On Mon, Aug 12, 2024 at 11:55 AM Kui-Feng Lee <sinquersw@xxxxxxxxx> wrote:
>
>
>
> On 8/11/24 16:54, Jordan Rome wrote:
> > This adds a kfunc wrapper around strncpy_from_user,
> > which can be called from sleepable BPF programs.
> >
> > This matches the non-sleepable 'bpf_probe_read_user_str'
> > helper.
> >
> > Signed-off-by: Jordan Rome <linux@xxxxxxxxxxxxxx>
> > ---
> > kernel/bpf/helpers.c | 32 ++++++++++++++++++++++++++++++++
> > 1 file changed, 32 insertions(+)
> >
> > diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> > index d02ae323996b..5eeb7c2ca622 100644
> > --- a/kernel/bpf/helpers.c
> > +++ b/kernel/bpf/helpers.c
> > @@ -2939,6 +2939,37 @@ __bpf_kfunc void bpf_iter_bits_destroy(struct bpf_iter_bits *it)
> > bpf_mem_free(&bpf_global_ma, kit->bits);
> > }
> >
> > +/**
> > + * bpf_copy_from_user_str() - Copy a string from an unsafe user address
> > + * @dst: Destination address, in kernel space. This buffer must be at
> > + * least @dst__szk bytes long.
> > + * @dst__szk: Maximum number of bytes to copy, including the trailing NUL.
> > + * @unsafe_ptr__ign: Source address, in user space.
> > + *
> > + * Copies a NUL-terminated string from userspace to BPF space. If user string is
> > + * too long this will still ensure zero termination in the dst buffer unless
> > + * buffer size is 0.
> > + */
> > +__bpf_kfunc int bpf_copy_from_user_str(void *dst, u32 dst__szk, const void __user *unsafe_ptr__ign)
> > +{
> > + int ret;
> > +
> > + if (unlikely(!dst__szk))
> > + return 0;
> > +
> > + ret = strncpy_from_user(dst, unsafe_ptr__ign, dst__szk);
> > + if (unlikely(ret < 0)) {
> > + memset(dst, 0, dst__szk);
> > + } else if (ret >= dst__szk) {
> > + ret = dst__szk;
> > + ((char *)dst)[ret - 1] = '\0';
> > + } else if (ret > 0) {
> > + ret++;
>
> I prefer to keep consistent with strncpy_from_user().
> Considering ret >= dst__szk, it is not actually copying dst__szk bytes.
> The last byte is generated by this function, not copying from
> the source buffer.
>
> Copying at most dst__szk - 1 bytes is more concise.
> The code could be simpler with this concept.
>
> ret = strncpy_from_user(dst, unsafe_ptr__ign, dst_szk - 1);
> ((char *)dst)[max(ret, 0)] = 0;
>
> WDYT?
>
Makes sense. No need to copy extra data if we're just going to overwrite it.
> > + }
> > +
> > + return ret;
> > +}
> > +
> > __bpf_kfunc_end_defs();
> >
> > BTF_KFUNCS_START(generic_btf_ids)
> > @@ -3024,6 +3055,7 @@ BTF_ID_FLAGS(func, bpf_preempt_enable)
> > BTF_ID_FLAGS(func, bpf_iter_bits_new, KF_ITER_NEW)
> > BTF_ID_FLAGS(func, bpf_iter_bits_next, KF_ITER_NEXT | KF_RET_NULL)
> > BTF_ID_FLAGS(func, bpf_iter_bits_destroy, KF_ITER_DESTROY)
> > +BTF_ID_FLAGS(func, bpf_copy_from_user_str, KF_SLEEPABLE)
> > BTF_KFUNCS_END(common_btf_ids)
> >
> > static const struct btf_kfunc_id_set common_kfunc_set = {
> > --
> > 2.44.1
> >
