chore: ebpf toolchain upgrade (#168)

kunai-project · Jan 17, 2025 · caa35ce · caa35ce
1 parent 29e3bb1
commit caa35ce
Show file tree

Hide file tree

Showing 7 changed files with 506 additions and 497 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/kunai-common/Cargo.toml b/kunai-common/Cargo.toml
@@ -13,7 +13,7 @@ default = []
 user = ["aya", "dns-parser", "uuid", "thiserror", "serde"]
 
 [build-dependencies]
-bindgen = "0.69"
+bindgen = "0.71"
 
 [dependencies]
 # optional deps (only for userland)

diff --git a/kunai-common/src/buffer/bpf.rs b/kunai-common/src/buffer/bpf.rs
@@ -69,19 +69,27 @@ impl<const N: usize> Buffer<N> {
             return Err(Error::BufferFull);
         }
 
-        if check_bounds_signed(len, 0, N as i64) && check_bounds_signed(size, 1, N as i64) {
-            if gen::bpf_probe_read_user(
-                self.buf[len as usize..N].as_mut_ptr() as *mut _,
-                size as u32,
-                iov_base as *const _,
-            ) < 0
-            {
-                return Err(Error::FailedToReadIovec);
-            }
+        // we check map access is not OOB
+        if !check_bounds_signed(len, 0, N as i64) {
+            return Ok(());
+        }
 
-            self.len += size as usize;
+        // we check we will not write OOB
+        if !check_bounds_signed(size, 0, N as i64) {
+            return Ok(());
         }
 
+        if gen::bpf_probe_read_user(
+            self.buf[len as usize..N].as_mut_ptr() as *mut _,
+            (size as u32).clamp(0, N as u32),
+            iov_base as *const _,
+        ) < 0
+        {
+            return Err(Error::FailedToReadIovec);
+        }
+
+        self.len += size as usize;
+
         Ok(())
     }
 
@@ -105,19 +113,27 @@ impl<const N: usize> Buffer<N> {
             return Err(Error::BufferFull);
         }
 
-        if check_bounds_signed(len, 0, N as i64) && check_bounds_signed(size, 1, N as i64) {
-            if gen::bpf_probe_read_kernel(
-                self.buf[len as usize..N].as_mut_ptr() as *mut _,
-                size as u32,
-                bvec_base as *const _,
-            ) < 0
-            {
-                return Err(Error::FailedToReadBioVec);
-            }
+        // we check map access is not OOB
+        if !check_bounds_signed(len, 0, N as i64) {
+            return Ok(());
+        }
 
-            self.len += size as usize;
+        // we check we will not write OOB
+        if !check_bounds_signed(size, 0, N as i64) {
+            return Ok(());
         }
 
+        if gen::bpf_probe_read_kernel(
+            self.buf[len as usize..N].as_mut_ptr() as *mut _,
+            (size as u32).clamp(0, N as u32),
+            bvec_base as *const _,
+        ) < 0
+        {
+            return Err(Error::FailedToReadBioVec);
+        }
+
+        self.len += size as usize;
+
         Ok(())
     }