From patchwork Mon May 16 18:27:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eugene Syromiatnikov X-Patchwork-Id: 12851344 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02A40C433EF for ; Mon, 16 May 2022 18:27:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344771AbiEPS1h (ORCPT ); Mon, 16 May 2022 14:27:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45104 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344775AbiEPS1c (ORCPT ); Mon, 16 May 2022 14:27:32 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id BE4AD3DDC1 for ; Mon, 16 May 2022 11:27:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1652725649; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=q+4QwzbSZp2bNTgsjIzHj4mmv53hcboZAM1lkwTA8ZE=; b=AcKnM6yXtzCEVga9BIJTATwv9bShS2nyPBxMgu0BMpO4o2kHaTJu8kcrl8Esdx75luEA7j NQJ5RVSend2a38FldLNiHsK6jeAbcfZR3Dv7H3DB4MwDmZvQELH5BqILn+SpHwTPT46uDQ SPfSwkShzPtFz/VzGrlRTNl6rq+XhYs= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-570-pC3RWEnNNa2uYIEl3ffSbA-1; Mon, 16 May 2022 14:27:26 -0400 X-MC-Unique: pC3RWEnNNa2uYIEl3ffSbA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E97918C5ABD; Mon, 16 May 2022 18:27:15 +0000 (UTC) Received: from asgard.redhat.com (unknown [10.36.110.3]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6C163C27EBB; Mon, 16 May 2022 18:27:11 +0000 (UTC) Date: Mon, 16 May 2022 20:27:08 +0200 From: Eugene Syromiatnikov To: Jiri Olsa , Masami Hiramatsu , Steven Rostedt , Ingo Molnar , Alexei Starovoitov , Daniel Borkmann Cc: Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Shuah Khan , linux-kselftest@vger.kernel.org Subject: [PATCH bpf 1/4] bpf_trace: check size for overflow in bpf_kprobe_multi_link_attach Message-ID: <20220516182708.GA29437@asgard.redhat.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Check that size would not overflow before calculation (and return -EOVERFLOW if it will), to prevent potential out-of-bounds write with the following copy_from_user. Add the same check to kprobe_multi_resolve_syms in case it will be called from elsewhere in the future. Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link") Signed-off-by: Eugene Syromiatnikov --- kernel/trace/bpf_trace.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index d8553f4..e90c4ce7 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2358,6 +2358,8 @@ kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, unsigned int i; char *func; + if (check_mul_overflow(cnt, sizeof(*syms), &size)) + return -EOVERFLOW; size = cnt * sizeof(*syms); syms = kvzalloc(size, GFP_KERNEL); if (!syms) @@ -2429,6 +2431,8 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr if (!cnt) return -EINVAL; + if (check_mul_overflow(cnt, (u32)sizeof(*addrs), &size)) + return -EOVERFLOW; size = cnt * sizeof(*addrs); addrs = kvmalloc(size, GFP_KERNEL); if (!addrs) From patchwork Mon May 16 18:27:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eugene Syromiatnikov X-Patchwork-Id: 12851345 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 469E6C433EF for ; Mon, 16 May 2022 18:27:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344813AbiEPS1s (ORCPT ); Mon, 16 May 2022 14:27:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344806AbiEPS1p (ORCPT ); Mon, 16 May 2022 14:27:45 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9FCE23DDE1 for ; Mon, 16 May 2022 11:27:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1652725660; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=i9tbH4DATFTVHTVKDZDsmCN1LCos1kVSdRdRXbhuGME=; b=UnSTsSqoZk4dUnMa7f21IawQV1ijFWWRVdARs5lD6MUu3oo6P8bhlMCYJGCeedfusmaLhd Iix2/+x/dT3/o6J5vgtRpN+PCqSJm89frVPOkQEWKqUxaiv0+zPflsBYuM197EWv65xmmU vZ1RUDwwZGF9AOryE7IBqSNL+TL7qCA= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-623-gLZIfmtbMiOoh8UQfzAPbw-1; Mon, 16 May 2022 14:27:35 -0400 X-MC-Unique: gLZIfmtbMiOoh8UQfzAPbw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9BB953C6053D; Mon, 16 May 2022 18:27:34 +0000 (UTC) Received: from asgard.redhat.com (unknown [10.36.110.3]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1DD3F153B8B8; Mon, 16 May 2022 18:27:29 +0000 (UTC) Date: Mon, 16 May 2022 20:27:27 +0200 From: Eugene Syromiatnikov To: Jiri Olsa , Masami Hiramatsu , Steven Rostedt , Ingo Molnar , Alexei Starovoitov , Daniel Borkmann Cc: Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Shuah Khan , linux-kselftest@vger.kernel.org Subject: [PATCH bpf 2/4] bpf_trace: support 32-bit kernels in bpf_kprobe_multi_link_attach Message-ID: <20220516182727.GA29647@asgard.redhat.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org It seems that there is no reason not to support 32-bit architectures; doing so requires a bit of rework with respect to cookies handling, however, as the current code implicitly assumes that sizeof(long) == sizeof(u64). Signed-off-by: Eugene Syromiatnikov --- kernel/trace/bpf_trace.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index e90c4ce7..d228440 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2405,16 +2405,12 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr struct bpf_link_primer link_primer; void __user *ucookies; unsigned long *addrs; - u32 flags, cnt, size; + u32 flags, cnt, size, cookies_size; void __user *uaddrs; u64 *cookies = NULL; void __user *usyms; int err; - /* no support for 32bit archs yet */ - if (sizeof(u64) != sizeof(void *)) - return -EOPNOTSUPP; - if (prog->expected_attach_type != BPF_TRACE_KPROBE_MULTI) return -EINVAL; @@ -2424,6 +2420,7 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr uaddrs = u64_to_user_ptr(attr->link_create.kprobe_multi.addrs); usyms = u64_to_user_ptr(attr->link_create.kprobe_multi.syms); + ucookies = u64_to_user_ptr(attr->link_create.kprobe_multi.cookies); if (!!uaddrs == !!usyms) return -EINVAL; @@ -2431,8 +2428,11 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr if (!cnt) return -EINVAL; - if (check_mul_overflow(cnt, (u32)sizeof(*addrs), &size)) + if (check_mul_overflow(cnt, (u32)sizeof(*addrs), &size) || + (ucookies && + check_mul_overflow(cnt, (u32)sizeof(*cookies), &cookies_size))) { return -EOVERFLOW; + } size = cnt * sizeof(*addrs); addrs = kvmalloc(size, GFP_KERNEL); if (!addrs) @@ -2449,14 +2449,14 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr goto error; } - ucookies = u64_to_user_ptr(attr->link_create.kprobe_multi.cookies); if (ucookies) { - cookies = kvmalloc(size, GFP_KERNEL); + cookies_size = cnt * sizeof(*cookies); + cookies = kvmalloc(cookies_size, GFP_KERNEL); if (!cookies) { err = -ENOMEM; goto error; } - if (copy_from_user(cookies, ucookies, size)) { + if (copy_from_user(cookies, ucookies, cookies_size)) { err = -EFAULT; goto error; } From patchwork Mon May 16 18:27:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eugene Syromiatnikov X-Patchwork-Id: 12851346 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A1FD7C433EF for ; Mon, 16 May 2022 18:28:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344829AbiEPS2D (ORCPT ); Mon, 16 May 2022 14:28:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46506 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344830AbiEPS17 (ORCPT ); Mon, 16 May 2022 14:27:59 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 295F23E0DB for ; Mon, 16 May 2022 11:27:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1652725669; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=CY4ff1BnqapePMK07WNltTRPHXz8albFraThTnxLBT4=; b=Ko3Hugd/R0xfj1/XmJUrPhuYhDyHs0d2SQ+xMAE/FY6MXUNUsThNbroRMWcrRpvYAeA40e tdGWG+f2ucdBd6509iA2BYB/C52mw/CamhqLro0fWxsqXlnMEVLmAeXixHg4gDL/9GgT8V W0sjz3szuCLRleGCyndZQ0IM8zoODvI= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-170-30w22ZIzOYuu65uh1XF7Sw-1; Mon, 16 May 2022 14:27:47 -0400 X-MC-Unique: 30w22ZIzOYuu65uh1XF7Sw-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7EFAE100BAA0; Mon, 16 May 2022 18:27:46 +0000 (UTC) Received: from asgard.redhat.com (unknown [10.36.110.3]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BA1BD1121314; Mon, 16 May 2022 18:27:42 +0000 (UTC) Date: Mon, 16 May 2022 20:27:40 +0200 From: Eugene Syromiatnikov To: Jiri Olsa , Masami Hiramatsu , Steven Rostedt , Ingo Molnar , Alexei Starovoitov , Daniel Borkmann Cc: Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Shuah Khan , linux-kselftest@vger.kernel.org Subject: [PATCH bpf 3/4] bpf_trace: handle compat in kprobe_multi_resolve_syms Message-ID: <20220516182740.GA29979@asgard.redhat.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org For compat processes, userspace pointer size is different. Since the copied array is iterated anyway, the simplest fix seems to be copy the user-supplied array as-is and the iterate as an array of native or compat pointers, depending on the in_compat_syscall() value. Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link") Signed-off-by: Eugene Syromiatnikov --- kernel/trace/bpf_trace.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index d228440..5b0cf54 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2352,16 +2352,21 @@ static int kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, unsigned long *addrs) { - unsigned long addr, size; + unsigned long addr; + size_t sym_size; + u32 size, elem_size; const char __user **syms; + compat_uptr_t __user *compat_syms; int err = -ENOMEM; unsigned int i; char *func; - if (check_mul_overflow(cnt, sizeof(*syms), &size)) + elem_size = in_compat_syscall() ? sizeof(*compat_syms) : sizeof(*syms); + if (check_mul_overflow(cnt, elem_size, &size)) return -EOVERFLOW; - size = cnt * sizeof(*syms); + size = cnt * elem_size; syms = kvzalloc(size, GFP_KERNEL); + compat_syms = (void *)syms; if (!syms) return -ENOMEM; @@ -2375,7 +2380,10 @@ kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, } for (i = 0; i < cnt; i++) { - err = strncpy_from_user(func, syms[i], KSYM_NAME_LEN); + const char __user *ufunc = in_compat_syscall() + ? (char __user *)(uintptr_t)compat_syms[i] + : syms[i]; + err = strncpy_from_user(func, ufunc, KSYM_NAME_LEN); if (err == KSYM_NAME_LEN) err = -E2BIG; if (err < 0) @@ -2384,9 +2392,9 @@ kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, addr = kallsyms_lookup_name(func); if (!addr) goto error; - if (!kallsyms_lookup_size_offset(addr, &size, NULL)) + if (!kallsyms_lookup_size_offset(addr, &sym_size, NULL)) goto error; - addr = ftrace_location_range(addr, addr + size - 1); + addr = ftrace_location_range(addr, addr + sym_size - 1); if (!addr) goto error; addrs[i] = addr; From patchwork Mon May 16 18:27:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eugene Syromiatnikov X-Patchwork-Id: 12851347 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55717C433F5 for ; Mon, 16 May 2022 18:28:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234200AbiEPS2P (ORCPT ); Mon, 16 May 2022 14:28:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47316 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344789AbiEPS2J (ORCPT ); Mon, 16 May 2022 14:28:09 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 35C3F3DDD3 for ; Mon, 16 May 2022 11:28:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1652725687; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type; bh=KGdQi8TuzBmFRXod035kvuaDB/iI4QyLpnvfOS0c72g=; b=MgrjE54s/1rU2Q0Cidf4rRetRFdk9S2gcieYk1j4qfr8aNPojOyfUBnGhLWxXZNnbBBDRY 77WduZHcDqcJYxINo7bt62EouaNpjnZzqqX0P2rzZnsIkbZHi5fW3raQvabvjZ8+2JYjnl F23DTde+68lkDTj/UIaeJ0Mb3pgYa6Y= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-97-G2KT6AgpPKGayOWKZwieZg-1; Mon, 16 May 2022 14:28:01 -0400 X-MC-Unique: G2KT6AgpPKGayOWKZwieZg-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B1D83395AFE4; Mon, 16 May 2022 18:28:00 +0000 (UTC) Received: from asgard.redhat.com (unknown [10.36.110.3]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 022005521E2; Mon, 16 May 2022 18:27:56 +0000 (UTC) Date: Mon, 16 May 2022 20:27:54 +0200 From: Eugene Syromiatnikov To: Jiri Olsa , Masami Hiramatsu , Steven Rostedt , Ingo Molnar , Alexei Starovoitov , Daniel Borkmann Cc: Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Shuah Khan , linux-kselftest@vger.kernel.org Subject: [PATCH bpf 4/4] bpf_trace: pass array of u64 values in kprobe_multi.addrs Message-ID: <20220516182754.GA30211@asgard.redhat.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9 Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org With the interface as defined, it is impossible to pass 64-bit kernel addresses from a 32-bit userspace process in BPF_LINK_TYPE_KPROBE_MULTI, which severly limits the useability of the interface, change the ABI to accept an array of u64 values instead of (kernel? user?) longs. Interestingly, the rest of the libbpf infrastructure uses 64-bit values for kallsyms addresses already, so this patch also eliminates the sym_addr cast in tools/lib/bpf/libbpf.c:resolve_kprobe_multi_cb(). Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link") Fixes: 5117c26e877352bc ("libbpf: Add bpf_link_create support for multi kprobes") Fixes: ddc6b04989eb0993 ("libbpf: Add bpf_program__attach_kprobe_multi_opts function") Fixes: f7a11eeccb111854 ("selftests/bpf: Add kprobe_multi attach test") Fixes: 9271a0c7ae7a9147 ("selftests/bpf: Add attach test for bpf_program__attach_kprobe_multi_opts") Fixes: 2c6401c966ae1fbe ("selftests/bpf: Add kprobe_multi bpf_cookie test") Signed-off-by: Eugene Syromiatnikov --- kernel/trace/bpf_trace.c | 25 ++++++++++++++++++---- tools/lib/bpf/bpf.h | 2 +- tools/lib/bpf/libbpf.c | 8 +++---- tools/lib/bpf/libbpf.h | 2 +- .../testing/selftests/bpf/prog_tests/bpf_cookie.c | 2 +- .../selftests/bpf/prog_tests/kprobe_multi_test.c | 2 +- 6 files changed, 29 insertions(+), 12 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 5b0cf54..86a5544 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2414,7 +2414,7 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr void __user *ucookies; unsigned long *addrs; u32 flags, cnt, size, cookies_size; - void __user *uaddrs; + u64 __user *uaddrs; u64 *cookies = NULL; void __user *usyms; int err; @@ -2447,9 +2447,26 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr return -ENOMEM; if (uaddrs) { - if (copy_from_user(addrs, uaddrs, size)) { - err = -EFAULT; - goto error; + if (sizeof(*addrs) == sizeof(*uaddrs)) { + if (copy_from_user(addrs, uaddrs, size)) { + err = -EFAULT; + goto error; + } + } else { + u32 i; + u64 addr; + + for (i = 0; i < cnt; i++) { + if (get_user(addr, uaddrs + i)) { + err = -EFAULT; + goto error; + } + if (addr > ULONG_MAX) { + err = -EINVAL; + goto error; + } + addrs[i] = addr; + } } } else { err = kprobe_multi_resolve_syms(usyms, cnt, addrs); diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h index f4b4afb..f677602 100644 --- a/tools/lib/bpf/bpf.h +++ b/tools/lib/bpf/bpf.h @@ -417,7 +417,7 @@ struct bpf_link_create_opts { __u32 flags; __u32 cnt; const char **syms; - const unsigned long *addrs; + const __u64 *addrs; const __u64 *cookies; } kprobe_multi; }; diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 809fe20..03a14a6 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -10279,7 +10279,7 @@ static bool glob_match(const char *str, const char *pat) struct kprobe_multi_resolve { const char *pattern; - unsigned long *addrs; + __u64 *addrs; size_t cap; size_t cnt; }; @@ -10294,12 +10294,12 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type, if (!glob_match(sym_name, res->pattern)) return 0; - err = libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(unsigned long), + err = libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(__u64), res->cnt + 1); if (err) return err; - res->addrs[res->cnt++] = (unsigned long) sym_addr; + res->addrs[res->cnt++] = sym_addr; return 0; } @@ -10314,7 +10314,7 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog, }; struct bpf_link *link = NULL; char errmsg[STRERR_BUFSIZE]; - const unsigned long *addrs; + const __u64 *addrs; int err, link_fd, prog_fd; const __u64 *cookies; const char **syms; diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h index 05dde85..ec1cb61 100644 --- a/tools/lib/bpf/libbpf.h +++ b/tools/lib/bpf/libbpf.h @@ -431,7 +431,7 @@ struct bpf_kprobe_multi_opts { /* array of function symbols to attach */ const char **syms; /* array of function addresses to attach */ - const unsigned long *addrs; + const __u64 *addrs; /* array of user-provided values fetchable through bpf_get_attach_cookie */ const __u64 *cookies; /* number of elements in syms/addrs/cookies arrays */ diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c b/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c index 923a613..5aa482a 100644 --- a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c +++ b/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c @@ -137,7 +137,7 @@ static void kprobe_multi_link_api_subtest(void) cookies[6] = 7; cookies[7] = 8; - opts.kprobe_multi.addrs = (const unsigned long *) &addrs; + opts.kprobe_multi.addrs = (const __u64 *) &addrs; opts.kprobe_multi.cnt = ARRAY_SIZE(addrs); opts.kprobe_multi.cookies = (const __u64 *) &cookies; prog_fd = bpf_program__fd(skel->progs.test_kprobe); diff --git a/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c b/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c index b9876b5..b58e2b0 100644 --- a/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c +++ b/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c @@ -105,7 +105,7 @@ static void test_link_api_addrs(void) GET_ADDR("bpf_fentry_test7", addrs[6]); GET_ADDR("bpf_fentry_test8", addrs[7]); - opts.kprobe_multi.addrs = (const unsigned long*) addrs; + opts.kprobe_multi.addrs = (const __u64 *) addrs; opts.kprobe_multi.cnt = ARRAY_SIZE(addrs); test_link_api(&opts); }