > +               info->uprobe_multi.path_size = upath_size - 1 /* NULL */;
> 
> why subtract zero terminating byte? I think we should drop this -1 and
> return filled out buffer content size, including zero terminator.

I wanted to return the same as strlen would:

       The strlen() function calculates the length of the string pointed to by s, excluding the terminating null byte ('\0').

either way works for me, but perhaps we should document it in the uapi header

jirka
Jiri Olsa Nov. 22, 2023, 9:50 p.m. UTC | #4 
On Mon, Nov 20, 2023 at 10:04:16AM -0800, Yonghong Song wrote:

SNIP

> > +static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link,
> > +						struct bpf_link_info *info)
> > +{
> > +	u64 __user *uref_ctr_offsets = u64_to_user_ptr(info->uprobe_multi.ref_ctr_offsets);
> > +	u64 __user *ucookies = u64_to_user_ptr(info->uprobe_multi.cookies);
> > +	u64 __user *uoffsets = u64_to_user_ptr(info->uprobe_multi.offsets);
> > +	u64 __user *upath = u64_to_user_ptr(info->uprobe_multi.path);
> > +	u32 upath_size = info->uprobe_multi.path_size;
> > +	struct bpf_uprobe_multi_link *umulti_link;
> > +	u32 ucount = info->uprobe_multi.count;
> > +	int err = 0, i;
> > +	long left;
> > +
> > +	if (!upath ^ !upath_size)
> > +		return -EINVAL;
> > +
> > +	if ((uoffsets || uref_ctr_offsets || ucookies) && !ucount)
> > +		return -EINVAL;
> > +
> > +	umulti_link = container_of(link, struct bpf_uprobe_multi_link, link);
> > +	info->uprobe_multi.count = umulti_link->cnt;
> > +	info->uprobe_multi.flags = umulti_link->flags;
> > +	info->uprobe_multi.pid = umulti_link->task ?
> > +				 task_pid_nr_ns(umulti_link->task, task_active_pid_ns(current)) : 0;
> > +
> > +	if (upath) {
> > +		char *p, *buf;
> > +
> > +		upath_size = min_t(u32, upath_size, PATH_MAX);
> > +
> > +		buf = kmalloc(upath_size, GFP_KERNEL);
> > +		if (!buf)
> > +			return -ENOMEM;
> > +		p = d_path(&umulti_link->path, buf, upath_size);
> > +		if (IS_ERR(p)) {
> > +			kfree(buf);
> > +			return -ENOSPC;
> 
> Should we just return PTR_ERR(p)? In d_path, it is possible that
> -ENAMETOOLONG is returned. But path->dentry->d_op->d_dname() might
> return a different error reason than  -ENAMETOOLONG or -ENOSPC?

true, will change

> 
> > +		}
> > +		upath_size = buf + upath_size - p;
> > +		left = copy_to_user(upath, p, upath_size);
> 
> Here, the data copied to user may contain more than
> actual path itself. I am okay with this since this
> is not in critical path. But early buf allocation is using
> kmalloc whose content could be arbitrary. Should we
> use kzalloc for the above 'buf' allocation?

good catch, will use kzalloc

thanks,
jirka
Jiri Olsa Nov. 23, 2023, 9:20 a.m. UTC | #5 
On Wed, Nov 22, 2023 at 10:50:06PM +0100, Jiri Olsa wrote:
> On Mon, Nov 20, 2023 at 10:04:16AM -0800, Yonghong Song wrote:
> 
> SNIP
> 
> > > +static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link,
> > > +						struct bpf_link_info *info)
> > > +{
> > > +	u64 __user *uref_ctr_offsets = u64_to_user_ptr(info->uprobe_multi.ref_ctr_offsets);
> > > +	u64 __user *ucookies = u64_to_user_ptr(info->uprobe_multi.cookies);
> > > +	u64 __user *uoffsets = u64_to_user_ptr(info->uprobe_multi.offsets);
> > > +	u64 __user *upath = u64_to_user_ptr(info->uprobe_multi.path);
> > > +	u32 upath_size = info->uprobe_multi.path_size;
> > > +	struct bpf_uprobe_multi_link *umulti_link;
> > > +	u32 ucount = info->uprobe_multi.count;
> > > +	int err = 0, i;
> > > +	long left;
> > > +
> > > +	if (!upath ^ !upath_size)
> > > +		return -EINVAL;
> > > +
> > > +	if ((uoffsets || uref_ctr_offsets || ucookies) && !ucount)
> > > +		return -EINVAL;
> > > +
> > > +	umulti_link = container_of(link, struct bpf_uprobe_multi_link, link);
> > > +	info->uprobe_multi.count = umulti_link->cnt;
> > > +	info->uprobe_multi.flags = umulti_link->flags;
> > > +	info->uprobe_multi.pid = umulti_link->task ?
> > > +				 task_pid_nr_ns(umulti_link->task, task_active_pid_ns(current)) : 0;
> > > +
> > > +	if (upath) {
> > > +		char *p, *buf;
> > > +
> > > +		upath_size = min_t(u32, upath_size, PATH_MAX);
> > > +
> > > +		buf = kmalloc(upath_size, GFP_KERNEL);
> > > +		if (!buf)
> > > +			return -ENOMEM;
> > > +		p = d_path(&umulti_link->path, buf, upath_size);
> > > +		if (IS_ERR(p)) {
> > > +			kfree(buf);
> > > +			return -ENOSPC;
> > 
> > Should we just return PTR_ERR(p)? In d_path, it is possible that
> > -ENAMETOOLONG is returned. But path->dentry->d_op->d_dname() might
> > return a different error reason than  -ENAMETOOLONG or -ENOSPC?
> 
> true, will change
> 
> > 
> > > +		}
> > > +		upath_size = buf + upath_size - p;
> > > +		left = copy_to_user(upath, p, upath_size);
> > 
> > Here, the data copied to user may contain more than
> > actual path itself. I am okay with this since this
> > is not in critical path. But early buf allocation is using
> > kmalloc whose content could be arbitrary. Should we
> > use kzalloc for the above 'buf' allocation?
> 
> good catch, will use kzalloc

hum, actually.. after checking d_path IIUC it copies into the end of buffer,
so I can't see this code copying more data to user buffer

jirka
Yonghong Song Nov. 23, 2023, 6:26 p.m. UTC | #6 
On 11/23/23 4:20 AM, Jiri Olsa wrote:
> On Wed, Nov 22, 2023 at 10:50:06PM +0100, Jiri Olsa wrote:
>> On Mon, Nov 20, 2023 at 10:04:16AM -0800, Yonghong Song wrote:
>>
>> SNIP
>>
>>>> +static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link,
>>>> +						struct bpf_link_info *info)
>>>> +{
>>>> +	u64 __user *uref_ctr_offsets = u64_to_user_ptr(info->uprobe_multi.ref_ctr_offsets);
>>>> +	u64 __user *ucookies = u64_to_user_ptr(info->uprobe_multi.cookies);
>>>> +	u64 __user *uoffsets = u64_to_user_ptr(info->uprobe_multi.offsets);
>>>> +	u64 __user *upath = u64_to_user_ptr(info->uprobe_multi.path);
>>>> +	u32 upath_size = info->uprobe_multi.path_size;
>>>> +	struct bpf_uprobe_multi_link *umulti_link;
>>>> +	u32 ucount = info->uprobe_multi.count;
>>>> +	int err = 0, i;
>>>> +	long left;
>>>> +
>>>> +	if (!upath ^ !upath_size)
>>>> +		return -EINVAL;
>>>> +
>>>> +	if ((uoffsets || uref_ctr_offsets || ucookies) && !ucount)
>>>> +		return -EINVAL;
>>>> +
>>>> +	umulti_link = container_of(link, struct bpf_uprobe_multi_link, link);
>>>> +	info->uprobe_multi.count = umulti_link->cnt;
>>>> +	info->uprobe_multi.flags = umulti_link->flags;
>>>> +	info->uprobe_multi.pid = umulti_link->task ?
>>>> +				 task_pid_nr_ns(umulti_link->task, task_active_pid_ns(current)) : 0;
>>>> +
>>>> +	if (upath) {
>>>> +		char *p, *buf;
>>>> +
>>>> +		upath_size = min_t(u32, upath_size, PATH_MAX);
>>>> +
>>>> +		buf = kmalloc(upath_size, GFP_KERNEL);
>>>> +		if (!buf)
>>>> +			return -ENOMEM;
>>>> +		p = d_path(&umulti_link->path, buf, upath_size);
>>>> +		if (IS_ERR(p)) {
>>>> +			kfree(buf);
>>>> +			return -ENOSPC;
>>> Should we just return PTR_ERR(p)? In d_path, it is possible that
>>> -ENAMETOOLONG is returned. But path->dentry->d_op->d_dname() might
>>> return a different error reason than  -ENAMETOOLONG or -ENOSPC?
>> true, will change
>>
>>>> +		}
>>>> +		upath_size = buf + upath_size - p;
>>>> +		left = copy_to_user(upath, p, upath_size);
>>> Here, the data copied to user may contain more than
>>> actual path itself. I am okay with this since this
>>> is not in critical path. But early buf allocation is using
>>> kmalloc whose content could be arbitrary. Should we
>>> use kzalloc for the above 'buf' allocation?
>> good catch, will use kzalloc
> hum, actually.. after checking d_path IIUC it copies into the end of buffer,
> so I can't see this code copying more data to user buffer

Double checked as well. Indeed, the path is copied to the end of buffer,
so kmalloc() should be okay. Sorry for noise.
diff mbox series

Patch

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 7a5498242eaa..a63b5eb7f9ec 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -6562,6 +6562,16 @@  struct bpf_link_info {
 			__u32 flags;
 			__u64 missed;
 		} kprobe_multi;
+		struct {
+			__aligned_u64 path;
+			__aligned_u64 offsets;
+			__aligned_u64 ref_ctr_offsets;
+			__aligned_u64 cookies;
+			__u32 path_size; /* in/out: real path size on success */
+			__u32 count; /* in/out: uprobe_multi offsets/ref_ctr_offsets/cookies count */
+			__u32 flags;
+			__u32 pid;
+		} uprobe_multi;
 		struct {
 			__u32 type; /* enum bpf_perf_event_type */
 			__u32 :32;
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index ad0323f27288..ca453b642819 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -3044,6 +3044,7 @@  struct bpf_uprobe_multi_link {
 	u32 cnt;
 	struct bpf_uprobe *uprobes;
 	struct task_struct *task;
+	u32 flags;
 };
 
 struct bpf_uprobe_multi_run_ctx {
@@ -3083,9 +3084,79 @@  static void bpf_uprobe_multi_link_dealloc(struct bpf_link *link)
 	kfree(umulti_link);
 }
 
+static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link,
+						struct bpf_link_info *info)
+{
+	u64 __user *uref_ctr_offsets = u64_to_user_ptr(info->uprobe_multi.ref_ctr_offsets);
+	u64 __user *ucookies = u64_to_user_ptr(info->uprobe_multi.cookies);
+	u64 __user *uoffsets = u64_to_user_ptr(info->uprobe_multi.offsets);
+	u64 __user *upath = u64_to_user_ptr(info->uprobe_multi.path);
+	u32 upath_size = info->uprobe_multi.path_size;
+	struct bpf_uprobe_multi_link *umulti_link;
+	u32 ucount = info->uprobe_multi.count;
+	int err = 0, i;
+	long left;
+
+	if (!upath ^ !upath_size)
+		return -EINVAL;
+
+	if ((uoffsets || uref_ctr_offsets || ucookies) && !ucount)
+		return -EINVAL;
+
+	umulti_link = container_of(link, struct bpf_uprobe_multi_link, link);
+	info->uprobe_multi.count = umulti_link->cnt;
+	info->uprobe_multi.flags = umulti_link->flags;
+	info->uprobe_multi.pid = umulti_link->task ?
+				 task_pid_nr_ns(umulti_link->task, task_active_pid_ns(current)) : 0;
+
+	if (upath) {
+		char *p, *buf;
+
+		upath_size = min_t(u32, upath_size, PATH_MAX);
+
+		buf = kmalloc(upath_size, GFP_KERNEL);
+		if (!buf)
+			return -ENOMEM;
+		p = d_path(&umulti_link->path, buf, upath_size);
+		if (IS_ERR(p)) {
+			kfree(buf);
+			return -ENOSPC;
+		}
+		upath_size = buf + upath_size - p;
+		left = copy_to_user(upath, p, upath_size);
+		kfree(buf);
+		if (left)
+			return -EFAULT;
+		info->uprobe_multi.path_size = upath_size - 1 /* NULL */;
+	}
+
+	if (!uoffsets && !ucookies && !uref_ctr_offsets)
+		return 0;
+
+	if (ucount < umulti_link->cnt)
+		err = -ENOSPC;
+	else
+		ucount = umulti_link->cnt;
+
+	for (i = 0; i < ucount; i++) {
+		if (uoffsets &&
+		    put_user(umulti_link->uprobes[i].offset, uoffsets + i))
+			return -EFAULT;
+		if (uref_ctr_offsets &&
+		    put_user(umulti_link->uprobes[i].ref_ctr_offset, uref_ctr_offsets + i))
+			return -EFAULT;
+		if (ucookies &&
+		    put_user(umulti_link->uprobes[i].cookie, ucookies + i))
+			return -EFAULT;
+	}
+
+	return err;
+}
+
 static const struct bpf_link_ops bpf_uprobe_multi_link_lops = {
 	.release = bpf_uprobe_multi_link_release,
 	.dealloc = bpf_uprobe_multi_link_dealloc,
+	.fill_link_info = bpf_uprobe_multi_link_fill_link_info,
 };
 
 static int uprobe_prog_run(struct bpf_uprobe *uprobe,
@@ -3274,6 +3345,7 @@  int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
 	link->uprobes = uprobes;
 	link->path = path;
 	link->task = task;
+	link->flags = flags;
 
 	bpf_link_init(&link->link, BPF_LINK_TYPE_UPROBE_MULTI,
 		      &bpf_uprobe_multi_link_lops, prog);
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 7a5498242eaa..a63b5eb7f9ec 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -6562,6 +6562,16 @@  struct bpf_link_info {
 			__u32 flags;
 			__u64 missed;
 		} kprobe_multi;
+		struct {
+			__aligned_u64 path;
+			__aligned_u64 offsets;
+			__aligned_u64 ref_ctr_offsets;
+			__aligned_u64 cookies;
+			__u32 path_size; /* in/out: real path size on success */
+			__u32 count; /* in/out: uprobe_multi offsets/ref_ctr_offsets/cookies count */
+			__u32 flags;
+			__u32 pid;
+		} uprobe_multi;
 		struct {
 			__u32 type; /* enum bpf_perf_event_type */
 			__u32 :32;