From nobody Thu May  7 23:13:06 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 41958C433F5
	for <linux-kernel@archiver.kernel.org>; Tue, 17 May 2022 07:37:53 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S241798AbiEQHhu (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 17 May 2022 03:37:50 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36888 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S242303AbiEQHgb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 May 2022 03:36:31 -0400
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id C0F52BCB4
        for <linux-kernel@vger.kernel.org>;
 Tue, 17 May 2022 00:36:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1652772989;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=0xxKQ63UkLF4342r+f5JL5hPNHBH+mdnNusP1wdNqn8=;
        b=Wt8ufwRTNPyIVZVAI1XM4MtPVj3ch5eFrKV/aMYqBypoRcRamH0PMhMC2XHJQ2jkrzliPO
        GBPOsspFOxXv1YnaoT4XaXOGp9H8vLIrm05ES9bRytri9athLYPzptxYd/itzltJBbDtoO
        kDIQxSa+CcR0QSK9QOsIZU5UkjAoiMQ=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-252-rN0cl44rNQqwRZrePtyRQg-1; Tue, 17 May 2022 03:36:22 -0400
X-MC-Unique: rN0cl44rNQqwRZrePtyRQg-1
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E9A19299E75D;
        Tue, 17 May 2022 07:36:21 +0000 (UTC)
Received: from asgard.redhat.com (unknown [10.36.110.3])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 0443E5739A1;
        Tue, 17 May 2022 07:36:17 +0000 (UTC)
Date: Tue, 17 May 2022 09:36:15 +0200
From: Eugene Syromiatnikov <esyr@redhat.com>
To: Jiri Olsa <jolsa@kernel.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Ingo Molnar <mingo@redhat.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>
Cc: Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>, netdev@vger.kernel.org,
        bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
        Shuah Khan <shuah@kernel.org>, linux-kselftest@vger.kernel.org
Subject: [PATCH bpf-next v3 1/4] bpf_trace: check size for overflow in
 bpf_kprobe_multi_link_attach
Message-ID: 
 <9e4171972a3d75e656073e0c25cd4071a6f652e4.1652772731.git.esyr@redhat.com>
References: <cover.1652772731.git.esyr@redhat.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1652772731.git.esyr@redhat.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.9
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Check that size would not overflow before calculation (and return
-EOVERFLOW if it will), to prevent potential out-of-bounds write
with the following copy_from_user.  Use kvmalloc_array
in copy_user_syms to prevent out-of-bounds write into syms
(and especially buf) as well.

Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link")
Cc: <stable@vger.kernel.org> # 5.18
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
---
 kernel/trace/bpf_trace.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 7141ca8..9c041be 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -2261,11 +2261,11 @@ static int copy_user_syms(struct user_syms *us, uns=
igned long __user *usyms, u32
 	int err =3D -ENOMEM;
 	unsigned int i;
=20
-	syms =3D kvmalloc(cnt * sizeof(*syms), GFP_KERNEL);
+	syms =3D kvmalloc_array(cnt, sizeof(*syms), GFP_KERNEL);
 	if (!syms)
 		goto error;
=20
-	buf =3D kvmalloc(cnt * KSYM_NAME_LEN, GFP_KERNEL);
+	buf =3D kvmalloc_array(cnt, KSYM_NAME_LEN, GFP_KERNEL);
 	if (!buf)
 		goto error;
=20
@@ -2461,7 +2461,8 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr=
 *attr, struct bpf_prog *pr
 	if (!cnt)
 		return -EINVAL;
=20
-	size =3D cnt * sizeof(*addrs);
+	if (check_mul_overflow(cnt, (u32)sizeof(*addrs), &size))
+		return -EOVERFLOW;
 	addrs =3D kvmalloc(size, GFP_KERNEL);
 	if (!addrs)
 		return -ENOMEM;
--=20
2.1.4
From nobody Thu May  7 23:13:06 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F3F13C433F5
	for <linux-kernel@archiver.kernel.org>; Tue, 17 May 2022 07:37:57 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236453AbiEQHhz (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 17 May 2022 03:37:55 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40754 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235250AbiEQHgl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 May 2022 03:36:41 -0400
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 6BC1C222B4
        for <linux-kernel@vger.kernel.org>;
 Tue, 17 May 2022 00:36:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1652772998;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=z8TJGc65VPq8LFCB93HW2zYbRoFkSWlAyqA2j8NAtgg=;
        b=hhghaI3IqtywUMrhE2LE4t0bc9NsTHxKy9xBBhlvpMeZJU6CkfMd7dirKKYQBjW2EkOc6z
        HxHEf/73MBAqGkMiLzfWBYNJJWPMRk1rAxk4j7//9btsNjHexN5H2kjl9vgpO5y4N2RfJg
        RTB/SOCE59qcD9NsLopxQtIMQXeyQjM=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-250-kAUXOHQZNo-BaEpEg3KrOg-1; Tue, 17 May 2022 03:36:33 -0400
X-MC-Unique: kAUXOHQZNo-BaEpEg3KrOg-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
 [10.11.54.7])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7C5131857F08;
        Tue, 17 May 2022 07:36:32 +0000 (UTC)
Received: from asgard.redhat.com (unknown [10.36.110.3])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id F15061568BA9;
        Tue, 17 May 2022 07:36:28 +0000 (UTC)
Date: Tue, 17 May 2022 09:36:26 +0200
From: Eugene Syromiatnikov <esyr@redhat.com>
To: Jiri Olsa <jolsa@kernel.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Ingo Molnar <mingo@redhat.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>
Cc: Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>, netdev@vger.kernel.org,
        bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
        Shuah Khan <shuah@kernel.org>, linux-kselftest@vger.kernel.org
Subject: [PATCH bpf-next v3 2/4] bpf_trace: support 32-bit kernels in
 bpf_kprobe_multi_link_attach
Message-ID: 
 <525b99881dc144b986e381eb23b12617a311f243.1652772731.git.esyr@redhat.com>
References: <cover.1652772731.git.esyr@redhat.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1652772731.git.esyr@redhat.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

It seems that there is no reason not to support 32-bit architectures;
doing so requires a bit of rework with respect to cookies handling,
however, as the current code implicitly assumes
that sizeof(long) =3D=3D sizeof(u64).

Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
 kernel/trace/bpf_trace.c | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 9c041be..a93a54f 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -2435,16 +2435,12 @@ int bpf_kprobe_multi_link_attach(const union bpf_at=
tr *attr, struct bpf_prog *pr
 	struct bpf_link_primer link_primer;
 	void __user *ucookies;
 	unsigned long *addrs;
-	u32 flags, cnt, size;
+	u32 flags, cnt, size, cookies_size;
 	void __user *uaddrs;
 	u64 *cookies =3D NULL;
 	void __user *usyms;
 	int err;
=20
-	/* no support for 32bit archs yet */
-	if (sizeof(u64) !=3D sizeof(void *))
-		return -EOPNOTSUPP;
-
 	if (prog->expected_attach_type !=3D BPF_TRACE_KPROBE_MULTI)
 		return -EINVAL;
=20
@@ -2454,6 +2450,7 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr=
 *attr, struct bpf_prog *pr
=20
 	uaddrs =3D u64_to_user_ptr(attr->link_create.kprobe_multi.addrs);
 	usyms =3D u64_to_user_ptr(attr->link_create.kprobe_multi.syms);
+	ucookies =3D u64_to_user_ptr(attr->link_create.kprobe_multi.cookies);
 	if (!!uaddrs =3D=3D !!usyms)
 		return -EINVAL;
=20
@@ -2461,8 +2458,11 @@ int bpf_kprobe_multi_link_attach(const union bpf_att=
r *attr, struct bpf_prog *pr
 	if (!cnt)
 		return -EINVAL;
=20
-	if (check_mul_overflow(cnt, (u32)sizeof(*addrs), &size))
+	if (check_mul_overflow(cnt, (u32)sizeof(*addrs), &size) ||
+	    (ucookies &&
+	     check_mul_overflow(cnt, (u32)sizeof(*cookies), &cookies_size))) {
 		return -EOVERFLOW;
+	}
 	addrs =3D kvmalloc(size, GFP_KERNEL);
 	if (!addrs)
 		return -ENOMEM;
@@ -2486,14 +2486,13 @@ int bpf_kprobe_multi_link_attach(const union bpf_at=
tr *attr, struct bpf_prog *pr
 			goto error;
 	}
=20
-	ucookies =3D u64_to_user_ptr(attr->link_create.kprobe_multi.cookies);
 	if (ucookies) {
-		cookies =3D kvmalloc(size, GFP_KERNEL);
+		cookies =3D kvmalloc(cookies_size, GFP_KERNEL);
 		if (!cookies) {
 			err =3D -ENOMEM;
 			goto error;
 		}
-		if (copy_from_user(cookies, ucookies, size)) {
+		if (copy_from_user(cookies, ucookies, cookies_size)) {
 			err =3D -EFAULT;
 			goto error;
 		}
--=20
2.1.4
From nobody Thu May  7 23:13:06 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2CE4FC433FE
	for <linux-kernel@archiver.kernel.org>; Tue, 17 May 2022 07:38:11 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240968AbiEQHiG (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 17 May 2022 03:38:06 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41458 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241421AbiEQHgw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 May 2022 03:36:52 -0400
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 579C7483AD
        for <linux-kernel@vger.kernel.org>;
 Tue, 17 May 2022 00:36:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1652773008;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=pQ8Tbw3YXlfFnImshaS6CSiXIKXl6akxMQXuGl5HlAA=;
        b=bUYDPIEYgGGiZJUKm/Elz3BUY44sLTC3SlA5P/xU41dt6r+TQECuNJRGSvcm3bg+kJqAso
        WGe7aOrm4FIFn3LqyM9ieBGQANPcrwE5PtBBOgOB5SDiQMfjYj34vSfdemttfRqooowDas
        lS4QIOmqQKuMkIWdYNyimrRYBs8RSRQ=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-556-Mlcp5x2wPqa4VISOC-SGlw-1; Tue, 17 May 2022 03:36:44 -0400
X-MC-Unique: Mlcp5x2wPqa4VISOC-SGlw-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 404C9101AA47;
        Tue, 17 May 2022 07:36:43 +0000 (UTC)
Received: from asgard.redhat.com (unknown [10.36.110.3])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 771137774;
        Tue, 17 May 2022 07:36:39 +0000 (UTC)
Date: Tue, 17 May 2022 09:36:36 +0200
From: Eugene Syromiatnikov <esyr@redhat.com>
To: Jiri Olsa <jolsa@kernel.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Ingo Molnar <mingo@redhat.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>
Cc: Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>, netdev@vger.kernel.org,
        bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
        Shuah Khan <shuah@kernel.org>, linux-kselftest@vger.kernel.org
Subject: [PATCH bpf-next v3 3/4] bpf_trace: handle compat in copy_user_syms
Message-ID: 
 <2a56d66cf4b9430982e81233f49d6c54988df056.1652772731.git.esyr@redhat.com>
References: <cover.1652772731.git.esyr@redhat.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1652772731.git.esyr@redhat.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

For compat processes, userspace size for syms pointers is different.
Provide compat handling for copying array elements from the user space.

Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link")
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
 kernel/trace/bpf_trace.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index a93a54f..9d3028a 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -2253,6 +2253,24 @@ struct user_syms {
 	char *buf;
 };
=20
+static inline int get_arr_ptr(unsigned long *p,
+			      unsigned long __user *uaddr, u32 idx)
+{
+	if (unlikely(in_compat_syscall())) {
+		compat_uptr_t __user *compat_uaddr =3D (compat_uptr_t __user *)uaddr;
+		compat_uptr_t val;
+		int err;
+
+		err =3D __get_user(val, compat_uaddr + idx);
+		if (!err)
+			*p =3D val;
+
+		return err;
+	} else {
+		return __get_user(*p, uaddr + idx);
+	}
+}
+
 static int copy_user_syms(struct user_syms *us, unsigned long __user *usym=
s, u32 cnt)
 {
 	unsigned long __user usymbol;
@@ -2270,7 +2288,7 @@ static int copy_user_syms(struct user_syms *us, unsig=
ned long __user *usyms, u32
 		goto error;
=20
 	for (p =3D buf, i =3D 0; i < cnt; i++) {
-		if (__get_user(usymbol, usyms + i)) {
+		if (get_arr_ptr(&usymbol, usyms, i)) {
 			err =3D -EFAULT;
 			goto error;
 		}
--=20
2.1.4
From nobody Thu May  7 23:13:06 2026
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 5FADFC433F5
	for <linux-kernel@archiver.kernel.org>; Tue, 17 May 2022 07:38:56 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229771AbiEQHix (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Tue, 17 May 2022 03:38:53 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42826 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S241636AbiEQHhI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 May 2022 03:37:08 -0400
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 2813448E50
        for <linux-kernel@vger.kernel.org>;
 Tue, 17 May 2022 00:37:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1652773019;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=Mqoy+gV+cPqf1cM9iO48i7hrZpV+uT4NBe8cPuE9DHk=;
        b=F8tSdtKpUU0HwMiY+Rja7nEQglpXfWaJW7sM2YGAUZlHg//GvQGkGkHENEuIZkpwZz5dTW
        UYAqYPVMBMwI+TKOtr31PCuntoWxllv8Tp9eBc5NJl1qH5fnggSX/xDMluZXRDrbkxyDVx
        Xbj32zfRfLVJX2Ji202Z+Rh6FYQ7gBA=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com
 [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-88-cZvUbg2HOE6qVtAgQLSAdg-1; Tue, 17 May 2022 03:36:55 -0400
X-MC-Unique: cZvUbg2HOE6qVtAgQLSAdg-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
 [10.11.54.7])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0DF6F299E751;
        Tue, 17 May 2022 07:36:54 +0000 (UTC)
Received: from asgard.redhat.com (unknown [10.36.110.3])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 2B55215687CF;
        Tue, 17 May 2022 07:36:49 +0000 (UTC)
Date: Tue, 17 May 2022 09:36:47 +0200
From: Eugene Syromiatnikov <esyr@redhat.com>
To: Jiri Olsa <jolsa@kernel.org>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Ingo Molnar <mingo@redhat.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>
Cc: Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>, netdev@vger.kernel.org,
        bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
        Shuah Khan <shuah@kernel.org>, linux-kselftest@vger.kernel.org
Subject: [PATCH bpf-next v3 4/4] bpf_trace: pass array of u64 values in
 kprobe_multi.addrs
Message-ID: 
 <6ef675aeeea442fa8fc168cd1cb4e4e474f65a3f.1652772731.git.esyr@redhat.com>
References: <cover.1652772731.git.esyr@redhat.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1652772731.git.esyr@redhat.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.7
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

With the interface as defined, it is impossible to pass 64-bit kernel
addresses from a 32-bit userspace process in BPF_LINK_TYPE_KPROBE_MULTI,
which severly limits the useability of the interface, change the ABI
to accept an array of u64 values instead of (kernel? user?) longs.
Interestingly, the rest of the libbpf infrastructure uses 64-bit values
for kallsyms addresses already, so this patch also eliminates
the sym_addr cast in tools/lib/bpf/libbpf.c:resolve_kprobe_multi_cb().

Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link")
Fixes: 5117c26e877352bc ("libbpf: Add bpf_link_create support for multi kpr=
obes")
Fixes: ddc6b04989eb0993 ("libbpf: Add bpf_program__attach_kprobe_multi_opts=
 function")
Fixes: f7a11eeccb111854 ("selftests/bpf: Add kprobe_multi attach test")
Fixes: 9271a0c7ae7a9147 ("selftests/bpf: Add attach test for bpf_program__a=
ttach_kprobe_multi_opts")
Fixes: 2c6401c966ae1fbe ("selftests/bpf: Add kprobe_multi bpf_cookie test")
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
---
 kernel/trace/bpf_trace.c                           | 25 ++++++++++++++++++=
----
 tools/lib/bpf/bpf.h                                |  2 +-
 tools/lib/bpf/libbpf.c                             |  8 +++----
 tools/lib/bpf/libbpf.h                             |  2 +-
 .../testing/selftests/bpf/prog_tests/bpf_cookie.c  |  2 +-
 .../selftests/bpf/prog_tests/kprobe_multi_test.c   |  8 +++----
 6 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 9d3028a..30a15b3 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -2454,7 +2454,7 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr=
 *attr, struct bpf_prog *pr
 	void __user *ucookies;
 	unsigned long *addrs;
 	u32 flags, cnt, size, cookies_size;
-	void __user *uaddrs;
+	u64 __user *uaddrs;
 	u64 *cookies =3D NULL;
 	void __user *usyms;
 	int err;
@@ -2486,9 +2486,26 @@ int bpf_kprobe_multi_link_attach(const union bpf_att=
r *attr, struct bpf_prog *pr
 		return -ENOMEM;
=20
 	if (uaddrs) {
-		if (copy_from_user(addrs, uaddrs, size)) {
-			err =3D -EFAULT;
-			goto error;
+		if (sizeof(*addrs) =3D=3D sizeof(*uaddrs)) {
+			if (copy_from_user(addrs, uaddrs, size)) {
+				err =3D -EFAULT;
+				goto error;
+			}
+		} else {
+			u32 i;
+			u64 addr;
+
+			for (i =3D 0; i < cnt; i++) {
+				if (get_user(addr, uaddrs + i)) {
+					err =3D -EFAULT;
+					goto error;
+				}
+				if (addr > ULONG_MAX) {
+					err =3D -EINVAL;
+					goto error;
+				}
+				addrs[i] =3D addr;
+			}
 		}
 	} else {
 		struct user_syms us;
diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h
index 2e0d373..da9c6037 100644
--- a/tools/lib/bpf/bpf.h
+++ b/tools/lib/bpf/bpf.h
@@ -418,7 +418,7 @@ struct bpf_link_create_opts {
 			__u32 flags;
 			__u32 cnt;
 			const char **syms;
-			const unsigned long *addrs;
+			const __u64 *addrs;
 			const __u64 *cookies;
 		} kprobe_multi;
 		struct {
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index ef7f302..35fa9c5 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -10737,7 +10737,7 @@ static bool glob_match(const char *str, const char =
*pat)
=20
 struct kprobe_multi_resolve {
 	const char *pattern;
-	unsigned long *addrs;
+	__u64 *addrs;
 	size_t cap;
 	size_t cnt;
 };
@@ -10752,12 +10752,12 @@ resolve_kprobe_multi_cb(unsigned long long sym_ad=
dr, char sym_type,
 	if (!glob_match(sym_name, res->pattern))
 		return 0;
=20
-	err =3D libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(unsign=
ed long),
+	err =3D libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(__u64),
 				res->cnt + 1);
 	if (err)
 		return err;
=20
-	res->addrs[res->cnt++] =3D (unsigned long) sym_addr;
+	res->addrs[res->cnt++] =3D sym_addr;
 	return 0;
 }
=20
@@ -10772,7 +10772,7 @@ bpf_program__attach_kprobe_multi_opts(const struct =
bpf_program *prog,
 	};
 	struct bpf_link *link =3D NULL;
 	char errmsg[STRERR_BUFSIZE];
-	const unsigned long *addrs;
+	const __u64 *addrs;
 	int err, link_fd, prog_fd;
 	const __u64 *cookies;
 	const char **syms;
diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h
index 9e9a3fd..76e171d 100644
--- a/tools/lib/bpf/libbpf.h
+++ b/tools/lib/bpf/libbpf.h
@@ -489,7 +489,7 @@ struct bpf_kprobe_multi_opts {
 	/* array of function symbols to attach */
 	const char **syms;
 	/* array of function addresses to attach */
-	const unsigned long *addrs;
+	const __u64 *addrs;
 	/* array of user-provided values fetchable through bpf_get_attach_cookie =
*/
 	const __u64 *cookies;
 	/* number of elements in syms/addrs/cookies arrays */
diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c b/tools/te=
sting/selftests/bpf/prog_tests/bpf_cookie.c
index 83ef55e3..e843840 100644
--- a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c
+++ b/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c
@@ -140,7 +140,7 @@ static void kprobe_multi_link_api_subtest(void)
 	cookies[6] =3D 7;
 	cookies[7] =3D 8;
=20
-	opts.kprobe_multi.addrs =3D (const unsigned long *) &addrs;
+	opts.kprobe_multi.addrs =3D (const __u64 *) &addrs;
 	opts.kprobe_multi.cnt =3D ARRAY_SIZE(addrs);
 	opts.kprobe_multi.cookies =3D (const __u64 *) &cookies;
 	prog_fd =3D bpf_program__fd(skel->progs.test_kprobe);
diff --git a/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c b/t=
ools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c
index 586dc52..7646112 100644
--- a/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c
+++ b/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c
@@ -108,7 +108,7 @@ static void test_link_api_addrs(void)
 	GET_ADDR("bpf_fentry_test7", addrs[6]);
 	GET_ADDR("bpf_fentry_test8", addrs[7]);
=20
-	opts.kprobe_multi.addrs =3D (const unsigned long*) addrs;
+	opts.kprobe_multi.addrs =3D (const __u64 *) addrs;
 	opts.kprobe_multi.cnt =3D ARRAY_SIZE(addrs);
 	test_link_api(&opts);
 }
@@ -186,7 +186,7 @@ static void test_attach_api_addrs(void)
 	GET_ADDR("bpf_fentry_test7", addrs[6]);
 	GET_ADDR("bpf_fentry_test8", addrs[7]);
=20
-	opts.addrs =3D (const unsigned long *) addrs;
+	opts.addrs =3D (const __u64 *) addrs;
 	opts.cnt =3D ARRAY_SIZE(addrs);
 	test_attach_api(NULL, &opts);
 }
@@ -244,7 +244,7 @@ static void test_attach_api_fails(void)
 		goto cleanup;
=20
 	/* fail_2 - both addrs and syms set */
-	opts.addrs =3D (const unsigned long *) addrs;
+	opts.addrs =3D (const __u64 *) addrs;
 	opts.syms =3D syms;
 	opts.cnt =3D ARRAY_SIZE(syms);
 	opts.cookies =3D NULL;
@@ -258,7 +258,7 @@ static void test_attach_api_fails(void)
 		goto cleanup;
=20
 	/* fail_3 - pattern and addrs set */
-	opts.addrs =3D (const unsigned long *) addrs;
+	opts.addrs =3D (const __u64 *) addrs;
 	opts.syms =3D NULL;
 	opts.cnt =3D ARRAY_SIZE(syms);
 	opts.cookies =3D NULL;
--=20
2.1.4