@@ -364,6 +364,17 @@ enum bpf_func_id {
*/
BPF_FUNC_get_current_task,
+ /**
+ * copy_to_user(to, from, len) - Copy a block of data into user space.
+ * @to: destination address in userspace
+ * @from: source address on stack
+ * @len: number of bytes to copy
+ * Return:
+ * Returns number of bytes that could not be copied.
+ * On success, this will be zero
+ */
+ BPF_FUNC_copy_to_user,
+
__BPF_FUNC_MAX_ID,
};
@@ -81,6 +81,68 @@ static const struct bpf_func_proto bpf_probe_read_proto = {
.arg3_type = ARG_ANYTHING,
};
+static void bpf_copy_to_user_warn(void) {
+ pr_warn_once("**************************************************\n");
+ pr_warn_once("* bpf_copy_to_user: Experimental Feature in use *\n");
+ pr_warn_once("* bpf_copy_to_user: Feature may corrupt memory *\n");
+ pr_warn_once("**************************************************\n");
+}
+
+static u64 bpf_copy_to_user(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
+{
+/*
+ * There isn't enough protection on no MMU architectures for this helper
+ * to be considered safe
+ */
+#ifdef CONFIG_MMU
+ void *to = (void *) (long) r1;
+ void *from = (void *) (long) r2;
+ int size = (int) r3;
+ struct task_struct *task = current;
+
+ /*
+ * Ensure we're in a user context which it is safe for the helper
+ * to run.
+ * Also, this helper has no business in a kthread.
+ * Although, access_ok should prevent writing to non-user memory
+ * On some architectures (nommu, etc...) access_ok isn't enough
+ */
+
+ if (unlikely(in_interrupt() || !task))
+ return -EINVAL;
+
+ if (unlikely(!task->pid || !task->mm || task->flags & PF_KTHREAD))
+ return -EINVAL;
+
+ /*
+ * Make sure that this thread hasn't adopted another process's
+ * memory context a la process_vm_(read/write)v to avoid unintended
+ * side effects
+ */
+ if (unlikely(task->mm != task->active_mm))
+ return -EINVAL;
+
+ /* Is this a user address, or a kernel address? */
+ if (!access_ok(VERIFY_WRITE, to, size))
+ return -EINVAL;
+
+ DO_ONCE(bpf_copy_to_user_warn);
+
+ return probe_kernel_write(to, from, size);
+#else /* CONFIG_MMU */
+ return -ENOTSUP;
+#endif /* CONFIG_MMU */
+}
+
+static const struct bpf_func_proto bpf_copy_to_user_proto = {
+ .func = bpf_copy_to_user,
+ .gpl_only = false,
+ .ret_type = RET_INTEGER,
+ .arg1_type = ARG_ANYTHING,
+ .arg2_type = ARG_PTR_TO_RAW_STACK,
+ .arg3_type = ARG_CONST_STACK_SIZE,
+};
+
/*
* limited trace_printk()
* only %d %u %x %ld %lu %lx %lld %llu %llx %p %s conversion specifiers allowed
@@ -360,6 +422,8 @@ static const struct bpf_func_proto *tracing_func_proto(enum bpf_func_id func_id)
return &bpf_get_smp_processor_id_proto;
case BPF_FUNC_perf_event_read:
return &bpf_perf_event_read_proto;
+ case BPF_FUNC_copy_to_user:
+ return &bpf_copy_to_user_proto;
default:
return NULL;
}
@@ -41,6 +41,8 @@ static int (*bpf_perf_event_output)(void *ctx, void *map, int index, void *data,
(void *) BPF_FUNC_perf_event_output;
static int (*bpf_get_stackid)(void *ctx, void *map, int flags) =
(void *) BPF_FUNC_get_stackid;
+static int (*bpf_copy_to_user)(void *to, void *from, int size) =
+ (void *) BPF_FUNC_copy_to_user;
/* llvm builtin functions that eBPF C program may use to
* emit BPF_LD_ABS and BPF_LD_IND instructions