ebpf: Ensure the bounds of log buffer

eBPF verifier rejects programs which are not checking the bounds of the
log buffer before writing any arguments. This change ensures that
written log arguments.

In practice, it means that doing this kind of checks is not going to be
needed in eBPF program code anymore:

33a1aee2ea/echo-ebpf/src/main.rs (L47)

Tested on:

876f8b4551

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
pull/350/head
Michal Rostecki 3 years ago committed by Dave Tucker
parent 70b4e68130
commit 628b473e09

@ -92,6 +92,9 @@ pub(crate) fn log(args: LogArgs, level: Option<TokenStream>) -> Result<TokenStre
let write_args = quote! {{ let write_args = quote! {{
use ::aya_log_ebpf::WriteToBuf; use ::aya_log_ebpf::WriteToBuf;
Ok::<_, ()>(record_len) #( .and_then(|record_len| { Ok::<_, ()>(record_len) #( .and_then(|record_len| {
if record_len >= buf.buf.len() {
return Err(());
}
{ #formatting_exprs }.write(&mut buf.buf[record_len..]).map(|len| record_len + len) { #formatting_exprs }.write(&mut buf.buf[record_len..]).map(|len| record_len + len)
}) )* }) )*
}}; }};

Loading…
Cancel
Save