From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3B78CC001B0
	for <linux-mm@archiver.kernel.org>; Sun, 23 Jul 2023 01:53:11 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 669166B0072; Sat, 22 Jul 2023 21:53:10 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 5F2836B0074; Sat, 22 Jul 2023 21:53:10 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 46BE06B0075; Sat, 22 Jul 2023 21:53:10 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 13F1C6B0072
	for <linux-mm@kvack.org>; Sat, 22 Jul 2023 21:53:10 -0400 (EDT)
Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id C146A80719
	for <linux-mm@kvack.org>; Sun, 23 Jul 2023 01:53:09 +0000 (UTC)
X-FDA: 81041203698.19.187FC7C
Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180])
	by imf26.hostedemail.com (Postfix) with ESMTP id F0D51140009
	for <linux-mm@kvack.org>; Sun, 23 Jul 2023 01:53:07 +0000 (UTC)
Authentication-Results: imf26.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20221208 header.b=aJZxi+my;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf26.hostedemail.com: domain of bagasdotme@gmail.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=bagasdotme@gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1690077188;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:in-reply-to:
	 references:dkim-signature; bh=IKZZooP5Tqb4FSRzariy9hdj9iiKxz8JJHswoxOWIJo=;
	b=cETe7cxXaCzIZA/4NAOao6DGECw/phn+nYs3MKi5D1J9yYZlQpvOxvqiOSWWYFlUsJt5Nz
	dzatx3pVDsYXiiKFANz3WH+Jr91HdUiOQZvoYOJ+MbsYoQeVVKuJzzKxanZkTQSF6R3vEb
	/4yCawbKH2zKkJjBer1c+V7URN1Q/s0=
ARC-Authentication-Results: i=1;
	imf26.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20221208 header.b=aJZxi+my;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf26.hostedemail.com: domain of bagasdotme@gmail.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=bagasdotme@gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1690077188; a=rsa-sha256;
	cv=none;
	b=e4Z9PUEORHmBVQc+DPHpCakJaUDaGe0cjd1C0ps3LWzjG7m3/tQZa5ET1e1X3n5uZeTSOD
	wWQk0z7s04jTXngrTIE7CmFPm0YMcNFAR1PULJ3PK3DceCRfL+nDfAxqJxOTVoUQq5nXvp
	XI4Xm/dmFYjXVwq2FG7R9+a5TKEf3zs=
Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1b8b4748fe4so18423585ad.1
        for <linux-mm@kvack.org>; Sat, 22 Jul 2023 18:53:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1690077187; x=1690681987;
        h=content-transfer-encoding:subject:from:cc:to:content-language
         :user-agent:mime-version:date:message-id:from:to:cc:subject:date
         :message-id:reply-to;
        bh=IKZZooP5Tqb4FSRzariy9hdj9iiKxz8JJHswoxOWIJo=;
        b=aJZxi+myzcWLazBvQmBwM4+rEIXCWJ0ad8nAcxsEQw/sDyrFRFj5YXeiIWW1mILAcn
         9GWqDXVYzlSztPG9FHrXsESBqVOvgIbqEAVWJMnTeMGAoDWscsMukBzdeWcVud5v3lII
         7K/xdj5E/ldMb522arABX+M+KvmTGT5Q3mwJ2YS2yd+koNP/DutC9xYLcZGcyJoOqjiD
         GppRH3xsdJSeKLoLvpGxQZjP3jQD8QFKRds9PD5EZTTp+yEo+3v58+QFK404BZuDIbQS
         1FRenYl7wWDnXxqqAA5ZBh0b8ZikxnSlBMMr6gtT93gN69ZfZsUh35mQ5MWZoSFnLXhG
         RDdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1690077187; x=1690681987;
        h=content-transfer-encoding:subject:from:cc:to:content-language
         :user-agent:mime-version:date:message-id:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=IKZZooP5Tqb4FSRzariy9hdj9iiKxz8JJHswoxOWIJo=;
        b=WXbZkd56IYPyRl2rk549yKsTHELfb2ktJUPuhFn7QB7oJd/R2UoB+gSgMAtQy4aMz7
         AUJHycpgekj+HlMDZKQDIdueNXTidKb4FJIo1VA28sU14tteH/DA8wfpieq0wJLuApqi
         NE8crLjym3bzM8MiK3Ihcr5eY791nfD5iGTOLtUeHzj73TNp6ngRJpz0fZR5XMaKmm5d
         ral07OnG9vEqFBZuKKHN/ZjjAvHoJxSxO8u43gCl8JkAZUYiXI+KJDlcWI5NfHsz+JE8
         31yLZMwkhrPwLovGy5X+GfoCsseH09tjearTTQIsA3RDSjhUSryxpsw10vyXv55Zjoy5
         Nh4A==
X-Gm-Message-State: ABy/qLbXH86GYRXjSOzLTQVexvcqjXM4gtx7BElDPmAiNFIlv51+0xei
	+06vfkyBH/xCs/1USqk23dk=
X-Google-Smtp-Source: APBJJlEn8LnFbN41kHVAtsqhbJfTIlq5RkWHAYJcq5gEbsKRiLzu7Ssx7PCgYJ4l2bSOda8Le6fp2A==
X-Received: by 2002:a17:902:f802:b0:1b8:8dab:64e8 with SMTP id ix2-20020a170902f80200b001b88dab64e8mr4349426plb.36.1690077186468;
        Sat, 22 Jul 2023 18:53:06 -0700 (PDT)
Received: from [192.168.0.104] ([103.131.18.64])
        by smtp.gmail.com with ESMTPSA id p7-20020a170902b08700b001b9f7bc3e77sm5994744plr.189.2023.07.22.18.53.03
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sat, 22 Jul 2023 18:53:05 -0700 (PDT)
Message-ID: <bba66a5f-3605-e36b-2bf3-f25a48307a46@gmail.com>
Date: Sun, 23 Jul 2023 08:52:59 +0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.13.0
Content-Language: en-US
To: Ingo Molnar <mingo@kernel.org>, Masami Hiramatsu <mhiramat@kernel.org>,
 "Steven Rostedt (Google)" <rostedt@goodmis.org>,
 Max Froehling <Maximilian.Froehling@gdata.de>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
 Linux BPF <bpf@vger.kernel.org>,
 Linux Memory Management List <linux-mm@kvack.org>
From: Bagas Sanjaya <bagasdotme@gmail.com>
Subject: Fwd: bpf: bpf_probe_read_user_str() returns 0 for empty strings
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: F0D51140009
X-Rspam-User: 
X-Rspamd-Server: rspam04
X-Stat-Signature: nehs87nh4kwe6rqonu7hsusobazimi3x
X-HE-Tag: 1690077187-991243
X-HE-Meta: U2FsdGVkX1+GDjlVvrwozfUjeTxIVEqqJVcX75O4fg+lUoL8K/xmiZKV3EbN8pA/v0mITzyUJXuVtMPC5iw8wBf9FTkNxHXISisz09ElHHM+zSVQk1MfjxVKuwifnMJVN8MyJTXigVCqGSlJrN/OXqCX/7ZotXY9BShdNk/81tobVBQqVuerj/kfldGQyQTTKTmvyg9a+fOA9t0ACp0j0OZusNH2kcHxijJIm00kT3maDDbR83t0vv+A6HLsRsC7mAPyjWeG0SpBs/XxiB5fLK+qVejVxrLtNq9C2QUh6wD/B5N8qkgI2z9FOB7kGCptUCLO8LYNGPSRmLHZ6UG4om7pYZ+dwCMiPXuuaQyihu/+J7obpZtizo42rlNfNi8To6+rNmqBG5tmVZfQ+FF03+paEjeR9Q2y3/nyZNDkCU9JDhAB3R9AW8yymtvanGHY/go+P1bElcc3tuW6ROGHKr4loXFPxDOVDKdwJxsFoCnjJZQHi58zpund1NlrSWqYRPMW89wP43fFfGCL1auHSzAvcFAYSuJoNWHV7vO87lm2/D45KLE3RwuYbs13v2nFwCoe7bIjbhqK7YCEY2iXEfkUhfnieexvucv/DWAKFTSz5MZ/7NJeAx2duD+ZWvRrQkSN30Y+Nxl/4mQ1+iE7fysX6MXasVoE6F+76XLDqOPzUp6Mb+09j7qsHoeBHUMGqR2rih40ozKQ6rRmu2G++dN6zLAFA9mm0xWvRAdrHt5jJjVVttoIWZTTbHGWt2OLKoqdi/Q9GAnFYtlbXEg7M9jjS7koY7Hu+JB1gimO5GZZoMekkVjyiKdQz4vhIvidVyQiybHY+Tnz3nnpBecK432l08bEOHmkYv50jEcj6eza0LDidnGzMFXxOxLwTklPOzC72ippPr3hpPBBiEKZXOo9xwbztsL6UNEY16tOvUR6+Hsw8YsWLOdoGEcZknUCOX1rSXR5mKQ5upbDQ1+
 koKd2LNe
 kyhrY2ssYfzxZa60VJpxzJzNtvzsqkoSq3Z0lhIMm7AA8TcCl/kWz480b9JC5UCKA5C/Pka4erIHux2/NICn3m87O4Ox3RZ088QlhgeZrc9gS2guV6z5rpsfBF+sGeyiRCzPc+F7/dwYjfxsQfbKj7jCyzCoFIQzh9Xs0M4wqHxxdurRf5q3y+XraV6E1bbzckVtpTmAskPoTnF1JKMpKgDT7rQHJhD1MLSI/1yCz9OuXp0GEdGk8NTwYGQAcQw7LmdNc2yBf+DgVL3gBCXJJXEqJ5qInn9Lb1MdQuXrWUWaPcP+Pl+RG10LQoAJiWfwd2tlpSMASPPFO90ObrvhQRauHOZcsTUJnjS7NmGjR2p9hDWOdFBmeXYTxKVjbtSxUQj4Ot/Bz+oLdaRK56AXE/GXegdEryVH8xmRd1O8GZL2JlzO+vI+RYycwlz2miIFB7Dqk/gz9bDBJYWBjbjimd1BIl1LxVHyFraCqPMHveHUHPw01wCBlWuBys7qgh+OiE8TgyLTO7CB2OZZukAWPX2bex8OYSEfGuEKD
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000008, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Hi,

I notice a bug report on Bugzilla [1]. Quoting from it:

> Overview:
> 
> From within eBPF, calling the helper function bpf_probe_read_user_str(void *dst, __u32 size, const void *unsafe_ptr returns 0 when the source string (void *unsafe_ptr) consists of a string containing only a single null-byte.
> 
> This violates various functions documentations (the helper and various internal kernel functions), which all state:
> 
>> On success, the strictly positive length of the output string,
>> including the trailing NUL character. On error, a negative value.
> 
> To me, this states that the function should return 1 for char myString[] = ""; However, this is not the case. The function returns 0 instead.
> 
> For non-empty strings, it works as expected. For example, char myString[] = "abc"; returns 4.
> 
> Steps to Reproduce:
> * Write an eBPF program that calls bpf_probe_read_user_str(), using a userspace pointer pointing to an empty string.
> * Store the result value of that function
> * Do the same thing, but try out bpf_probe_read_kernel_str(), like this:
> char empty[] = "";
> char copy[5];
> long ret = bpf_probe_read_kernel_str(copy, 5, empty);
> * Compare the return value of bpf_probe_read_user_str() and bpf_probe_read_kernel_str()
> 
> Expected Result:
> 
> Both functions return 1 (because of the single NULL byte).
> 
> Actual Result:
> 
> bpf_probe_read_user_str() returns 0, while bpf_probe_read_kernel_str() returns 1.
> 
> Additional Information:
> 
> I believe I can see the bug on the current Linux kernel master branch.
> 
> In the file/function mm/maccess.c::strncpy_from_user_nofault() the helper implementation calls strncpy_from_user(), which returns the length without trailing 0. Hence this function returns 0 for an empty string.
> 
> However, in line 192 (as of commit fdf0eaf11452d72945af31804e2a1048ee1b574c) there is a check that only increments ret, if it is > 0. This appears to be the logic that adds the trailing null byte. Since the check only does this for a ret > 0, a ret of 0 remains at 0.
> 
> This is a possible off-by-one error that might cause the behavior.

See Bugzilla for the full thread.

FYI, the culprit line is introduced by commit 3d7081822f7f9e ("uaccess: Add
non-pagefault user-space read functions"). I Cc: culprit SoB so that they
can look into this bug.

Thanks.

[1]: https://bugzilla.kernel.org/show_bug.cgi?id=217679

-- 
An old man doll... just what I always wanted! - Clara