On Sat, Aug 17, 2024 at 5:24 PM Jordan Rome <linux@xxxxxxxxxxxxxx> wrote:
>
> This adds a kfunc wrapper around strncpy_from_user,
> which can be called from sleepable BPF programs.
>
> This matches the non-sleepable 'bpf_probe_read_user_str'
> helper except it includes an additional 'flags'
> param, which allows consumers to clear the entire
> destination buffer on success.
>
> Signed-off-by: Jordan Rome <linux@xxxxxxxxxxxxxx>
> ---
> include/uapi/linux/bpf.h | 8 +++++++
> kernel/bpf/helpers.c | 44 ++++++++++++++++++++++++++++++++++
> tools/include/uapi/linux/bpf.h | 8 +++++++
> 3 files changed, 60 insertions(+)
>
LGTM overall, with the issues pointed out below:
Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index e05b39e39c3f..5e6be3489e43 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -7513,4 +7513,12 @@ struct bpf_iter_num {
> __u64 __opaque[1];
> } __attribute__((aligned(8)));
>
> +/*
> + * Flags to control bpf_copy_from_user_str() behaviour.
> + * - BPF_F_PAD_ZEROS: Memset 0 the tail of the destination buffer on success
I suspect we might want to reuse this flag for similar kfuncs/helpers
in the future, so I'd generalize description a bit. How about
something like:
BPF_F_PAD_ZEROS: pad destination buffer with zeros. (See respective
helpers documentation for exact details.)
> + */
> +enum {
> + BPF_F_PAD_ZEROS = (1ULL << 0)
> +};
> +
> #endif /* _UAPI__LINUX_BPF_H__ */
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index d02ae323996b..a0d2cc8f4f3f 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -2939,6 +2939,49 @@ __bpf_kfunc void bpf_iter_bits_destroy(struct bpf_iter_bits *it)
> bpf_mem_free(&bpf_global_ma, kit->bits);
> }
>
> +/**
> + * bpf_copy_from_user_str() - Copy a string from an unsafe user address
> + * @dst: Destination address, in kernel space. This buffer must be at
> + * least @dst__szk bytes long.
> + * @dst__szk: Maximum number of bytes to copy, including the trailing NUL.
> + * @unsafe_ptr__ign: Source address, in user space.
> + * @flags: The only supported flag is BPF_F_PAD_ZEROS
> + *
> + * Copies a NUL-terminated string from userspace to BPF space. If user string is
> + * too long this will still ensure zero termination in the dst buffer unless
> + * buffer size is 0.
> + *
> + * If BPF_F_PAD_ZEROS flag is set, memset the tail of @dst to 0 on success and
> + * memset all of @dst on failure.
> + */
> +__bpf_kfunc int bpf_copy_from_user_str(void *dst, u32 dst__szk, const void __user *unsafe_ptr__ign, u64 flags)
> +{
> + int ret;
> +
> + if (unlikely(!dst__szk))
> + return 0;
> +
> + if (unlikely(flags & ~BPF_F_PAD_ZEROS))
> + return -EINVAL;
> +
let's move this up before dst__szk check, invalid flags should be
rejected regardless of dst__szk
pw-bot: cr
> + ret = strncpy_from_user(dst, unsafe_ptr__ign, dst__szk - 1);
> + if (ret < 0) {
> + if (flags & BPF_F_PAD_ZEROS)
> + memset((char *)dst, 0, dst__szk);
> +
> + return ret;
> + }
> +
> + if (flags & BPF_F_PAD_ZEROS)
> + memset((char *)dst + ret, 0, dst__szk - ret);
> + else
> + ((char *)dst)[ret] = '\0';
> +
> + ret++;
> +
> + return ret;
nit: return ret + 1;
> +}
> +
> __bpf_kfunc_end_defs();
>
> BTF_KFUNCS_START(generic_btf_ids)
> @@ -3024,6 +3067,7 @@ BTF_ID_FLAGS(func, bpf_preempt_enable)
> BTF_ID_FLAGS(func, bpf_iter_bits_new, KF_ITER_NEW)
> BTF_ID_FLAGS(func, bpf_iter_bits_next, KF_ITER_NEXT | KF_RET_NULL)
> BTF_ID_FLAGS(func, bpf_iter_bits_destroy, KF_ITER_DESTROY)
> +BTF_ID_FLAGS(func, bpf_copy_from_user_str, KF_SLEEPABLE)
> BTF_KFUNCS_END(common_btf_ids)
>
> static const struct btf_kfunc_id_set common_kfunc_set = {
> diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> index e05b39e39c3f..a8dcb99ed904 100644
> --- a/tools/include/uapi/linux/bpf.h
> +++ b/tools/include/uapi/linux/bpf.h
> @@ -7513,4 +7513,12 @@ struct bpf_iter_num {
> __u64 __opaque[1];
> } __attribute__((aligned(8)));
>
> +/*
> + * Flags to control bpf_copy_from_user_str() behaviour.
> + * - BPF_F_PAD_ZEROS: Memset 0 the entire destination buffer on success
> + */
> +enum {
> + BPF_F_PAD_ZEROS = (1ULL << 0)
> +};
> +
> #endif /* _UAPI__LINUX_BPF_H__ */
> --
> 2.43.5
>
