[PATCH bpf] bpf: Refactoring btf_name_valid_identifier() and btf_name_valid_section()

public inbox for bpf@vger.kernel.org
 help / color / mirror / Atom feed

From: Jeongjun Park <aha310510@gmail.com>
To: martin.lau@linux.dev, ast@kernel.org, daniel@iogearbox.net,
	andrii@kernel.org
Cc: eddyz87@gmail.com, song@kernel.org, yonghong.song@linux.dev,
	john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me,
	haoluo@google.com, jolsa@kernel.org, bpf@vger.kernel.org,
	linux-kernel@vger.kernel.org, Jeongjun Park <aha310510@gmail.com>
Subject: [PATCH bpf] bpf: Refactoring btf_name_valid_identifier() and btf_name_valid_section()
Date: Tue, 20 Aug 2024 01:07:58 +0900	[thread overview]
Message-ID: <20240819160758.296567-1-aha310510@gmail.com> (raw)

Currently, btf_name_valid_identifier() and btf_name_valid_section() are
written in a while loop and use pointer operations, so it takes a long
time to understand the operation of the code. Therefore, I suggest
refactoring the code to make it easier to maintain.

In addition, btf_name_valid_section() does not check for the case where
src[0] is a NULL value, resulting in an out-of-bounds vuln. Therefore, a
check for this should be added.

Reported-by: Jeongjun Park <aha310510@gmail.com>
Fixes: bd70a8fb7ca4 ("bpf: Allow all printable characters in BTF DATASEC names")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
---
 kernel/bpf/btf.c | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 674b38c33c74..c1e2aead9141 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -794,21 +794,18 @@ static bool btf_name_valid_identifier(const struct btf *btf, u32 offset)
 {
 	/* offset must be valid */
 	const char *src = btf_str_by_offset(btf, offset);
-	const char *src_limit;
+	int i;
 
-	if (!__btf_name_char_ok(*src, true))
+	if (!__btf_name_char_ok(src[0], true))
 		return false;
 
 	/* set a limit on identifier length */
-	src_limit = src + KSYM_NAME_LEN;
-	src++;
-	while (*src && src < src_limit) {
-		if (!__btf_name_char_ok(*src, false))
+	for (i = 1; i < KSYM_NAME_LEN && src[i]; i++) {
+		if (!__btf_name_char_ok(src[i], false))
 			return false;
-		src++;
 	}
 
-	return !*src;
+	return !src[i];
 }
 
 /* Allow any printable character in DATASEC names */
@@ -816,18 +813,18 @@ static bool btf_name_valid_section(const struct btf *btf, u32 offset)
 {
 	/* offset must be valid */
 	const char *src = btf_str_by_offset(btf, offset);
-	const char *src_limit;
+	int i;
+
+	if (!src[0])
+		return false;
 
 	/* set a limit on identifier length */
-	src_limit = src + KSYM_NAME_LEN;
-	src++;
-	while (*src && src < src_limit) {
-		if (!isprint(*src))
+	for (i = 1; i < KSYM_NAME_LEN && src[i]; i++) {
+		if (!isprint(src[i]))
 			return false;
-		src++;
 	}
 
-	return !*src;
+	return !src[i];
 }
 
 static const char *__btf_name_by_offset(const struct btf *btf, u32 offset)
--

next             reply	other threads:[~2024-08-19 16:08 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-19 16:07 Jeongjun Park [this message]
2024-08-21 18:39 ` [PATCH bpf] bpf: Refactoring btf_name_valid_identifier() and btf_name_valid_section() Alexei Starovoitov

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:674b38c33c7 dfblob:c1e2aead914 )
 OR (
bs:"[PATCH bpf] bpf: Refactoring btf_name_valid_identifier() and btf_name_valid_section()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240819160758.296567-1-aha310510@gmail.com \
    --to=aha310510@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=eddyz87@gmail.com \
    --cc=haoluo@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=sdf@fomichev.me \
    --cc=song@kernel.org \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox