Patch "bpf: Fix unpopulated path_size when uprobe_multi fields unset" has been added to the 6.11-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Tue, 22 Oct 2024 13:41:09 -0400

This is a note to let you know that I've just added the patch titled

    bpf: Fix unpopulated path_size when uprobe_multi fields unset

to the 6.11-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bpf-fix-unpopulated-path_size-when-uprobe_multi-fiel.patch
and it can be found in the queue-6.11 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit e37e857740314751fbcb4bf5218e6966bc46b19c
Author: Tyrone Wu <wudevelops@xxxxxxxxx>
Date:   Fri Oct 11 00:08:02 2024 +0000

    bpf: Fix unpopulated path_size when uprobe_multi fields unset
    
    [ Upstream commit ad6b5b6ea9b764018249285a4fe0a2226bef4caa ]
    
    Previously when retrieving `bpf_link_info.uprobe_multi` with `path` and
    `path_size` fields unset, the `path_size` field is not populated
    (remains 0). This behavior was inconsistent with how other input/output
    string buffer fields work, as the field should be populated in cases
    when:
    - both buffer and length are set (currently works as expected)
    - both buffer and length are unset (not working as expected)
    
    This patch now fills the `path_size` field when `path` and `path_size`
    are unset.
    
    Fixes: e56fdbfb06e2 ("bpf: Add link_info support for uprobe multi link")
    Signed-off-by: Tyrone Wu <wudevelops@xxxxxxxxx>
    Signed-off-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
    Link: https://lore.kernel.org/bpf/20241011000803.681190-1-wudevelops@xxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index add26dc27d7e3..d9bc5ef1cafc3 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -3222,7 +3222,8 @@ static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link,
 	struct bpf_uprobe_multi_link *umulti_link;
 	u32 ucount = info->uprobe_multi.count;
 	int err = 0, i;
-	long left;
+	char *p, *buf;
+	long left = 0;
 
 	if (!upath ^ !upath_size)
 		return -EINVAL;
@@ -3236,26 +3237,23 @@ static int bpf_uprobe_multi_link_fill_link_info(const struct bpf_link *link,
 	info->uprobe_multi.pid = umulti_link->task ?
 				 task_pid_nr_ns(umulti_link->task, task_active_pid_ns(current)) : 0;
 
-	if (upath) {
-		char *p, *buf;
-
-		upath_size = min_t(u32, upath_size, PATH_MAX);
-
-		buf = kmalloc(upath_size, GFP_KERNEL);
-		if (!buf)
-			return -ENOMEM;
-		p = d_path(&umulti_link->path, buf, upath_size);
-		if (IS_ERR(p)) {
-			kfree(buf);
-			return PTR_ERR(p);
-		}
-		upath_size = buf + upath_size - p;
-		left = copy_to_user(upath, p, upath_size);
+	upath_size = upath_size ? min_t(u32, upath_size, PATH_MAX) : PATH_MAX;
+	buf = kmalloc(upath_size, GFP_KERNEL);
+	if (!buf)
+		return -ENOMEM;
+	p = d_path(&umulti_link->path, buf, upath_size);
+	if (IS_ERR(p)) {
 		kfree(buf);
-		if (left)
-			return -EFAULT;
-		info->uprobe_multi.path_size = upath_size;
+		return PTR_ERR(p);
 	}
+	upath_size = buf + upath_size - p;
+
+	if (upath)
+		left = copy_to_user(upath, p, upath_size);
+	kfree(buf);
+	if (left)
+		return -EFAULT;
+	info->uprobe_multi.path_size = upath_size;
 
 	if (!uoffsets && !ucookies && !uref_ctr_offsets)
 		return 0;







