Patch "bpf: fix multi-uprobe PID filtering logic" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    bpf: fix multi-uprobe PID filtering logic

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bpf-fix-multi-uprobe-pid-filtering-logic.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit e64fb4a765c5dfb1cd0b26f2df392c89a00ff04d
Author: Andrii Nakryiko <andrii@xxxxxxxxxx>
Date:   Tue May 21 09:33:57 2024 -0700

    bpf: fix multi-uprobe PID filtering logic
    
    [ Upstream commit 46ba0e49b64232adac35a2bc892f1710c5b0fb7f ]
    
    Current implementation of PID filtering logic for multi-uprobes in
    uprobe_prog_run() is filtering down to exact *thread*, while the intent
    for PID filtering it to filter by *process* instead. The check in
    uprobe_prog_run() also differs from the analogous one in
    uprobe_multi_link_filter() for some reason. The latter is correct,
    checking task->mm, not the task itself.
    
    Fix the check in uprobe_prog_run() to perform the same task->mm check.
    
    While doing this, we also update get_pid_task() use to use PIDTYPE_TGID
    type of lookup, given the intent is to get a representative task of an
    entire process. This doesn't change behavior, but seems more logical. It
    would hold task group leader task now, not any random thread task.
    
    Last but not least, given multi-uprobe support is half-broken due to
    this PID filtering logic (depending on whether PID filtering is
    important or not), we need to make it easy for user space consumers
    (including libbpf) to easily detect whether PID filtering logic was
    already fixed.
    
    We do it here by adding an early check on passed pid parameter. If it's
    negative (and so has no chance of being a valid PID), we return -EINVAL.
    Previous behavior would eventually return -ESRCH ("No process found"),
    given there can't be any process with negative PID. This subtle change
    won't make any practical change in behavior, but will allow applications
    to detect PID filtering fixes easily. Libbpf fixes take advantage of
    this in the next patch.
    
    Cc: stable@xxxxxxxxxxxxxxx
    Acked-by: Jiri Olsa <jolsa@xxxxxxxxxx>
    Fixes: b733eeade420 ("bpf: Add pid filter support for uprobe_multi link")
    Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240521163401.3005045-2-andrii@xxxxxxxxxx
    Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 8edbafe0d4cdf..cc29bf49f7159 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -3099,7 +3099,7 @@ static int uprobe_prog_run(struct bpf_uprobe *uprobe,
 	struct bpf_run_ctx *old_run_ctx;
 	int err = 0;
 
-	if (link->task && current != link->task)
+	if (link->task && current->mm != link->task->mm)
 		return 0;
 
 	if (sleepable)
@@ -3200,8 +3200,9 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
 	upath = u64_to_user_ptr(attr->link_create.uprobe_multi.path);
 	uoffsets = u64_to_user_ptr(attr->link_create.uprobe_multi.offsets);
 	cnt = attr->link_create.uprobe_multi.cnt;
+	pid = attr->link_create.uprobe_multi.pid;
 
-	if (!upath || !uoffsets || !cnt)
+	if (!upath || !uoffsets || !cnt || pid < 0)
 		return -EINVAL;
 	if (cnt > MAX_UPROBE_MULTI_CNT)
 		return -E2BIG;
@@ -3225,10 +3226,9 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
 		goto error_path_put;
 	}
 
-	pid = attr->link_create.uprobe_multi.pid;
 	if (pid) {
 		rcu_read_lock();
-		task = get_pid_task(find_vpid(pid), PIDTYPE_PID);
+		task = get_pid_task(find_vpid(pid), PIDTYPE_TGID);
 		rcu_read_unlock();
 		if (!task) {
 			err = -ESRCH;




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux