From patchwork Thu Apr 23 17:58:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jamal Hadi Salim X-Patchwork-Id: 1275959 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mojatatu.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mojatatu-com.20150623.gappssmtp.com header.i=@mojatatu-com.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=ejwCA4rj; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 497Q6c1qLFz9sSM for ; Fri, 24 Apr 2020 03:59:20 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730110AbgDWR7T (ORCPT ); Thu, 23 Apr 2020 13:59:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48470 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729991AbgDWR7S (ORCPT ); Thu, 23 Apr 2020 13:59:18 -0400 Received: from mail-qt1-x842.google.com (mail-qt1-x842.google.com [IPv6:2607:f8b0:4864:20::842]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B385C09B042 for ; Thu, 23 Apr 2020 10:59:17 -0700 (PDT) Received: by mail-qt1-x842.google.com with SMTP id x8so5595232qtp.13 for ; Thu, 23 Apr 2020 10:59:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HlujGU4QAmoJJjC4H1VIbxZpaXDbVuqwLNt0ptJyVII=; b=ejwCA4rj/FBdWHIGWOxClHE80vBZxqw/j2G/BvW9BW0LjoBEjFth+8++p13D1F1+Mx Xdh3O3V8RLWnzNYP/tIIJz1Xg4wzVDTxT1pk3LQPqRfMhGtM+xktEoa50lWBPrnjemas qPfXgzBe3bqO2ZXpidUvpF77bCoSTgm4CL/cuJxZP/bJxLyhZ2FhJNPmv/3BD5C98h1v 5miAIKis/s6x7syaOuAOWYZ/fq2e/rxizsbajoKmZJEN6aFi4muEt1RYH1OrVDe966U0 6aMeyR83+27PYk/aA24hqoxYReQd+OhFKjyd6XL/yLlnph1jWgtKfTyHmNGtfdbUPalR 49Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HlujGU4QAmoJJjC4H1VIbxZpaXDbVuqwLNt0ptJyVII=; b=BFvIRU8E3/ercwGCN9naqYV2fHOsnNh0dBOgPCToAKvEsqbVPrgtnbhWbuVrTvj6az m+6nTnhDOIJq/FEgZjoxL2bN6EMvTxQCGF9MVZdNRPvULzDL8nqxYNMSiA3YrX9hy2sh /ilqXaTmRTvkmJwxWG4WYD29PiKMOuBe+bE5hRkpL301hU3wYT/fOHAM1sLrqDeVuBWs OmFUHyUP7A3Rq1V5bwwYvGv9d4AgRnpKhsJwTj6d3fQqPbFaIDdtRuwXk+ry+XQY15mB 3eKsGSp0HcoSVt/2MtdqoPFAFEGKvNgcKRKzq1XUsxZyrNLuApxtPGo4WhADqVXJxvaV s9pw== X-Gm-Message-State: AGi0PuYgJfisL8twJLl+QFJAHEFgQbCb9P5Od3S8mTA6FmlS5wy+yyuy NamHDxWS5ZeXZ9orOfIidB4r/w== X-Google-Smtp-Source: APiQypJAZfM0tAAo0UPGJ11+8DvZIsIdP0UgdmfZY0/HMH+d6T1cJpSR2kFfFDCMGw3gY6sJxUT7PQ== X-Received: by 2002:ac8:2a70:: with SMTP id l45mr5444934qtl.232.1587664756638; Thu, 23 Apr 2020 10:59:16 -0700 (PDT) Received: from mojaone.lan (23-233-27-60.cpe.pppoe.ca. [23.233.27.60]) by smtp.gmail.com with ESMTPSA id 205sm2003040qkj.1.2020.04.23.10.59.15 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Apr 2020 10:59:16 -0700 (PDT) From: Jamal Hadi Salim X-Google-Original-From: Jamal Hadi Salim To: stephen@networkplumber.org Cc: netdev@vger.kernel.org, dsahern@gmail.com, aclaudi@redhat.com, daniel@iogearbox.net, asmadeus@codewreck.org, Jamal Hadi Salim Subject: [PATCH iproute2 v3 1/2] bpf: Fix segfault when custom pinning is used Date: Thu, 23 Apr 2020 13:58:56 -0400 Message-Id: <20200423175857.20180-2-jhs@emojatatu.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200423175857.20180-1-jhs@emojatatu.com> References: <20200423175857.20180-1-jhs@emojatatu.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Jamal Hadi Salim How to recreate: 1) Create a custome pinned map - example something along the lines of: struct bpf_elf_map SEC("maps") my_map = { .type = BPF_MAP_TYPE_HASH, .size_key = sizeof(struct my_key), .size_value = sizeof(struct my_value), .pinning = 6, .max_elem = 16, }; 2) load the program with tc filter and tc will segfault. The reason is we strcat past memory allocated using asprintf. Solution - just use a static buffer of max possible size of 4k. Fixes: c0325b06382 ("bpf: replace snprintf with asprintf when dealing with long buffers") Signed-off-by: Jamal Hadi Salim --- lib/bpf.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/lib/bpf.c b/lib/bpf.c index 10cf9bf4..73f3a590 100644 --- a/lib/bpf.c +++ b/lib/bpf.c @@ -1509,16 +1509,12 @@ out: static int bpf_make_custom_path(const struct bpf_elf_ctx *ctx, const char *todo) { - char *tmp = NULL; + char tmp[PATH_MAX]; char *rem = NULL; char *sub; int ret; - ret = asprintf(&tmp, "%s/../", bpf_get_work_dir(ctx->type)); - if (ret < 0) { - fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); - goto out; - } + snprintf(tmp, PATH_MAX, "%s/../", bpf_get_work_dir(ctx->type)); ret = asprintf(&rem, "%s/", todo); if (ret < 0) { @@ -1547,7 +1543,6 @@ static int bpf_make_custom_path(const struct bpf_elf_ctx *ctx, ret = 0; out: free(rem); - free(tmp); return ret; } From patchwork Thu Apr 23 17:58:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jamal Hadi Salim X-Patchwork-Id: 1275960 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mojatatu.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mojatatu-com.20150623.gappssmtp.com header.i=@mojatatu-com.20150623.gappssmtp.com header.a=rsa-sha256 header.s=20150623 header.b=HPYwppnU; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 497Q6l1VHqz9sSb for ; Fri, 24 Apr 2020 03:59:27 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730127AbgDWR7Z (ORCPT ); Thu, 23 Apr 2020 13:59:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48484 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729991AbgDWR7W (ORCPT ); Thu, 23 Apr 2020 13:59:22 -0400 Received: from mail-qv1-xf41.google.com (mail-qv1-xf41.google.com [IPv6:2607:f8b0:4864:20::f41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 278ECC09B043 for ; Thu, 23 Apr 2020 10:59:21 -0700 (PDT) Received: by mail-qv1-xf41.google.com with SMTP id q31so3315183qvf.11 for ; Thu, 23 Apr 2020 10:59:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=LHAoQYubidZTzuuO7yQAbFsrUp5zL/XObwidfX7j8rQ=; b=HPYwppnUNVY4dXEMK2vLImj6W6HQc+h5xxRFs2NEPTCaGBXGaZFw+HTSzIPqre3KN2 0VHipinsI32clRijMTxVkl6C26FescLmVHAOE/UClTt/IfUKhOef4nwUxNhQDivxRqBa h489JPLx/ZP5XCvHbQeErr3G4FPk9hIvRTk25aVBrfX1MPu54XKNKY8ijZ9e5xhRoE+E oqI4MC8IY2xixe+dEcadzGUKYrk3unVOR9RdzWUgMJafAqD6YBhyDbj7xvgjf/ueNWEZ sPmw4083OcviEsz/iAL0dWKTm3gtNJLI/9J6O/HLuTVENYLrXlnsl8nbaTLOk0SVjX+U 2jpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=LHAoQYubidZTzuuO7yQAbFsrUp5zL/XObwidfX7j8rQ=; b=AFODvJREVIcXE9IXqwF8xgt6SirqF648Dfikw8eVCPVcJrVX+DxAUJ71rGfuwOAO9O aMJQiCEZGzTm+fDxc0EnlWQGr0o4N2o7hc4atELmDbyEocgLaUlSc3Nwa4Q1g2Szd47H a3cBg4l4+UHuUpgMdgYJ5wIHeEul37OHsy8D/O3jtZcUNMqnkm3gpG7L+fzO0eF8lUAl LhLPmZVLJyYiJGeuM+DTqk9TZKm3AYP6sOd5seTlpgIJlekyj7I+g2x8hOImDX5OvkzB kE0PGSKGTtAlNOzIMZJFNvqfoRbeAPUFe5DZnyWRsbzrWbf2RjCT2lPWWSTnFjj5BPV/ NvLA== X-Gm-Message-State: AGi0PuadiYL8ZlSifv2W0r7r2lDBCNfvV2bEmMGI2W7mXeOyiMJwNE3k 3MtpX727ahYgd2ux8iOE7+ZcPw== X-Google-Smtp-Source: APiQypLBPillB356oN3plUFNezz4hLkk4ZeKk+VkDsBhPhbtoKf5IdvX+Tm1JzfIj06AdBbCtoglUQ== X-Received: by 2002:a0c:e105:: with SMTP id w5mr5490441qvk.118.1587664760279; Thu, 23 Apr 2020 10:59:20 -0700 (PDT) Received: from mojaone.lan (23-233-27-60.cpe.pppoe.ca. [23.233.27.60]) by smtp.gmail.com with ESMTPSA id 205sm2003040qkj.1.2020.04.23.10.59.18 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Apr 2020 10:59:19 -0700 (PDT) From: Jamal Hadi Salim X-Google-Original-From: Jamal Hadi Salim To: stephen@networkplumber.org Cc: netdev@vger.kernel.org, dsahern@gmail.com, aclaudi@redhat.com, daniel@iogearbox.net, asmadeus@codewreck.org, Jamal Hadi Salim Subject: [PATCH iproute2 v3 2/2] bpf: Fix mem leak and extraneous free() in error path Date: Thu, 23 Apr 2020 13:58:57 -0400 Message-Id: <20200423175857.20180-3-jhs@emojatatu.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200423175857.20180-1-jhs@emojatatu.com> References: <20200423175857.20180-1-jhs@emojatatu.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Jamal Hadi Salim Fixes: c0325b06382 ("bpf: replace snprintf with asprintf when dealing with long buffers") Signed-off-by: Jamal Hadi Salim --- lib/bpf.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/bpf.c b/lib/bpf.c index 73f3a590..b05c8568 100644 --- a/lib/bpf.c +++ b/lib/bpf.c @@ -1519,13 +1519,15 @@ static int bpf_make_custom_path(const struct bpf_elf_ctx *ctx, ret = asprintf(&rem, "%s/", todo); if (ret < 0) { fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); - goto out; + return ret; } sub = strtok(rem, "/"); while (sub) { - if (strlen(tmp) + strlen(sub) + 2 > PATH_MAX) - return -EINVAL; + if (strlen(tmp) + strlen(sub) + 2 > PATH_MAX) { + errno = EINVAL; + goto out; + } strcat(tmp, sub); strcat(tmp, "/");