Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'bpf_trace_printk-percent-s'

Alexei Starovoitov says:

====================
support for '%s' in bpf_trace_printk

v2->v3:
fix the comment to mention that strncpy_from_unsafe() returns
the length of the string including the trailing NUL.

v1->v2:
patch 1: generalize FETCH_FUNC_NAME(memory, string) into
strncpy_from_unsafe()
patch 2: use it in bpf_trace_printk
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller 10 years ago
parent
c9fd56b34e 8d3b7dce86
commit
cc7acad135
4 changed files with 77 additions and 18 deletions
Split View Show Diff Stats
  1. 2 0
      include/linux/uaccess.h
  2. 30 2
      kernel/trace/bpf_trace.c
  3. 4 16
      kernel/trace/trace_kprobe.c
  4. 41 0
      lib/strncpy_from_user.c

+ 2 - 0
include/linux/uaccess.h
View File 

@@ -129,4 +129,6 @@ extern long __probe_kernel_read(void *dst, const void *src, size_t size);
 
 extern long notrace probe_kernel_write(void *dst, const void *src, size_t size);
 
 extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size);
 
 
+extern long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count);
 
+
 
 #endif		/* __LINUX_UACCESS_H__ */

+ 30 - 2
kernel/trace/bpf_trace.c
View File 

@@ -81,13 +81,16 @@ static const struct bpf_func_proto bpf_probe_read_proto = {
 
 
 /*
 
  * limited trace_printk()
 
- * only %d %u %x %ld %lu %lx %lld %llu %llx %p conversion specifiers allowed
 
+ * only %d %u %x %ld %lu %lx %lld %llu %llx %p %s conversion specifiers allowed
 
  */
 
 static u64 bpf_trace_printk(u64 r1, u64 fmt_size, u64 r3, u64 r4, u64 r5)
 
 {
 
 	char *fmt = (char *) (long) r1;
 
+	bool str_seen = false;
 
 	int mod[3] = {};
 
 	int fmt_cnt = 0;
 
+	u64 unsafe_addr;
 
+	char buf[64];
 
 	int i;
 
 
 	/*
 
@@ -114,12 +117,37 @@ static u64 bpf_trace_printk(u64 r1, u64 fmt_size, u64 r3, u64 r4, u64 r5)
 
 		if (fmt[i] == 'l') {
 
 			mod[fmt_cnt]++;
 
 			i++;
 
-		} else if (fmt[i] == 'p') {
 
+		} else if (fmt[i] == 'p' || fmt[i] == 's') {
 
 			mod[fmt_cnt]++;
 
 			i++;
 
 			if (!isspace(fmt[i]) && !ispunct(fmt[i]) && fmt[i] != 0)
 
 				return -EINVAL;
 
 			fmt_cnt++;
 
+			if (fmt[i - 1] == 's') {
 
+				if (str_seen)
 
+					/* allow only one '%s' per fmt string */
 
+					return -EINVAL;
 
+				str_seen = true;
 
+
 
+				switch (fmt_cnt) {
 
+				case 1:
 
+					unsafe_addr = r3;
 
+					r3 = (long) buf;
 
+					break;
 
+				case 2:
 
+					unsafe_addr = r4;
 
+					r4 = (long) buf;
 
+					break;
 
+				case 3:
 
+					unsafe_addr = r5;
 
+					r5 = (long) buf;
 
+					break;
 
+				}
 
+				buf[0] = 0;
 
+				strncpy_from_unsafe(buf,
 
+						    (void *) (long) unsafe_addr,
 
+						    sizeof(buf));
 
+			}
 
 			continue;
 
 		}

+ 4 - 16
kernel/trace/trace_kprobe.c
View File 

@@ -165,11 +165,9 @@ DEFINE_BASIC_FETCH_FUNCS(memory)
 
 static void FETCH_FUNC_NAME(memory, string)(struct pt_regs *regs,
 
 					    void *addr, void *dest)
 
 {
 
-	long ret;
 
 	int maxlen = get_rloc_len(*(u32 *)dest);
 
 	u8 *dst = get_rloc_data(dest);
 
-	u8 *src = addr;
 
-	mm_segment_t old_fs = get_fs();
 
+	long ret;
 
 
 	if (!maxlen)
 
 		return;
 
@@ -178,23 +176,13 @@ static void FETCH_FUNC_NAME(memory, string)(struct pt_regs *regs,
 
 	 * Try to get string again, since the string can be changed while
 
 	 * probing.
 
 	 */
 
-	set_fs(KERNEL_DS);
 
-	pagefault_disable();
 
-
 
-	do
 
-		ret = __copy_from_user_inatomic(dst++, src++, 1);
 
-	while (dst[-1] && ret == 0 && src - (u8 *)addr < maxlen);
 
-
 
-	dst[-1] = '\0';
 
-	pagefault_enable();
 
-	set_fs(old_fs);
 
+	ret = strncpy_from_unsafe(dst, addr, maxlen);
 
 
 	if (ret < 0) {	/* Failed to fetch string */
 
-		((u8 *)get_rloc_data(dest))[0] = '\0';
 
+		dst[0] = '\0';
 
 		*(u32 *)dest = make_data_rloc(0, get_rloc_offs(*(u32 *)dest));
 
 	} else {
 
-		*(u32 *)dest = make_data_rloc(src - (u8 *)addr,
 
-					      get_rloc_offs(*(u32 *)dest));
 
+		*(u32 *)dest = make_data_rloc(ret, get_rloc_offs(*(u32 *)dest));
 
 	}
 
 }
 
 NOKPROBE_SYMBOL(FETCH_FUNC_NAME(memory, string));

+ 41 - 0
lib/strncpy_from_user.c
View File 

@@ -112,3 +112,44 @@ long strncpy_from_user(char *dst, const char __user *src, long count)
 
 	return -EFAULT;
 
 }
 
 EXPORT_SYMBOL(strncpy_from_user);
 
+
 
+/**
 
+ * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address.
 
+ * @dst:   Destination address, in kernel space.  This buffer must be at
 
+ *         least @count bytes long.
 
+ * @src:   Unsafe address.
 
+ * @count: Maximum number of bytes to copy, including the trailing NUL.
 
+ *
 
+ * Copies a NUL-terminated string from unsafe address to kernel buffer.
 
+ *
 
+ * On success, returns the length of the string INCLUDING the trailing NUL.
 
+ *
 
+ * If access fails, returns -EFAULT (some data may have been copied
 
+ * and the trailing NUL added).
 
+ *
 
+ * If @count is smaller than the length of the string, copies @count-1 bytes,
 
+ * sets the last byte of @dst buffer to NUL and returns @count.
 
+ */
 
+long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count)
 
+{
 
+	mm_segment_t old_fs = get_fs();
 
+	const void *src = unsafe_addr;
 
+	long ret;
 
+
 
+	if (unlikely(count <= 0))
 
+		return 0;
 
+
 
+	set_fs(KERNEL_DS);
 
+	pagefault_disable();
 
+
 
+	do {
 
+		ret = __copy_from_user_inatomic(dst++,
 
+						(const void __user __force *)src++, 1);
 
+	} while (dst[-1] && ret == 0 && src - unsafe_addr < count);
 
+
 
+	dst[-1] = '\0';
 
+	pagefault_enable();
 
+	set_fs(old_fs);
 
+
 
+	return ret < 0 ? ret : src - unsafe_addr;
 
+}