On Mon, Sep 30, 2024 at 11:59:20PM +0000, tyrone-wu wrote: > Previously when retrieving `bpf_link_info.perf_event` for > kprobe/uprobe/tracepoint, the `name_len` field was not populated by the > kernel, leaving it to reflect the value initially set by the user. This > behavior was inconsistent with how other input/output string buffer > fields function (e.g. `raw_tracepoint.tp_name_len`). > > This patch fills `name_len` with the actual size of the string name. The > relevant selftests have also been updated to assert that `name_len` > contains the correct size rather than 0. > > Link: https://lore.kernel.org/bpf/CABVU1kXwQXhqQGe0RTrr7eegtM6SVW_KayZBy16-yb0Snztmtg@xxxxxxxxxxxxxx/ > Fixes: 1b715e1b0ec5 ("bpf: Support ->fill_link_info for perf_event") > Signed-off-by: tyrone-wu <wudevelops@xxxxxxxxx> > --- > kernel/bpf/syscall.c | 25 +++++++++++++------ > .../selftests/bpf/prog_tests/fill_link_info.c | 6 ++--- > 2 files changed, 20 insertions(+), 11 deletions(-) > > diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c > index a8f1808a1ca5..90b6add4d0c9 100644 > --- a/kernel/bpf/syscall.c > +++ b/kernel/bpf/syscall.c > @@ -3565,7 +3565,7 @@ static void bpf_perf_link_dealloc(struct bpf_link *link) > } > > static int bpf_perf_link_fill_common(const struct perf_event *event, > - char __user *uname, u32 ulen, > + char __user *uname, u32 *ulen, > u64 *probe_offset, u64 *probe_addr, > u32 *fd_type, unsigned long *missed) > { > @@ -3574,18 +3574,20 @@ static int bpf_perf_link_fill_common(const struct perf_event *event, > size_t len; > int err; > > - if (!ulen ^ !uname) > + if (!(*ulen) ^ !uname) > return -EINVAL; > > err = bpf_get_perf_event_info(event, &prog_id, fd_type, &buf, > probe_offset, probe_addr, missed); > if (err) > return err; > + > + len = strlen(buf); > + *ulen = len + 1; I think before you overwrite *ulen with actual name lenth you should store its value and use it in bpf_copy_to_user, otherwise we could overwrite user space memory that we are not supposed to jirka > if (!uname) > return 0; > if (buf) { > - len = strlen(buf); > - err = bpf_copy_to_user(uname, buf, ulen, len); > + err = bpf_copy_to_user(uname, buf, *ulen, len); > if (err) > return err; > } else { > @@ -3609,7 +3611,7 @@ static int bpf_perf_link_fill_kprobe(const struct perf_event *event, > > uname = u64_to_user_ptr(info->perf_event.kprobe.func_name); > ulen = info->perf_event.kprobe.name_len; > - err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr, > + err = bpf_perf_link_fill_common(event, uname, &ulen, &offset, &addr, > &type, &missed); > if (err) > return err; SNIP
