Re: [PATCH v2 2/3] tracing: Add "(fault)" name injection to kernel probes

[Steven Rostedt]

On Wed, 12 Oct 2022 12:34:45 +0000
David Laight <David.Laight@xxxxxxxxxx> wrote:

> > @@ -13,8 +15,16 @@ static nokprobe_inline int
> >  kern_fetch_store_strlen_user(unsigned long addr)
> >  {
> >  	const void __user *uaddr =  (__force const void __user *)addr;
> > +	int ret;
> > 
> > -	return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
> > +	ret = strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
> > +	/*
> > +	 * strnlen_user_nofault returns zero on fault, insert the
> > +	 * FAULT_STRING when that occurs.
> > +	 */
> > +	if (ret <= 0)
> > +		return strlen(FAULT_STRING) + 1;
> > +	return ret;
> >  }  
> 
> Isn't that going to do the wrong thing if the user
> string is valid memory but just zero length??

I thought so at first (and was in the process of changing things
because of that) until I saw the comment above this code:

/* Return the length of string -- including null terminal byte */

And looking the function of strnlen_user_nofault():

* Returns the size of the string INCLUDING the terminating NUL.

That is, it returns 1 on a zero length string and 0 on fault :-p

Yes, I think we should fix that API, but that's another story.

-- Steve