From patchwork Fri Aug 23 18:48:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rome X-Patchwork-Id: 13775712 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mout.perfora.net (mout.perfora.net [74.208.4.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CB271925BA for ; Fri, 23 Aug 2024 18:49:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.208.4.196 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724438946; cv=none; b=ufsqv+XAxvWaB6wBzehjpAAW98qBUAEDJzmXeIFCeovDutrpBlR51PgW6VVZ2q1RHJ8JFVW1UkulAGTbFkZ6drUcTLOrE8G9fQO6z3b0GPbN0g2MGd1H3vClL4MmWzpsf6PopQWTZwy7vgDEiY+GT/TfKv7Zm0toq4yA8igQKuI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724438946; c=relaxed/simple; bh=i1SXIuLLVRq0155vBfKjP72yltycjWLUUmrA3n0jb/M=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=HPsouAbdODDbNlVlyJEBIb4hGh8nvQrISx9PesIg5uD6RY8LnB7W+QWkhz6oPFDRWKyTd4pE7sE5CZB6xouThC5wmNdb25sVNuh82FWHdrogDrok1zS0yuLAJAIHs9Fj1HdpEWfKCGomFTLzaY2SlPuOtARAT8hBjLqRHK0KuAA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jordanrome.com; spf=pass smtp.mailfrom=jordanrome.com; dkim=pass (2048-bit key) header.d=jordanrome.com header.i=linux@jordanrome.com header.b=xo1afidi; arc=none smtp.client-ip=74.208.4.196 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jordanrome.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=jordanrome.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=jordanrome.com header.i=linux@jordanrome.com header.b="xo1afidi" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jordanrome.com; s=s1-ionos; t=1724438923; x=1725043723; i=linux@jordanrome.com; bh=z4MopIk5l/P6pVByP+hVPhniotnTONT4ah0PkETy5iM=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:Message-ID: MIME-Version:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=xo1afidiP+STegWw2yFJHaJ8IDJxluQWjGt2FCNRhd89KFtFHNpgQr3tosDKEaEG 42EYKEmgLFbDQYG5Zn+ZCp/2Xq6t3sv18tAe43iHF0npzxnErqx6HVj6Ma0QvxXnP BAxv3vWITIV4zZ1zv9I1LQIF/KMtfARVn18l7LkbhHDvKmmtz+Iz74JcRnxh3sjIq YboIk6vNYulpWj6pPoT2jZFgOynEFrVygx8aS4o5pVo3MszVbTXIFCiyxa+DDrrGt sIQvIDzLF4k0rw2VhatPP3FuxDc2fmv2SKP8uHr2zmQ8Cranztra8RF0bhPGEV78a o+91LwtzzYu/R1q6Ew== X-UI-Sender-Class: 55c96926-9e95-11ee-ae09-1f7a4046a0f6 Received: from localhost ([173.252.127.17]) by mrelay.perfora.net (mreueus004 [74.208.5.2]) with ESMTPSA (Nemesis) id 1MsIT8-1rouRs3QEM-00sm56; Fri, 23 Aug 2024 20:48:42 +0200 From: Jordan Rome To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Kernel Team , sinquersw@gmail.com Subject: [bpf-next v9 1/2] bpf: Add bpf_copy_from_user_str kfunc Date: Fri, 23 Aug 2024 11:48:22 -0700 Message-ID: <20240823184823.3236004-1-linux@jordanrome.com> X-Mailer: git-send-email 2.43.5 Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Provags-ID: V03:K1:heUjSv2JVH+t09sUy6OhG6X/w/ByHVdjuwzpbqG9dLGNPOkCiut oHh0Or8qEjqiuj2iuiEKtbaF1ZA2Lin0pSjCqgxm+eyJqD6chL/evcMyhTkoz5hiyU8OBn1 KHlrzt+6BgqwBpCJfyL8ooHje4mi+i+jJuyrnLk7IE4FEX2bIUwkyuwPpTHkB4+L3dT4voy Nc/w40eJA1nYfWo9F562g== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:vI/b3hgagaE=;izrbWsvx/YQtvhM1Dq+P+351f1/ bzNoWspy1wfBbiE98RHQALzsoU3HCuWVQPA2qjT1LPIVGSlEwFXg9Ifj1LweYYAzPoM5OIoIR 4T5tQjJpIrdHfCieMNK0tFJJ97rz5toqNQ5V5cT5WaQ1rdxa+zF2GPhJGLb6kh6eiPmP5C4Pg iF4xLAYMbhQH8mQGquFh17/cSjhHjwwg0FHppPDpLGT1D4wZZotETF22Zp6SZCoPeHvF0IS+8 ASdOMpJlhiKryEUuO3bq+TGuqJ5OaUgVx0WFQzsL7vuUIfBfl6eQBOef9VexyLQHX2+UaA1ml f1fjFIJiZNmItxl5vLV2P/ta2/nMYk8Sw+pIGBZiRNtO1rdC7xu2LJOQpl6P4BMT8BnGDQ5uT 75fN1fZj1s5V1anJgT/W7ESBsUyVcCQwhTRHjFVDY8RErwytE81F6wHOeAdkl0waLe0uzIlHa +Rj4D8YeDofX5rrgDPbk8o1vVSkNV9e0AkAa1o9NZXcghDMDecV+G+JQKtQLNcxRRskwVR1Oa eNTjv+JWZ+pPN3buUxSSs5vVWtAOaxc2FnG1QZEBC8HqiSa3wf1F9HNu+uU9KzcRyb7NwD7DQ 7eJZkScJfIrue3ya7K3yPw9HPzhnrF7tX44Xl6BtcSb+wmauhdADKZRO1tDFvcV/Yycw7Pn0o DaytS7kjVjHK4y0F3xs3DWhCmvFqBJWhGUGOEIHS6JVOtIfz6g/GBlu1IW4DCttHzEAIYIeV1 kv/8+3/2GYScwA5TJtawL21pl4mpMPPgA== X-Patchwork-Delegate: bpf@iogearbox.net This adds a kfunc wrapper around strncpy_from_user, which can be called from sleepable BPF programs. This matches the non-sleepable 'bpf_probe_read_user_str' helper except it includes an additional 'flags' param, which allows consumers to clear the entire destination buffer on success or failure. Signed-off-by: Jordan Rome --- include/uapi/linux/bpf.h | 9 ++++++++ kernel/bpf/helpers.c | 42 ++++++++++++++++++++++++++++++++++ tools/include/uapi/linux/bpf.h | 9 ++++++++ 3 files changed, 60 insertions(+) -- 2.43.5 diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index e05b39e39c3f..d015fdcdad3a 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -7513,4 +7513,13 @@ struct bpf_iter_num { __u64 __opaque[1]; } __attribute__((aligned(8))); +/* + * Flags to control bpf_copy_from_user_str() behaviour. + * - BPF_F_PAD_ZEROS: Pad destination buffer with zeros. (See the respective + * helper documentation for details.) + */ +enum bpf_kfunc_flags { + BPF_F_PAD_ZEROS = (1ULL << 0), +}; + #endif /* _UAPI__LINUX_BPF_H__ */ diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index d02ae323996b..5f065804c096 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c @@ -2939,6 +2939,47 @@ __bpf_kfunc void bpf_iter_bits_destroy(struct bpf_iter_bits *it) bpf_mem_free(&bpf_global_ma, kit->bits); } +/** + * bpf_copy_from_user_str() - Copy a string from an unsafe user address + * @dst: Destination address, in kernel space. This buffer must be at + * least @dst__sz bytes long. + * @dst__sz: Maximum number of bytes to copy, including the trailing NUL. + * @unsafe_ptr__ign: Source address, in user space. + * @flags: The only supported flag is BPF_F_PAD_ZEROS + * + * Copies a NUL-terminated string from userspace to BPF space. If user string is + * too long this will still ensure zero termination in the dst buffer unless + * buffer size is 0. + * + * If BPF_F_PAD_ZEROS flag is set, memset the tail of @dst to 0 on success and + * memset all of @dst on failure. + */ +__bpf_kfunc int bpf_copy_from_user_str(void *dst, u32 dst__sz, const void __user *unsafe_ptr__ign, u64 flags) +{ + int ret; + + if (unlikely(flags & ~BPF_F_PAD_ZEROS)) + return -EINVAL; + + if (unlikely(!dst__sz)) + return 0; + + ret = strncpy_from_user(dst, unsafe_ptr__ign, dst__sz - 1); + if (ret < 0) { + if (flags & BPF_F_PAD_ZEROS) + memset((char *)dst, 0, dst__sz); + + return ret; + } + + if (flags & BPF_F_PAD_ZEROS) + memset((char *)dst + ret, 0, dst__sz - ret); + else + ((char *)dst)[ret] = '\0'; + + return ret + 1; +} + __bpf_kfunc_end_defs(); BTF_KFUNCS_START(generic_btf_ids) @@ -3024,6 +3065,7 @@ BTF_ID_FLAGS(func, bpf_preempt_enable) BTF_ID_FLAGS(func, bpf_iter_bits_new, KF_ITER_NEW) BTF_ID_FLAGS(func, bpf_iter_bits_next, KF_ITER_NEXT | KF_RET_NULL) BTF_ID_FLAGS(func, bpf_iter_bits_destroy, KF_ITER_DESTROY) +BTF_ID_FLAGS(func, bpf_copy_from_user_str, KF_SLEEPABLE) BTF_KFUNCS_END(common_btf_ids) static const struct btf_kfunc_id_set common_kfunc_set = { diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index e05b39e39c3f..d015fdcdad3a 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -7513,4 +7513,13 @@ struct bpf_iter_num { __u64 __opaque[1]; } __attribute__((aligned(8))); +/* + * Flags to control bpf_copy_from_user_str() behaviour. + * - BPF_F_PAD_ZEROS: Pad destination buffer with zeros. (See the respective + * helper documentation for details.) + */ +enum bpf_kfunc_flags { + BPF_F_PAD_ZEROS = (1ULL << 0), +}; + #endif /* _UAPI__LINUX_BPF_H__ */ From patchwork Fri Aug 23 18:48:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rome X-Patchwork-Id: 13775711 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mout.perfora.net (mout.perfora.net [74.208.4.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CADA1925B9 for ; Fri, 23 Aug 2024 18:49:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.208.4.196 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724438946; cv=none; b=b2iI482/TC7zwJkVLz15yxcnnNIqfjv9+sKozCgCw2q5eK//UHKGD7xn7HP9MVcneLhAbnh5VCo3GiIm22Nu9MBHidrvNoxGffJ0urszZ52/Hm5wK4u35M8y3+HiumTh4t0LetN9jDOTlWKqKOzT+fV/3b1hxnopdTm+ioQdRWc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724438946; c=relaxed/simple; bh=NQPN4W6/rLTlef9kXZtkOL2YDXoMAchcbZzQZ7M5zSo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=guE3z4Qx5T45yOSx3wyqLcfcWUnaJhiKaeUVu+SNTAb6budVVX0JSfcZ8RBF1ZVFaYbISXP/ZqRz/8dxzuhxaEoOS7ocdGAam5mvMyyddSdK8I56ZnKdURt9gg2UsVwyLiKp5TNiuPgToMPDv/i4Emqffe1DyrSQX5UMT9tzz0c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jordanrome.com; spf=pass smtp.mailfrom=jordanrome.com; dkim=pass (2048-bit key) header.d=jordanrome.com header.i=linux@jordanrome.com header.b=eyocGSdI; arc=none smtp.client-ip=74.208.4.196 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jordanrome.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=jordanrome.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=jordanrome.com header.i=linux@jordanrome.com header.b="eyocGSdI" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jordanrome.com; s=s1-ionos; t=1724438927; x=1725043727; i=linux@jordanrome.com; bh=dhohmZQQKi8SDS9l0p25MKao6cZ1ghMcWn8pOREp6Rc=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:Message-ID:In-Reply-To: References:MIME-Version:Content-Transfer-Encoding:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=eyocGSdIGxGSLvrGmGb/gfarpW9puZNInXiJG0qiT9BGTMplwCaxM3lHP5yYpUdy nr+j1KPancwu6QQ5g7BiXA/znVwJSuS9ceKkKsS55MA9kdUjou/OUosuz/MwGA0b8 STpD/Lnzmqh5hA+ZTJswyt0MCv0uZkEgkZTSo/jvvIYOqyaTe04TfUXxblmqNEzEt XhxqdMNelIF3YTPonGbvpopJB0SCDE746ykA8y2F9dJgiW5KN/rSwmRl450RGzcNf XYX6maeMNNagk3dpIri7MOmUtjNzLWPlAq3Y40I91OKxjcmra3TwZ2a7JppKXP+4j gmxVD5qohrEhl4AC8A== X-UI-Sender-Class: 55c96926-9e95-11ee-ae09-1f7a4046a0f6 Received: from localhost ([173.252.127.11]) by mrelay.perfora.net (mreueus003 [74.208.5.2]) with ESMTPSA (Nemesis) id 0MH1qm-1svKzk3vxS-008hX8; Fri, 23 Aug 2024 20:48:47 +0200 From: Jordan Rome To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Kernel Team , sinquersw@gmail.com Subject: [bpf-next v9 2/2] bpf: Add tests for bpf_copy_from_user_str kfunc Date: Fri, 23 Aug 2024 11:48:23 -0700 Message-ID: <20240823184823.3236004-2-linux@jordanrome.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20240823184823.3236004-1-linux@jordanrome.com> References: <20240823184823.3236004-1-linux@jordanrome.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Provags-ID: V03:K1:x+LB955B1CxBVMLWQFdhI+tTS4eLaHc7vldn7SPGBx0goAhIDb7 Pw7AVvDC9nnXhOFt0gdN75LbpfRfkb4v8arWJNrt72/mCfVqkn6m3wY2/R8ASK5ErftaEks 3Y0MDAymvEysW2NZ0zRO1FJnowvcjIEzMa+p/r2C6kOqyZu15Inj0ebQBxB/d1KoWiYSxVK H1NPoaoz2381nrpVLeyGg== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:96bNlISd0GE=;W/mj1Yc8EemRBprIXMgBlrQPUtd 8xCx7EA53/zigvq+uUGXl58P/oe6gNny7uY2Irwrf7tIU4GA47GWc+G5enI0t1Vy9fgcOWRB9 Hg1kq1CWncKDv8UcJ5AcYxGkoI+XOlGzrT1Px3XnbTNl3lNylXniv9PD90c0dIw40bZhgzChV fe7x1PA5ja55HOfyv5V6TQJlgAfsxrr0kK+/EKhCHByUxCjRwls9d5Xhd0Z2lmkwV1/fYMn9d 0mibPRR2A5rrTZ6Y0QlWrvx/aKJacj+CxEGXmxuIAMMbsiqtbtj3WCBABcPQKYTFKe7YZ6jCe CWWppH1GE5LG1loSAtIi0UdqXywY4bLCxMAZYti1QKR9sB4uG9bdo+eS0QclfBfGl1gn2671c nbcNiah9DTjUxcEImcELCXAkMJwtpzVzf9TBooToyuJRiUyRsYolXIA9LWKV7bSEfVGidclsl /A+wUHUV2M+kfAWZjpv9J7y9fSVE7qBqGcnm1r7bao8kvVrjjl0LWl0WngCM7xlSAO1hdgMki RiQi5NATXeJw+FU7WV2X2XnDYzgssi+CS6zdCN1hkiji9yXzSVQ+Y5cdJNxGmMFNH2jVEoX3E /JOSGKcdxx9qBSdeNv0U5ylmrYBwJdh2K7SulKyeb4UD/sG5WEQ5kBINed+uB4dbFZxuOoyKk yzFhLSNODp2s4xpF7YG7CyxETJsCZjkSC5JIrP9a0djvBq6pvhylQSqddFUjNZlt/krTaVl6J TdX3NkaWnFWDuhku0Cu6UXno5U9Y8nuUg== X-Patchwork-Delegate: bpf@iogearbox.net This adds tests for both the happy path and the error path. Signed-off-by: Jordan Rome --- .../selftests/bpf/prog_tests/attach_probe.c | 8 ++- .../selftests/bpf/prog_tests/read_vsyscall.c | 1 + .../selftests/bpf/progs/read_vsyscall.c | 9 ++- .../selftests/bpf/progs/test_attach_probe.c | 64 ++++++++++++++++++- 4 files changed, 75 insertions(+), 7 deletions(-) -- 2.43.5 diff --git a/tools/testing/selftests/bpf/prog_tests/attach_probe.c b/tools/testing/selftests/bpf/prog_tests/attach_probe.c index 7175af39134f..329c7862b52d 100644 --- a/tools/testing/selftests/bpf/prog_tests/attach_probe.c +++ b/tools/testing/selftests/bpf/prog_tests/attach_probe.c @@ -283,9 +283,11 @@ static void test_uprobe_sleepable(struct test_attach_probe *skel) trigger_func3(); ASSERT_EQ(skel->bss->uprobe_byname3_sleepable_res, 9, "check_uprobe_byname3_sleepable_res"); - ASSERT_EQ(skel->bss->uprobe_byname3_res, 10, "check_uprobe_byname3_res"); - ASSERT_EQ(skel->bss->uretprobe_byname3_sleepable_res, 11, "check_uretprobe_byname3_sleepable_res"); - ASSERT_EQ(skel->bss->uretprobe_byname3_res, 12, "check_uretprobe_byname3_res"); + ASSERT_EQ(skel->bss->uprobe_byname3_str_sleepable_res, 10, "check_uprobe_byname3_str_sleepable_res"); + ASSERT_EQ(skel->bss->uprobe_byname3_res, 11, "check_uprobe_byname3_res"); + ASSERT_EQ(skel->bss->uretprobe_byname3_sleepable_res, 12, "check_uretprobe_byname3_sleepable_res"); + ASSERT_EQ(skel->bss->uretprobe_byname3_str_sleepable_res, 13, "check_uretprobe_byname3_str_sleepable_res"); + ASSERT_EQ(skel->bss->uretprobe_byname3_res, 14, "check_uretprobe_byname3_res"); } void test_attach_probe(void) diff --git a/tools/testing/selftests/bpf/prog_tests/read_vsyscall.c b/tools/testing/selftests/bpf/prog_tests/read_vsyscall.c index 3405923fe4e6..c7b9ba8b1d06 100644 --- a/tools/testing/selftests/bpf/prog_tests/read_vsyscall.c +++ b/tools/testing/selftests/bpf/prog_tests/read_vsyscall.c @@ -23,6 +23,7 @@ struct read_ret_desc { { .name = "probe_read_user_str", .ret = -EFAULT }, { .name = "copy_from_user", .ret = -EFAULT }, { .name = "copy_from_user_task", .ret = -EFAULT }, + { .name = "copy_from_user_str", .ret = -EFAULT }, }; void test_read_vsyscall(void) diff --git a/tools/testing/selftests/bpf/progs/read_vsyscall.c b/tools/testing/selftests/bpf/progs/read_vsyscall.c index 986f96687ae1..39ebef430059 100644 --- a/tools/testing/selftests/bpf/progs/read_vsyscall.c +++ b/tools/testing/selftests/bpf/progs/read_vsyscall.c @@ -1,5 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 /* Copyright (C) 2024. Huawei Technologies Co., Ltd */ +#include "vmlinux.h" #include #include @@ -7,10 +8,15 @@ int target_pid = 0; void *user_ptr = 0; -int read_ret[8]; +int read_ret[9]; char _license[] SEC("license") = "GPL"; +/* + * This is the only kfunc, the others are helpers + */ +int bpf_copy_from_user_str(void *dst, u32, const void *, u64) __weak __ksym; + SEC("fentry/" SYS_PREFIX "sys_nanosleep") int do_probe_read(void *ctx) { @@ -40,6 +46,7 @@ int do_copy_from_user(void *ctx) read_ret[6] = bpf_copy_from_user(buf, sizeof(buf), user_ptr); read_ret[7] = bpf_copy_from_user_task(buf, sizeof(buf), user_ptr, bpf_get_current_task_btf(), 0); + read_ret[8] = bpf_copy_from_user_str((char *)buf, sizeof(buf), user_ptr, 0); return 0; } diff --git a/tools/testing/selftests/bpf/progs/test_attach_probe.c b/tools/testing/selftests/bpf/progs/test_attach_probe.c index 68466a6ad18c..0b16502726f8 100644 --- a/tools/testing/selftests/bpf/progs/test_attach_probe.c +++ b/tools/testing/selftests/bpf/progs/test_attach_probe.c @@ -5,6 +5,7 @@ #include #include #include +#include #include "bpf_misc.h" int kprobe2_res = 0; @@ -14,10 +15,15 @@ int uretprobe_byname_res = 0; int uprobe_byname2_res = 0; int uretprobe_byname2_res = 0; int uprobe_byname3_sleepable_res = 0; +int uprobe_byname3_str_sleepable_res = 0; int uprobe_byname3_res = 0; int uretprobe_byname3_sleepable_res = 0; +int uretprobe_byname3_str_sleepable_res = 0; int uretprobe_byname3_res = 0; void *user_ptr = 0; +u32 dynamic_sz = 1; + +int bpf_copy_from_user_str(void *dst, u32, const void *, u64) __weak __ksym; SEC("ksyscall/nanosleep") int BPF_KSYSCALL(handle_kprobe_auto, struct __kernel_timespec *req, struct __kernel_timespec *rem) @@ -87,11 +93,61 @@ static __always_inline bool verify_sleepable_user_copy(void) return bpf_strncmp(data, sizeof(data), "test_data") == 0; } +static __always_inline bool verify_sleepable_user_copy_str(void) +{ + int ret; + char data_long[20]; + char data_long_pad[20]; + char data_long_err[20]; + char data_short[4]; + char data_short_pad[4]; + + ret = bpf_copy_from_user_str(data_short, sizeof(data_short), user_ptr, 0); + + if (bpf_strncmp(data_short, 4, "tes\0") != 0 || ret != 4) + return false; + + ret = bpf_copy_from_user_str(data_short_pad, sizeof(data_short_pad), user_ptr, BPF_F_PAD_ZEROS); + + if (bpf_strncmp(data_short, 4, "tes\0") != 0 || ret != 4) + return false; + + // Make sure this passes the verifier + ret = bpf_copy_from_user_str(data_long, dynamic_sz &= sizeof(data_long), user_ptr, 0); + + if (ret != 0) + return false; + + ret = bpf_copy_from_user_str(data_long, sizeof(data_long), user_ptr, 0); + + if (bpf_strncmp(data_long, 10, "test_data\0") != 0 || ret != 10) + return false; + + ret = bpf_copy_from_user_str(data_long_pad, sizeof(data_long_pad), user_ptr, BPF_F_PAD_ZEROS); + + if (bpf_strncmp(data_long_pad, 10, "test_data\0") != 0 || ret != 10 || data_long_pad[19] != '\0') + return false; + + ret = bpf_copy_from_user_str(data_long_err, sizeof(data_long_err), (void *)data_long, BPF_F_PAD_ZEROS); + + if (ret > 0 || data_long_err[19] != '\0') + return false; + + ret = bpf_copy_from_user_str(data_long, sizeof(data_long), user_ptr, 2); + + if (ret != -EINVAL) + return false; + + return true; +} + SEC("uprobe.s//proc/self/exe:trigger_func3") int handle_uprobe_byname3_sleepable(struct pt_regs *ctx) { if (verify_sleepable_user_copy()) uprobe_byname3_sleepable_res = 9; + if (verify_sleepable_user_copy_str()) + uprobe_byname3_str_sleepable_res = 10; return 0; } @@ -102,7 +158,7 @@ int handle_uprobe_byname3_sleepable(struct pt_regs *ctx) SEC("uprobe//proc/self/exe:trigger_func3") int handle_uprobe_byname3(struct pt_regs *ctx) { - uprobe_byname3_res = 10; + uprobe_byname3_res = 11; return 0; } @@ -110,14 +166,16 @@ SEC("uretprobe.s//proc/self/exe:trigger_func3") int handle_uretprobe_byname3_sleepable(struct pt_regs *ctx) { if (verify_sleepable_user_copy()) - uretprobe_byname3_sleepable_res = 11; + uretprobe_byname3_sleepable_res = 12; + if (verify_sleepable_user_copy_str()) + uretprobe_byname3_str_sleepable_res = 13; return 0; } SEC("uretprobe//proc/self/exe:trigger_func3") int handle_uretprobe_byname3(struct pt_regs *ctx) { - uretprobe_byname3_res = 12; + uretprobe_byname3_res = 14; return 0; }