bpf: fix path truncation in copying path arguments #3427
+86
−29
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
mtardy
commented
Feb 20, 2025
mtardy
commented
mtardy
added
the
release-note/bug
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
The functions called by copy_path were updated to support up to 4096 long paths, from d_path_local to prepend_name. However, before that update, copy_path was updated to reuse the work done via d_path_local. Eventually, it didn't take into account that the returned buffer can be well beyond 256 chars now. The patch fixes this by truncating to 4095 chars instead of 255. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
mtardy
force-pushed
the
pr/mtardy/fix-path-truncation
branch
2 times, most recently
from
c61ad84 to
f655438
Compare
Commit 834b5fe ("String: Support longer exact match strings") added limitations on the size of strings parsed in userspace from the kernel which ended up creating a bug: longer strings can technically be passed in the event args and truncating ended up parsing incorrect flag and i_mode values. Since the size is a security measure, I don't see the point of limiting the value based on kernel value. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
The asm was maybe no longer necessary and was restricting the maximum size to be 1188. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
mtardy
force-pushed
the
pr/mtardy/fix-path-truncation
branch
from
f655438 to
8a8506f
Compare
This test make sure that we don't have a regression on the bug fixed in the previous commit about truncating long args. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
The current working directory was truncated to 256 while the underlying buffer read into a buffer of 4096. This patch is raising the truncation to 4096, making it complete as it's the max on linux. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
Add a checker for a long cwd. Maybe this should be split into two different tests but in a way it tests the same thing, reuse the same directory structure, and we end up not having to restart tetragon twice. Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com>
mtardy
force-pushed
the
pr/mtardy/fix-path-truncation
branch
from
8a8506f to
ab9fdf5
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.