From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67746C3DA7F for ; Wed, 31 Jul 2024 04:05:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A07DB6B0082; Wed, 31 Jul 2024 00:05:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9B82B6B0083; Wed, 31 Jul 2024 00:05:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 87F676B0085; Wed, 31 Jul 2024 00:05:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 69FF96B0082 for ; Wed, 31 Jul 2024 00:05:05 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id CA20C1A01DE for ; Wed, 31 Jul 2024 04:05:04 +0000 (UTC) X-FDA: 82398707328.28.4BCC136 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.15]) by imf30.hostedemail.com (Postfix) with ESMTP id 29F1C80018 for ; Wed, 31 Jul 2024 04:05:01 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=MTf1amyj; spf=none (imf30.hostedemail.com: domain of ak@linux.intel.com has no SPF policy when checking 198.175.65.15) smtp.mailfrom=ak@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722398675; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ed06c1fBjQInA61Mwx1Y46var1PAJZe3g2CRVmCrGOI=; b=mh163xFj02vjVobwMiBYQx+rxlwZW105HIMg/zMnD1kzbIzztCfxC0pxU/8zy4eHu93Rki mxTuhaLXvTAzf7St2h6XthGTWFc5Litpi6vyBP5DKRcnMC6aiZF1mLEMR8Tk4sjN3yci7c n3NXUNFVsgEMjkA0iEhVfQ87BGbd7tc= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=MTf1amyj; spf=none (imf30.hostedemail.com: domain of ak@linux.intel.com has no SPF policy when checking 198.175.65.15) smtp.mailfrom=ak@linux.intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722398675; a=rsa-sha256; cv=none; b=ckRxmVlJP0/uf7Se3Jv1cR/MyvgdmpX787Sm282n1qFTlanTcsTfaZ1RGs8/0mHbBMORHS +FgVafElpmYs0L7iSn3PEOBO3Cn2VleiGDbmmh+GAW16jF5OHAbPrBito0R397H8KOvOEY jiReK53Hwq1LZbZdf6aZ8XSoK+bAnKM= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1722398702; x=1753934702; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=d6algDVYoftIHDHhjf16Zeq4a+y/Awxuwre1H3Pn0+8=; b=MTf1amyjRUC//8DUeZ4om9WPBMzMzpH1tStT1lgljwueQug6RMP4erf9 H2tR4FQQWLrPiBPEopjsKokdJlm3QxXqSpjfxoIWEMv+ePRxCR2jsP2a6 DjVLCWOBZ9i0PN0AS8Znt2u9p9IP5eBIv0uQlz3BxGWl7gjqap33xGUrY oztkNtGDUJ1G817bV/olpEF3kiJ+LPnvQ6Vmr4Vrxzl23pBgKjdotI4th OZXUl8RSD/gbGKM4txYgerDnxYM4blyG5EcmBPggEHgZCmooCmN4FygDm yHd4QW3GRaIIvUhbJeV5cxDatvMzQWaQVEEA57N+Anl8g2wyfrQyXdhQo A==; X-CSE-ConnectionGUID: SEpLVj5NQg6WM1Wm9MPVgg== X-CSE-MsgGUID: znyQglx7Q9qi3RCcQglQ/g== X-IronPort-AV: E=McAfee;i="6700,10204,11149"; a="24016065" X-IronPort-AV: E=Sophos;i="6.09,250,1716274800"; d="scan'208";a="24016065" Received: from fmviesa004.fm.intel.com ([10.60.135.144]) by orvoesa107.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jul 2024 21:05:00 -0700 X-CSE-ConnectionGUID: muf4eRAQRxS5oGwELv4tqg== X-CSE-MsgGUID: CN/5l5RDTxm25BbJwSepfA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.09,250,1716274800"; d="scan'208";a="59183050" Received: from tassilo.jf.intel.com (HELO tassilo) ([10.54.38.190]) by fmviesa004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jul 2024 21:04:59 -0700 Date: Tue, 30 Jul 2024 21:04:58 -0700 From: Andi Kleen To: Andrii Nakryiko Cc: bpf@vger.kernel.org, linux-mm@kvack.org, akpm@linux-foundation.org, adobriyan@gmail.com, shakeel.butt@linux.dev, hannes@cmpxchg.org, osandov@osandov.com, song@kernel.org, jannh@google.com, stable@vger.kernel.org Subject: Re: [PATCH v3 bpf-next 01/10] lib/buildid: harden build ID parsing logic Message-ID: References: <20240730203914.1182569-1-andrii@kernel.org> <20240730203914.1182569-2-andrii@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240730203914.1182569-2-andrii@kernel.org> X-Rspamd-Server: rspam03 X-Rspam-User: X-Rspamd-Queue-Id: 29F1C80018 X-Stat-Signature: bxip9uxgsrzcjh6wesyuqiw34mzp4tp1 X-HE-Tag: 1722398701-930033 X-HE-Meta: U2FsdGVkX1+/vU/t3bzYLYbkUGQR0qx2W7BH3iA1ZapOPlHHi1FPhXU7R0PI72XblEYj6IRcL1bmWc0/RxIrbZ3hTS4EN35EHsxCdrY0ZohDwsUIBz6gDO4cfOyc2zV7aze+IrU8Gl+kbj7Ao9M0tYG5reDlD93aEFaVPV6Csr/RF6tcQ0ZdXJYja17S+OYHp2R2xyzXP7q56eAhNvUA7DMgnNPSy1s+lEM5TilXl+t3TGZB2zONM5332ZHRT62NEwenA3l2Qh2BtL3aGNJmY2TZA39ZtVsQlQUAh8/RmoxKwk7XFNaTRy9BlGGDvuEZVlfl1fJbisrx4SNu1CMUY625v+eBKDWHYnMX4vp8L+QCDLJStrxVt0VKoX0CD3lr321HSCiZL/L9aXWJXEtgmV8MlmZIGfR9t6QjVdGh1MuOWZ4edz0cO6+Fnvz0I7/Zw+7zrO0Yj0xRbGYBrmKEE75x1scuo0ohMLA6wXiGcHhdTyAvYA+n8G7IsO9iLvo+hOehNP+cRoc/jSHK1rwhtyW+t3VFcZPhdSb5m0G5U75F+m9EFeIDNWI2UZbmcyXxd80C3wESGjyAQf4yGlA6ExwvzEdFpnaoSJ44+1fuxxRQikbm3fMPKqP9d2a2npbfGCjhcYkt0qHsBrlT48D5vm3mCf9F9cYP2fx2V1Tl5lJAJ+HYn/soR93baPFjPLGnBq9lp/UAS1IS7tfvt7e8HG9NsBTKHRU/4tJNUS3iL4wswtdrSMWdaY02qD/1H51kJN3Nj+Ve7yS6L/eP6sCNC+1b+ldyPlIa1Fy61ROVKVGZrXPDbbXuViE+aP8NFee2Evrexi5IPr8046nBDSPqg7PUxK52Dx6viER+MS0KUucHDhpGFj0PpvC3yAC/s4Ud+FHlqk50f8s0mXysH1sz229qSsbGJBpq9q7yCoHcOBTilvK4fUkTnhkFhEqVNnYKS7e/eemKU05JOlpex03 7F/dvUmD +FQk6ngw5J5TXrEyXC+W8Ko5bI1gdzzQvn9lfm0clVIwdhDKHO4rTO+nDMqGvVsmrhD202Klhv+uxZnwVjQGZLsc57//MIxxVCMum1qNsqOAaR4fy3hhemwJWhXNbeJ7mhFxtSLIuW4VUqYjvgX+pa//M0/YK73OdPV+L X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > while (note_offs + sizeof(Elf32_Nhdr) < note_size) { > Elf32_Nhdr *nhdr = (Elf32_Nhdr *)(note_start + note_offs); > > + name_sz = READ_ONCE(nhdr->n_namesz); > + desc_sz = READ_ONCE(nhdr->n_descsz); > if (nhdr->n_type == BUILD_ID && > - nhdr->n_namesz == sizeof("GNU") && > - !strcmp((char *)(nhdr + 1), "GNU") && > - nhdr->n_descsz > 0 && > - nhdr->n_descsz <= BUILD_ID_SIZE_MAX) { > - memcpy(build_id, > - note_start + note_offs + > - ALIGN(sizeof("GNU"), 4) + sizeof(Elf32_Nhdr), > - nhdr->n_descsz); > - memset(build_id + nhdr->n_descsz, 0, > - BUILD_ID_SIZE_MAX - nhdr->n_descsz); > + name_sz == note_name_sz && > + strcmp((char *)(nhdr + 1), note_name) == 0 && Doesn't the strcmp need a boundary check to be inside note_size too? Other it may read into the next page, which could be unmapped, causing a fault. Given it's unlikely that this happen, and the end has guard pages, but there are some users of set_memory_np. You could just move the later checks earlier. The rest looks good to me. -Andi