bpf: add a comment about bpf_attr decoding

author Eugene Syromyatnikov <evgsyr@gmail.com>

Sun, 4 Mar 2018 19:31:25 +0000 (20:31 +0100)

committer Dmitry V. Levin <ldv@altlinux.org>

Wed, 4 Apr 2018 20:32:42 +0000 (20:32 +0000)
author Eugene Syromyatnikov <evgsyr@gmail.com>
Sun, 4 Mar 2018 19:31:25 +0000 (20:31 +0100)
committer Dmitry V. Levin <ldv@altlinux.org>
Wed, 4 Apr 2018 20:32:42 +0000 (20:32 +0000)
diff --git a/bpf.c b/bpf.c

index e2b7700eff8f3ef13c653052042fdf77b231fbbf..b7b9b31895bbac0a5ee6d3d9a04e19f0f18587a1 100644 (file)
--- a/bpf.c
+++ b/bpf.c
@@ -76,6 +76,15 @@ bpf_cmd_decoder(struct tcb *const tcp,                                       \
  
  typedef DECL_BPF_CMD_DECODER((*bpf_cmd_decoder_t));
  
+/*
+ * A note about bpf syscall decoder: it doesn't perform any size sanity checks,
+ * so even if it leads to partial copying of one of the fields, the command
+ * handler will still use the (partially-copied-from-userspace, partially
+ * zeroed) field value.  That's why we stop decoding and check for known sizes
+ * that correspond to released versions of the structure used by the specific
+ * command - it looks like the most sensible way to parse this insanity.
+ */
+
  static int
  decode_attr_extra_data(struct tcb *const tcp,
                        const char *data,
author	Eugene Syromyatnikov <evgsyr@gmail.com>
	Sun, 4 Mar 2018 19:31:25 +0000 (20:31 +0100)
committer	Dmitry V. Levin <ldv@altlinux.org>
	Wed, 4 Apr 2018 20:32:42 +0000 (20:32 +0000)