On Sun, Jul 17, 2016 at 03:19:13AM -0700, Sargun Dhillon wrote:
>
> +static u64 bpf_copy_to_user(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
> +{
> + void *to = (void *) (long) r1;
> + void *from = (void *) (long) r2;
> + int size = (int) r3;
> +
> + /* check if we're in a user context */
> + if (unlikely(in_interrupt()))
> + return -EINVAL;
> + if (unlikely(!current->pid))
> + return -EINVAL;
> +
> + return copy_to_user(to, from, size);
> +}
thanks for the patch, unfortunately it's not that straightforward.
copy_to_user might fault. Try enabling CONFIG_DEBUG_ATOMIC_SLEEP and
you'll see the splat since bpf programs are protected by rcu.
Also 'current' can be null and I'm not sure what current->pid does.
So the writing to user memory either has to be verified to avoid
sleeping and faults or we need to use something like task_work_add
mechanism. Ideas are certainly welcome.
