bpf: Change bpf_obj_name_cpy() to better ensure map's name is init by 0

During get_info_by_fd, the prog/map name is memcpy-ed.  It depends
on the prog->aux->name and map->name to be zero initialized.

bpf_prog_aux is easy to guarantee that aux->name is zero init.

The name in bpf_map may be harder to be guaranteed in the future when
new map type is added.

Hence, this patch makes bpf_obj_name_cpy() to always zero init
the prog/map name.

Suggested-by: Daniel Borkmann <daniel@iogearbox.net>
Change-Id: Ib3bb6efbda0bd682e0cdad8617f587320d7dd397
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 0fd4a1a0dbe0909730f2a4247eaf1d1037b20fb2..99be25d4735a182044d0a152dcdbe7028a97ddb4 100644 (file)
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -363,6 +363,8 @@ static int bpf_obj_name_cpy(char *dst, const char *src)
 {
        const char *end = src + BPF_OBJ_NAME_LEN;
 
+       memset(dst, 0, BPF_OBJ_NAME_LEN);
+
        /* Copy all isalnum() and '_' char */
        while (src < end && *src) {
                if (!isalnum(*src) && *src != '_')
@@ -374,9 +376,6 @@ static int bpf_obj_name_cpy(char *dst, const char *src)
        if (src == end)
                return -EINVAL;
 
-       /* '\0' terminates dst */
-       *dst = 0;
-
        return 0;
 }