Re: [PATCH 1/3] bpf: use check_zeroed_user() in bpf_check_uarg_tail_zero()

From: Aleksa Sarai
Date: Thu Oct 10 2019 - 06:50:50 EST


On 2019-10-09, Christian Brauner <christian.brauner@xxxxxxxxxx> wrote:
> In v5.4-rc2 we added a new helper (cf. [1]) check_zeroed_user() which
> does what bpf_check_uarg_tail_zero() is doing generically. We're slowly
> switching such codepaths over to use check_zeroed_user() instead of
> using their own hand-rolled version.
>
> [1]: f5a1a536fa14 ("lib: introduce copy_struct_from_user() helper")
> Signed-off-by: Christian Brauner <christian.brauner@xxxxxxxxxx>

Acked-by: Aleksa Sarai <cyphar@xxxxxxxxxx>

> ---
> kernel/bpf/syscall.c | 22 +++++++---------------
> 1 file changed, 7 insertions(+), 15 deletions(-)
>
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index 82eabd4e38ad..78790778f101 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -63,30 +63,22 @@ int bpf_check_uarg_tail_zero(void __user *uaddr,
> size_t expected_size,
> size_t actual_size)
> {
> - unsigned char __user *addr;
> - unsigned char __user *end;
> - unsigned char val;
> + size_t size = min(expected_size, actual_size);
> + size_t rest = max(expected_size, actual_size) - size;
> int err;
>
> if (unlikely(actual_size > PAGE_SIZE)) /* silly large */
> return -E2BIG;
>
> - if (unlikely(!access_ok(uaddr, actual_size)))
> - return -EFAULT;
> -
> if (actual_size <= expected_size)
> return 0;
>
> - addr = uaddr + expected_size;
> - end = uaddr + actual_size;
> + err = check_zeroed_user(uaddr + expected_size, rest);
> + if (err < 0)
> + return err;
>
> - for (; addr < end; addr++) {
> - err = get_user(val, addr);
> - if (err)
> - return err;
> - if (val)
> - return -E2BIG;
> - }
> + if (err)
> + return -E2BIG;
>
> return 0;
> }

--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

Attachment: signature.asc
Description: PGP signature