[DTrace-devel] [PATCH 1/6] strings: improve bounds on strlen return value
Nick Alcock
nick.alcock at oracle.com
Thu Mar 24 00:45:06 UTC 2022
Checking for a positive bound rather than a zero one prevents the
minimum range of the return value of strlen coming out of the verifier
as -1 (which can cause later problems if the verifier decides it needs a
non-negative arg).
We know the return value from bpf_probe_read_str must be non-negative
anyway, as the comment in the following line notes: this just teaches
this to the verifier.
Signed-off-by: Nick Alcock <nick.alcock at oracle.com>
---
bpf/strlen.c | 2 +-
include/bpf-lib.h | 15 +++++++++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/bpf/strlen.c b/bpf/strlen.c
index 71ddbca42f01..e10070c9bdaf 100644
--- a/bpf/strlen.c
+++ b/bpf/strlen.c
@@ -21,7 +21,7 @@ noinline uint64_t dt_strlen(const dt_dctx_t *dctx, const char *str)
int64_t len;
len = bpf_probe_read_str(tmp, (uint64_t)&STRSZ + 1, str);
- set_not_neg_bound(len);
+ set_positive_bound(len);
return len - 1; /* bpf_probe_read_str() never returns 0 */
}
diff --git a/include/bpf-lib.h b/include/bpf-lib.h
index d7078da5c146..1c0d4a0c15cd 100644
--- a/include/bpf-lib.h
+++ b/include/bpf-lib.h
@@ -61,5 +61,20 @@
: /* no clobbers */ \
);
+/*
+ * Explicit inline assembler to implement a positive bound check:
+ *
+ * if (var < 1)
+ * var = 1;
+ */
+#define set_positive_bound(var) \
+ asm ("jsgt %0, 0, 1f\n\t" \
+ "mov %0, 1\n\t" \
+ "1:" \
+ : "+r" (var) \
+ : /* no inputs */ \
+ : /* no clobbers */ \
+ );
+
#endif /* BPF_LIB_H */
--
2.35.1.261.g8402f930ba.dirty
More information about the DTrace-devel
mailing list