Re: [PATCH v6 06/12] samples/bpf/test_overhead_kprobe_kern: make it adopt to task comm size change

From: Kees Cook
Date: Mon Oct 25 2021 - 17:20:58 EST

Next message: Mrs Stefanie Chantal: "Dear. Friend"
Previous message: Kees Cook: "Re: [PATCH v6 05/12] elfcore: make prpsinfo always get a nul terminated task comm"
In reply to: Yafang Shao: "[PATCH v6 06/12] samples/bpf/test_overhead_kprobe_kern: make it adopt to task comm size change"
Next in thread: Yafang Shao: "[PATCH v6 07/12] samples/bpf/offwaketime_kern: make sched_switch tracepoint args adopt to comm size change"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 25, 2021 at 08:33:09AM +0000, Yafang Shao wrote:
> bpf_probe_read_kernel_str() will add a nul terminator to the dst, then
> we don't care about if the dst size is big enough. This patch also
> replaces the hard-coded 16 with TASK_COMM_LEN to make it adopt to task
> comm size change.
>
> Signed-off-by: Yafang Shao <laoar.shao@xxxxxxxxx>
> Cc: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx>
> Cc: Arnaldo Carvalho de Melo <arnaldo.melo@xxxxxxxxx>
> Cc: Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx>
> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Cc: Steven Rostedt <rostedt@xxxxxxxxxxx>
> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> Cc: Petr Mladek <pmladek@xxxxxxxx>

As these are samples, I guess it's fine to change their sizes.

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

> ---
> samples/bpf/test_overhead_kprobe_kern.c | 11 ++++++-----
> samples/bpf/test_overhead_tp_kern.c | 5 +++--
> 2 files changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/samples/bpf/test_overhead_kprobe_kern.c b/samples/bpf/test_overhead_kprobe_kern.c
> index f6d593e47037..8fdd2c9c56b2 100644
> --- a/samples/bpf/test_overhead_kprobe_kern.c
> +++ b/samples/bpf/test_overhead_kprobe_kern.c
> @@ -6,6 +6,7 @@
> */
> #include <linux/version.h>
> #include <linux/ptrace.h>
> +#include <linux/sched.h>
> #include <uapi/linux/bpf.h>
> #include <bpf/bpf_helpers.h>
> #include <bpf/bpf_tracing.h>
> @@ -22,17 +23,17 @@ int prog(struct pt_regs *ctx)
> {
> struct signal_struct *signal;
> struct task_struct *tsk;
> - char oldcomm[16] = {};
> - char newcomm[16] = {};
> + char oldcomm[TASK_COMM_LEN] = {};
> + char newcomm[TASK_COMM_LEN] = {};
> u16 oom_score_adj;
> u32 pid;
>
> tsk = (void *)PT_REGS_PARM1(ctx);
>
> pid = _(tsk->pid);
> - bpf_probe_read_kernel(oldcomm, sizeof(oldcomm), &tsk->comm);
> - bpf_probe_read_kernel(newcomm, sizeof(newcomm),
> - (void *)PT_REGS_PARM2(ctx));
> + bpf_probe_read_kernel_str(oldcomm, sizeof(oldcomm), &tsk->comm);
> + bpf_probe_read_kernel_str(newcomm, sizeof(newcomm),
> + (void *)PT_REGS_PARM2(ctx));
> signal = _(tsk->signal);
> oom_score_adj = _(signal->oom_score_adj);
> return 0;
> diff --git a/samples/bpf/test_overhead_tp_kern.c b/samples/bpf/test_overhead_tp_kern.c
> index eaa32693f8fc..80edadacb692 100644
> --- a/samples/bpf/test_overhead_tp_kern.c
> +++ b/samples/bpf/test_overhead_tp_kern.c
> @@ -4,6 +4,7 @@
> * modify it under the terms of version 2 of the GNU General Public
> * License as published by the Free Software Foundation.
> */
> +#include <linux/sched.h>
> #include <uapi/linux/bpf.h>
> #include <bpf/bpf_helpers.h>
>
> @@ -11,8 +12,8 @@
> struct task_rename {
> __u64 pad;
> __u32 pid;
> - char oldcomm[16];
> - char newcomm[16];
> + char oldcomm[TASK_COMM_LEN];
> + char newcomm[TASK_COMM_LEN];
> __u16 oom_score_adj;
> };
> SEC("tracepoint/task/task_rename")
> --
> 2.17.1
>

--
Kees Cook

Next message: Mrs Stefanie Chantal: "Dear. Friend"
Previous message: Kees Cook: "Re: [PATCH v6 05/12] elfcore: make prpsinfo always get a nul terminated task comm"
In reply to: Yafang Shao: "[PATCH v6 06/12] samples/bpf/test_overhead_kprobe_kern: make it adopt to task comm size change"
Next in thread: Yafang Shao: "[PATCH v6 07/12] samples/bpf/offwaketime_kern: make sched_switch tracepoint args adopt to comm size change"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]