On Fri, Apr 28, 2023 at 6:58 PM Daniel Rosenberg drosen@google.com wrote:
On Thu, Apr 6, 2023 at 2:09 PM Andrii Nakryiko andrii.nakryiko@gmail.com wrote:
would this work correctly if someone passes a non-null buffer with too small size? Can you please add a test for this use case.
Working on a test case for this, but the test case I wrote fails without my patches. I'm just declaring a buffer of size 9 on the stack, and then passing in bpf_dynptr_slice that buffer, and size 10. That's passing the verifier just fine. In fact, it loads successfully up to size 16. I'm guessing that's adjusting for alignment? Still feels very strange. Is that expected behavior?
pointer to stack is trickier (verifier will just mark part of stack as overwritten with random data), it's best to use map value pointer as a source of buffer. So try using ARRAY map with small value_size, do lookup_elem, check for NULL, and pass non-NULL pointer as a buffer.