Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp8452397ybl; Thu, 16 Jan 2020 17:08:58 -0800 (PST) X-Google-Smtp-Source: APXvYqzhfK13eOc03QPsd3nLP17PqgOtV/ptvmu9gVmjVQaRXUW287o2pFy27Y256gAQ2qef6H21 X-Received: by 2002:aca:52cd:: with SMTP id g196mr1648609oib.18.1579223338251; Thu, 16 Jan 2020 17:08:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579223338; cv=none; d=google.com; s=arc-20160816; b=u0DR9FnN2TO/EtRiLR+9UUGh2r1vyWtYdjF19H/7NErTbrV/6XJw1yNJSji2QlK2UZ G2OjE+5I0bXDnn5dWauTu8UFKddSSMjgra/7TggmjDYYCYykJecXNHh/75V2zWc3BvO1 ya72oumd0ImioGopYUDPQ0Lh2h/DKMe282noUrtaIotJPRDjAET1b16DrhQAEZ1XBxGy P2ntRW9h8Tq8B/xQvT4kA0JKw7gkqRguE1Q/0MGqxhLFO49ppQ9UPRiEN7WCifAF8fbD M5zt7IsSDltKARU9ACK6a8GjtrD4QjzNXCyYSUo+n+O7hwwnufiMe87azuc/kzzmi+Tr Svlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=2Vba0pXTgMBP2bWg5EqPD/nxZG5U3auIakyrpW+5TRA=; b=l8DceOrBMlSxGVwHZ9TZ7pGCcBvSyXMG+FLHI+ZLg2jnLM9vxKh1F1ewIqOTi5JuFB AELg1X0z/L6VKM8eqcq84ca4mlfv+kjlPdxZ+gI6ZppZ6VpdHCT1taCAu7cbxvWUX6aR NPpyc349jdn9uPP341upSappTwlusdoDq42ZPp2UT0Dsmjw6VEe0TRkIWgl15n3GpuvN pXh0QO9XqbEhWWz3KrPggbACXgO9ZfAc0J0Oj6aV6dRBHET/WCjQ0wRYy4KFC3r4MYUn Pkdki5ciO06TlcCkuIqF75vXAK85XZESOjfcpBkOHbrQFsHDDJMeVeJSH4ppOMx+CND6 5cDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=d9wCnBwq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w16si12711891oih.154.2020.01.16.17.08.46; Thu, 16 Jan 2020 17:08:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=d9wCnBwq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387626AbgAPXWV (ORCPT + 99 others); Thu, 16 Jan 2020 18:22:21 -0500 Received: from mail.kernel.org ([198.145.29.99]:49936 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388828AbgAPXWK (ORCPT ); Thu, 16 Jan 2020 18:22:10 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A6E922075B; Thu, 16 Jan 2020 23:22:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579216930; bh=YHCmKvqgNloUQ1CrqSeEmRJBO0gb6SZ/9jXI8HGzTVI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=d9wCnBwq3I8qsfM3eUwAEt18A5S+3SeTIZcUVDteF1tbf9b8FN66HGWhcr6A/6zz5 yMTftSC2gwP2XB2NsMwYf1zKoGGTWJuKysGL4S59esz+XzJbhFXcJoWtNcLrm8MtkV T3tFP8an61TXvOqHkqmyLkrSw0XjJn9wZe6gbR7g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Borkmann , Alexei Starovoitov , Andrii Nakryiko Subject: [PATCH 5.4 078/203] bpf: Make use of probe_user_write in probe write helper Date: Fri, 17 Jan 2020 00:16:35 +0100 Message-Id: <20200116231751.315347781@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200116231745.218684830@linuxfoundation.org> References: <20200116231745.218684830@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Daniel Borkmann commit eb1b66887472eaa7342305b7890ae510dd9d1a79 upstream. Convert the bpf_probe_write_user() helper to probe_user_write() such that writes are not attempted under KERNEL_DS anymore which is buggy as kernel and user space pointers can have overlapping addresses. Also, given we have the access_ok() check inside probe_user_write(), the helper doesn't need to do it twice. Fixes: 96ae52279594 ("bpf: Add bpf_probe_write_user BPF helper to be called in tracers") Signed-off-by: Daniel Borkmann Signed-off-by: Alexei Starovoitov Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/841c461781874c07a0ee404a454c3bc0459eed30.1572649915.git.daniel@iogearbox.net Signed-off-by: Greg Kroah-Hartman --- kernel/trace/bpf_trace.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -163,7 +163,7 @@ static const struct bpf_func_proto bpf_p .arg3_type = ARG_ANYTHING, }; -BPF_CALL_3(bpf_probe_write_user, void *, unsafe_ptr, const void *, src, +BPF_CALL_3(bpf_probe_write_user, void __user *, unsafe_ptr, const void *, src, u32, size) { /* @@ -186,10 +186,8 @@ BPF_CALL_3(bpf_probe_write_user, void *, return -EPERM; if (unlikely(!nmi_uaccess_okay())) return -EPERM; - if (!access_ok(unsafe_ptr, size)) - return -EPERM; - return probe_kernel_write(unsafe_ptr, src, size); + return probe_user_write(unsafe_ptr, src, size); } static const struct bpf_func_proto bpf_probe_write_user_proto = {