On Mon, Mar 11, 2024 at 7:48 AM Eduard Zingerman <eddyz87@xxxxxxxxx> wrote:
>
> On Mon, 2024-03-11 at 21:16 +0800, Edward Adam Davis wrote:
> > Check the first char of the BTF DATASEC names.
> >
> > Fixes: bd70a8fb7ca4 ("bpf: Allow all printable characters in BTF DATASEC names")
> > Reported-and-tested-by: syzbot+cc32304f6487ebff9b70@xxxxxxxxxxxxxxxxxxxxxxxxx
> > Signed-off-by: Edward Adam Davis <eadavis@xxxxxx>
> > ---
> > kernel/bpf/btf.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> > index 170d017e8e4a..dda0aa0d7175 100644
> > --- a/kernel/bpf/btf.c
> > +++ b/kernel/bpf/btf.c
> > @@ -816,6 +816,8 @@ static bool btf_name_valid_section(const struct btf *btf, u32 offset)
> > const char *src = btf_str_by_offset(btf, offset);
> > const char *src_limit;
> >
> > + if (!isprint(*src))
> > + return false;
> > /* set a limit on identifier length */
> > src_limit = src + KSYM_NAME_LEN;
> > src++;
>
> Hi Edward,
>
> Thank you for fixing this.
> I wonder, maybe something like below would be simpler?
>
> Thanks,
> Eduard
>
> ---
>
> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> index 170d017e8e4a..3d95d5398c8a 100644
> --- a/kernel/bpf/btf.c
> +++ b/kernel/bpf/btf.c
> @@ -818,7 +818,6 @@ static bool btf_name_valid_section(const struct btf *btf, u32 offset)
>
> /* set a limit on identifier length */
> src_limit = src + KSYM_NAME_LEN;
> - src++;
ah, __btf_name_valid() has a separate __btf_name_char_ok(*src, true)
check and then skips first character :(
What Eduard proposes makes sense, we shouldn't advance src before the loop.
Eduard, I'd also say we should make __btf_name_valid() a bit more
uniform by dropping that first if and then doing
if (!__btf_name_char_ok(*src, src == src_orig))
return false;
where we just remember original string pointer in src_orig.
WDYT?
> while (*src && src < src_limit) {
> if (!isprint(*src))
> return false;
>
