bpf: handle the compat string in bpf_trace_copy_string better

User the proper helper for kernel or userspace addresses based on TASK_SIZE instead of the dangerous strncpy_from_unsafe function. Signed-off-by: Christoph Hellwig <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Cc: Alexei Starovoitov <[email protected]> Cc: Daniel Borkmann <[email protected]> Cc: "H. Peter Anvin" <[email protected]> Cc: Ingo Molnar <[email protected]> Cc: Masami Hiramatsu <[email protected]> Cc: Thomas Gleixner <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Linus Torvalds <[email protected]>
author: Christoph Hellwig <[email protected]> 2020-06-08 21:34:33 -0700
committer: Linus Torvalds <[email protected]> 2020-06-09 09:39:15 -0700
commit: aec6ce59133edc4ac04f7d4e2556fdf047becb62 (patch)
tree: 0df9a7a3646ed283d5c353a6a25099bc027c0409
parent: d7b2977b816223a884814eea46fbe38e192cec4c (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 60e82c7b8122..a2efbdad434b 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -334,8 +334,11 @@ static void bpf_trace_copy_string(char *buf, void *unsafe_ptr, char fmt_ptype,
 	switch (fmt_ptype) {
 	case 's':
 #ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
-		strncpy_from_unsafe(buf, unsafe_ptr, bufsz);
-		break;
+		if ((unsigned long)unsafe_ptr < TASK_SIZE) {
+			strncpy_from_user_nofault(buf, user_ptr, bufsz);
+			break;
+		}
+		fallthrough;
 #endif
 	case 'k':
 		strncpy_from_kernel_nofault(buf, unsafe_ptr, bufsz);
author	Christoph Hellwig <[email protected]>	2020-06-08 21:34:33 -0700
committer	Linus Torvalds <[email protected]>	2020-06-09 09:39:15 -0700
commit	aec6ce59133edc4ac04f7d4e2556fdf047becb62 (patch)
tree	0df9a7a3646ed283d5c353a6a25099bc027c0409
parent	d7b2977b816223a884814eea46fbe38e192cec4c (diff)