bpf: fix path truncation in cwd and copying path arguments #3427
+86
−29
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mtardy
added
the
release-note/bug
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
The functions called by copy_path were updated to support up to 4096 long paths, from d_path_local to prepend_name. However, before that update, copy_path was updated to reuse the work done via d_path_local. Eventually, it didn't take into account that the returned buffer can be well beyond 256 chars now. The patch fixes this by truncating to 4095 chars instead of 255. Signed-off-by: Mahe Tardy <[email protected]>
mtardy
force-pushed
the
pr/mtardy/fix-path-truncation
branch
2 times, most recently
from
c61ad84 to
f655438
Compare
Commit 834b5fe ("String: Support longer exact match strings") added limitations on the size of strings parsed in userspace from the kernel which ended up creating a bug: longer strings can technically be passed in the event args and truncating ended up parsing incorrect flag and i_mode values. Since the size is a security measure, I don't see the point of limiting the value based on kernel value. Signed-off-by: Mahe Tardy <[email protected]>
The asm was maybe no longer necessary and was restricting the maximum size to be 1188. Signed-off-by: Mahe Tardy <[email protected]>
mtardy
force-pushed
the
pr/mtardy/fix-path-truncation
branch
from
f655438 to
8a8506f
Compare
This test make sure that we don't have a regression on the bug fixed in the previous commit about truncating long args. Signed-off-by: Mahe Tardy <[email protected]>
The current working directory was truncated to 256 while the underlying buffer read into a buffer of 4096. This patch is raising the truncation to 4096, making it complete as it's the max on linux. Signed-off-by: Mahe Tardy <[email protected]>
Add a checker for a long cwd. Maybe this should be split into two different tests but in a way it tests the same thing, reuse the same directory structure, and we end up not having to restart tetragon twice. Signed-off-by: Mahe Tardy <[email protected]>
mtardy
force-pushed
the
pr/mtardy/fix-path-truncation
branch
from
8a8506f to
ab9fdf5
Compare
mtardy
changed the title
mtardy
requested review from
jrfastab,
kevsecurity,
olsajiri,
tpapagian and
kkourt
and removed request for
jrfastab
|
Hey @kevsecurity, could you check that 3e39741 is okay for you? Not sure why those specific lines were added in the first place, it seems wrong. |
|
Thanks @mtardy. Should we add backport tags for this PR? |
mtardy
added
needs-backport/1.2
They were there to mirror the existing code I was replacing with the hash maps. I probably got carried away unnecessarily and, as you say, created a bug as a result. |
This was referenced Feb 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We bumped the size of the underlying prepend_name buffer to 4096 #2764 but many users were still truncating the returned size to 255.