| From foo@baz Sat Apr 16 10:02:53 PDT 2016 |
| From: Alexei Starovoitov <ast@fb.com> |
| Date: Wed, 9 Mar 2016 20:02:33 -0800 |
| Subject: bpf: avoid copying junk bytes in bpf_get_current_comm() |
| |
| From: Alexei Starovoitov <ast@fb.com> |
| |
| [ Upstream commit cdc4e47da8f4c32eeb6b2061a8a834f4362a12b7 ] |
| |
| Lots of places in the kernel use memcpy(buf, comm, TASK_COMM_LEN); but |
| the result is typically passed to print("%s", buf) and extra bytes |
| after zero don't cause any harm. |
| In bpf the result of bpf_get_current_comm() is used as the part of |
| map key and was causing spurious hash map mismatches. |
| Use strlcpy() to guarantee zero-terminated string. |
| bpf verifier checks that output buffer is zero-initialized, |
| so even for short task names the output buffer don't have junk bytes. |
| Note it's not a security concern, since kprobe+bpf is root only. |
| |
| Fixes: ffeedafbf023 ("bpf: introduce current->pid, tgid, uid, gid, comm accessors") |
| Reported-by: Tobias Waldekranz <tobias@waldekranz.com> |
| Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| kernel/bpf/helpers.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/kernel/bpf/helpers.c |
| +++ b/kernel/bpf/helpers.c |
| @@ -166,7 +166,7 @@ static u64 bpf_get_current_comm(u64 r1, |
| if (!task) |
| return -EINVAL; |
| |
| - memcpy(buf, task->comm, min_t(size_t, size, sizeof(task->comm))); |
| + strlcpy(buf, task->comm, min_t(size_t, size, sizeof(task->comm))); |
| return 0; |
| } |
| |
