bpf: avoid copying junk bytes in bpf_get_current_comm()

[karo-tx-linux.git] / kernel / bpf / helpers.c

/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of version 2 of the GNU General Public
 * License as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 */
#include <linux/bpf.h>
#include <linux/rcupdate.h>
#include <linux/random.h>
#include <linux/smp.h>
#include <linux/ktime.h>
#include <linux/sched.h>
#include <linux/uidgid.h>

/* If kernel subsystem is allowing eBPF programs to call this function,
 * inside its own verifier_ops->get_func_proto() callback it should return
 * bpf_map_lookup_elem_proto, so that verifier can properly check the arguments
 *
 * Different map implementations will rely on rcu in map methods
 * lookup/update/delete, therefore eBPF programs must run under rcu lock
 * if program is allowed to access maps, so check rcu_read_lock_held in
 * all three functions.
 */
static u64 bpf_map_lookup_elem(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
{
        /* verifier checked that R1 contains a valid pointer to bpf_map
         * and R2 points to a program stack and map->key_size bytes were
         * initialized
         */
        struct bpf_map *map = (struct bpf_map *) (unsigned long) r1;
        void *key = (void *) (unsigned long) r2;
        void *value;

        WARN_ON_ONCE(!rcu_read_lock_held());

        value = map->ops->map_lookup_elem(map, key);

        /* lookup() returns either pointer to element value or NULL
         * which is the meaning of PTR_TO_MAP_VALUE_OR_NULL type
         */
        return (unsigned long) value;
}

const struct bpf_func_proto bpf_map_lookup_elem_proto = {
        .func           = bpf_map_lookup_elem,
        .gpl_only       = false,
        .ret_type       = RET_PTR_TO_MAP_VALUE_OR_NULL,
        .arg1_type      = ARG_CONST_MAP_PTR,
        .arg2_type      = ARG_PTR_TO_MAP_KEY,
};

static u64 bpf_map_update_elem(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
{
        struct bpf_map *map = (struct bpf_map *) (unsigned long) r1;
        void *key = (void *) (unsigned long) r2;
        void *value = (void *) (unsigned long) r3;

        WARN_ON_ONCE(!rcu_read_lock_held());

        return map->ops->map_update_elem(map, key, value, r4);
}

const struct bpf_func_proto bpf_map_update_elem_proto = {
        .func           = bpf_map_update_elem,
        .gpl_only       = false,
        .ret_type       = RET_INTEGER,
        .arg1_type      = ARG_CONST_MAP_PTR,
        .arg2_type      = ARG_PTR_TO_MAP_KEY,
        .arg3_type      = ARG_PTR_TO_MAP_VALUE,
        .arg4_type      = ARG_ANYTHING,
};

static u64 bpf_map_delete_elem(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
{
        struct bpf_map *map = (struct bpf_map *) (unsigned long) r1;
        void *key = (void *) (unsigned long) r2;

        WARN_ON_ONCE(!rcu_read_lock_held());

        return map->ops->map_delete_elem(map, key);
}

const struct bpf_func_proto bpf_map_delete_elem_proto = {
        .func           = bpf_map_delete_elem,
        .gpl_only       = false,
        .ret_type       = RET_INTEGER,
        .arg1_type      = ARG_CONST_MAP_PTR,
        .arg2_type      = ARG_PTR_TO_MAP_KEY,
};

const struct bpf_func_proto bpf_get_prandom_u32_proto = {
        .func           = bpf_user_rnd_u32,
        .gpl_only       = false,
        .ret_type       = RET_INTEGER,
};

static u64 bpf_get_smp_processor_id(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
{
        return raw_smp_processor_id();
}

const struct bpf_func_proto bpf_get_smp_processor_id_proto = {
        .func           = bpf_get_smp_processor_id,
        .gpl_only       = false,
        .ret_type       = RET_INTEGER,
};

static u64 bpf_ktime_get_ns(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
{
        /* NMI safe access to clock monotonic */
        return ktime_get_mono_fast_ns();
}

const struct bpf_func_proto bpf_ktime_get_ns_proto = {
        .func           = bpf_ktime_get_ns,
        .gpl_only       = true,
        .ret_type       = RET_INTEGER,
};

static u64 bpf_get_current_pid_tgid(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
{
        struct task_struct *task = current;

        if (!task)
                return -EINVAL;

        return (u64) task->tgid << 32 | task->pid;
}

const struct bpf_func_proto bpf_get_current_pid_tgid_proto = {
        .func           = bpf_get_current_pid_tgid,
        .gpl_only       = false,
        .ret_type       = RET_INTEGER,
};

static u64 bpf_get_current_uid_gid(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
{
        struct task_struct *task = current;
        kuid_t uid;
        kgid_t gid;

        if (!task)
                return -EINVAL;

        current_uid_gid(&uid, &gid);
        return (u64) from_kgid(&init_user_ns, gid) << 32 |
                from_kuid(&init_user_ns, uid);
}

const struct bpf_func_proto bpf_get_current_uid_gid_proto = {
        .func           = bpf_get_current_uid_gid,
        .gpl_only       = false,
        .ret_type       = RET_INTEGER,
};

static u64 bpf_get_current_comm(u64 r1, u64 size, u64 r3, u64 r4, u64 r5)
{
        struct task_struct *task = current;
        char *buf = (char *) (long) r1;

        if (!task)
                return -EINVAL;

        strlcpy(buf, task->comm, min_t(size_t, size, sizeof(task->comm)));
        return 0;
}

const struct bpf_func_proto bpf_get_current_comm_proto = {
        .func           = bpf_get_current_comm,
        .gpl_only       = false,
        .ret_type       = RET_INTEGER,
        .arg1_type      = ARG_PTR_TO_STACK,
        .arg2_type      = ARG_CONST_STACK_SIZE,
};