Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp585764lql; Mon, 11 Mar 2024 11:05:10 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUJF3S9hLjVSOZlhBw6/rDyRJFb9tgKeC39e4m4fyZ7kjfakMEv4oCD0Yi8fCztD28IQdqQkyrMxVTRkmfWo6SFlLk8wI83H7VE54P1Jg== X-Google-Smtp-Source: AGHT+IEfpo3CCX3RZoX7yXpPmstRnRF6FL9mRU6yOT32+4dGSZXx+ZWS/T2SS8LIc8j2CUN2Ellq X-Received: by 2002:a05:6a20:3b97:b0:1a1:4d18:66be with SMTP id b23-20020a056a203b9700b001a14d1866bemr3862264pzh.52.1710180310253; Mon, 11 Mar 2024 11:05:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710180310; cv=pass; d=google.com; s=arc-20160816; b=jfUR6CGL4yvvtsKDNKk8hkFudh6kiB9Z7Dh7IOmjkC1c05WHAvbUosp5hwsRFdPKyN v0oQFGCPkyqjDVMJRMFV0DP9b0qMawIWTLtNpLCzTMMPQiCFHXI690YaRtBzUIwkqZFn zX5/+EAs20in3zgDvD+OBZCsrRuJY8awrhGJhH8d8sh4wqip/gvzBOImjxSp+d8jWCL8 91LnsVxabzHI9Ql2yQRPTwx/YuXBT/MV58MSARTJ9AoGbahUH/TolluQXTf81tAify9X CfmhQMD6JcYhMnWTGmtQ+qrJJn67/frgKtFTUHI9jOyDu3XQGT7jWJdH9NOHiR8OeauC jBjQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=o4R9ADmuK2FzMV+uyNo5OY4V3RZjV78H/xpdInlrSUI=; fh=nITvANW+/HhsDcw+wu/uxEB8ygLykshmbWiF10LzyiY=; b=RPm8rE3AeY02x/drbSrFsTzyL2QlvDGaYN2Wl5spGksSwSyWPQ3VkBaneQQq31wqbl /qyyfBOigkYOFHBv3S0RsTC0C9HYucER8Utaszgfw5T2m/MKaILEzlHYus5Kj/C5VQqB hTooOJWieaoZY0WcWrVtnVIO4M/iMt6tAfsVryonx1QH0moMnQP1pnhGgp0c5E8kEZwe nNhRJUiHrHai2a5nQSqY6rW/sbFNdeFhtK9vxPNopWg9rhSjP9uxbnWyTNdualGKPntd ZdYERwpI3H9Xhn/+SE8KA/94amm/6JPvJnoO3lwMMmb0j/hhSGO+OrgERvNWbNSG4ymy cPFQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=K6hOpfN1; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-99343-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-99343-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id k197-20020a6284ce000000b006e64f3bfd36si5228760pfd.97.2024.03.11.11.05.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 11:05:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-99343-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=K6hOpfN1; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-99343-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-99343-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id EBF84B22C3A for ; Mon, 11 Mar 2024 18:02:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D6A3253E27; Mon, 11 Mar 2024 18:02:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="K6hOpfN1" Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E738854F8D; Mon, 11 Mar 2024 18:02:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.174 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710180127; cv=none; b=l0aw9Fl9hEPq0OFf7y0/1Gd17iNB8+aJj6mKDiJ33V3OtlvXjZhp4h0iGQoCWYD2q5Y3itq9z4xs8VnlU7S3d0TIZZsF/sLU93/wP/j4YGOR+CaX2uMofm7A128qCJxWzd0DoUUxwMkZc6vDANBd0doEPdtA5xjntu5kD7gF/Hg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710180127; c=relaxed/simple; bh=rkJoFU+8RUcVvUJAcqdZvMWhYKXiwBRaY37lui0QE2U=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=oNIKJyP3L1Dpeyt67uP16J39ezyB30Sjltxea1KIh4qwCyXP7XwvGDLC554fu9YUmrGAK9lAkxvWWXfWyh/hMIFSbqZBtGZH1pXjQNnnRwe++tzzbfyb6MuelzyKie5oFAvvssAEhbKzQ8bZry3SlWYxoKOLnBA6VNOfuUUhJiQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=K6hOpfN1; arc=none smtp.client-ip=209.85.210.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-6e66601f082so2857602b3a.0; Mon, 11 Mar 2024 11:02:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710180125; x=1710784925; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=o4R9ADmuK2FzMV+uyNo5OY4V3RZjV78H/xpdInlrSUI=; b=K6hOpfN16tdkcx1IoNQhnhY85iNzGR6aBAR77VXORPZyRXkSjgeUiJw/Wt/VnQXavL 6EoDYwzoVee6ARQ58yU71mNQ6Osisd7JA42vq390MOT9iAZSYfuekVOTgGJn53vHrG6v sGAiAqir0/n6fKerRnsy5k1Eo66Bb8hFY5PEWqVDcV+V90vMTaF5qG06+IqOwanlbtga 1Ec/UAgcKQqYVqzs/xoEXLztaGK0k2gOtHwSP+lpivqLaaCCrtLzQVurRU7Va5Kamc5J 1LLSvWBDRumG1PLQ0GSfbcdM1Z5G5uZyDvpb5a95Ac2YwBH6oUa4U6eJOmms5a29mGs0 kadA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710180125; x=1710784925; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=o4R9ADmuK2FzMV+uyNo5OY4V3RZjV78H/xpdInlrSUI=; b=fu/6UUVssjiCREhcmXJ5mluJiLdSsC7LBbeTECfP1qgclsd23O9eTb59MpTeQLg6WE xt4qK5ia5JxVSGCI6B/AgCFuYpKbBHwqiA5kUt6JFexCB6TiCry7s/5A5+sQFsTvz+29 yTlideJFQpgzqwzez9YsUUL55BlPuIXYrGoxKlu282gidktWGLVdNHKx5tX0PC7/CyjS tbJuJqifTyox+a2Rlf3dMgIMs3s23d7qBqdnEOWskVoSlyp2fywd+7ICXxQUaEI1BSmy WSUbn/lXIxw/JEUbjVAjEIBLsWBBCcolsgxB7kVDTHQJE2WPS1si4+7GYjFkqbOLc49X /o3A== X-Forwarded-Encrypted: i=1; AJvYcCUoIBZGD2sr/eKeZ2T3+q0lJrpTWwR0koBh5OGPwkTLWgtIecNFmkPGi/jfSzqp8glGm45nqDV+XKWxj8nMiXacE+nVyME7x4DmgdVFem9f7SRKlsaJcC7/6QVkQM5BNpPn+SUEUVZLZfutdSsYZCtZE+fM1Kih14iu X-Gm-Message-State: AOJu0YxtsDyt+VGpixIjM6fjuRzHQuLBqco8CL2Hm7tNZWb9c6+zytTd uB431YzMsXjD7fJfr1935GO1SCb7OoHcU/N1KOdi3+ZSZtvn6YerX38bQB6+ovC/kb+IxVNgHUv ye74QMY9h1HfT5/Onc33IL04fgt0= X-Received: by 2002:a05:6a20:3d87:b0:1a1:4848:98af with SMTP id s7-20020a056a203d8700b001a1484898afmr5735907pzi.1.1710180124799; Mon, 11 Mar 2024 11:02:04 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <00000000000081fb0d06135eb3ca@google.com> <5f1446d409322de91946a569edc0b836daa52aae.camel@gmail.com> In-Reply-To: <5f1446d409322de91946a569edc0b836daa52aae.camel@gmail.com> From: Andrii Nakryiko Date: Mon, 11 Mar 2024 11:01:52 -0700 Message-ID: Subject: Re: [PATCH bpf-next] bpf: fix oob in btf_name_valid_section To: Eduard Zingerman Cc: Edward Adam Davis , syzbot+cc32304f6487ebff9b70@syzkaller.appspotmail.com, andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org, daniel@iogearbox.net, haoluo@google.com, john.fastabend@gmail.com, jolsa@kernel.org, kpsingh@kernel.org, linux-kernel@vger.kernel.org, martin.lau@linux.dev, netdev@vger.kernel.org, sdf@google.com, song@kernel.org, syzkaller-bugs@googlegroups.com, yonghong.song@linux.dev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Mar 11, 2024 at 7:48=E2=80=AFAM Eduard Zingerman wrote: > > On Mon, 2024-03-11 at 21:16 +0800, Edward Adam Davis wrote: > > Check the first char of the BTF DATASEC names. > > > > Fixes: bd70a8fb7ca4 ("bpf: Allow all printable characters in BTF DATASE= C names") > > Reported-and-tested-by: syzbot+cc32304f6487ebff9b70@syzkaller.appspotma= il.com > > Signed-off-by: Edward Adam Davis > > --- > > kernel/bpf/btf.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c > > index 170d017e8e4a..dda0aa0d7175 100644 > > --- a/kernel/bpf/btf.c > > +++ b/kernel/bpf/btf.c > > @@ -816,6 +816,8 @@ static bool btf_name_valid_section(const struct btf= *btf, u32 offset) > > const char *src =3D btf_str_by_offset(btf, offset); > > const char *src_limit; > > > > + if (!isprint(*src)) > > + return false; > > /* set a limit on identifier length */ > > src_limit =3D src + KSYM_NAME_LEN; > > src++; > > Hi Edward, > > Thank you for fixing this. > I wonder, maybe something like below would be simpler? > > Thanks, > Eduard > > --- > > diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c > index 170d017e8e4a..3d95d5398c8a 100644 > --- a/kernel/bpf/btf.c > +++ b/kernel/bpf/btf.c > @@ -818,7 +818,6 @@ static bool btf_name_valid_section(const struct btf *= btf, u32 offset) > > /* set a limit on identifier length */ > src_limit =3D src + KSYM_NAME_LEN; > - src++; ah, __btf_name_valid() has a separate __btf_name_char_ok(*src, true) check and then skips first character :( What Eduard proposes makes sense, we shouldn't advance src before the loop. Eduard, I'd also say we should make __btf_name_valid() a bit more uniform by dropping that first if and then doing if (!__btf_name_char_ok(*src, src =3D=3D src_orig)) return false; where we just remember original string pointer in src_orig. WDYT? > while (*src && src < src_limit) { > if (!isprint(*src)) > return false; >