From: Eugene Syromyatnikov <evgsyr@gmail.com>
Date: Sun, 4 Mar 2018 19:31:25 +0000 (+0100)
Subject: bpf: add a comment about bpf_attr decoding
X-Git-Tag: v4.22~16
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b10995d9822c497736166837c1fb428c3f809b6d;p=strace

bpf: add a comment about bpf_attr decoding

* bpf.c: Add comment.
---

diff --git a/bpf.c b/bpf.c
index e2b7700e..b7b9b318 100644
--- a/bpf.c
+++ b/bpf.c
@@ -76,6 +76,15 @@ bpf_cmd_decoder(struct tcb *const tcp,					\
 
 typedef DECL_BPF_CMD_DECODER((*bpf_cmd_decoder_t));
 
+/*
+ * A note about bpf syscall decoder: it doesn't perform any size sanity checks,
+ * so even if it leads to partial copying of one of the fields, the command
+ * handler will still use the (partially-copied-from-userspace, partially
+ * zeroed) field value.  That's why we stop decoding and check for known sizes
+ * that correspond to released versions of the structure used by the specific
+ * command - it looks like the most sensible way to parse this insanity.
+ */
+
 static int
 decode_attr_extra_data(struct tcb *const tcp,
 		       const char *data,