lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 1 Jun 2018 14:12:12 +0300
From:   "Dmitry V. Levin" <ldv@...linux.org>
To:     Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Eugene Syromiatnikov <esyr@...hat.com>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, Martin KaFai Lau <kafai@...com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Alexei Starovoitov <ast@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Jiri Olsa <jolsa@...nel.org>, Ingo Molnar <mingo@...nel.org>,
        Lawrence Brakmo <brakmo@...com>, Andrey Ignatov <rdna@...com>,
        Jakub Kicinski <jakub.kicinski@...ronome.com>,
        John Fastabend <john.fastabend@...il.com>
Subject: Re: [PATCH bpf 1/2] bpf: fix alignment of netns_dev/netns_ino fields
 in bpf_{map,prog}_info

On Fri, Jun 01, 2018 at 04:41:16AM -0400, Alexei Starovoitov wrote:
> On Fri, Jun 01, 2018 at 06:12:10AM +0300, Dmitry V. Levin wrote:
> > Hi,
> > 
> > Looks like the ABI bug in bpf_map_info and bpf_prog info introduced
> > in 4.16 is going to slip into 4.17, causing extra pain to 32-bit
> > userspace.  I'm adding Linus to this thread in hope it might help
> > to get a fix applied before 4.17 is released.
> 
> The issue identified in patch 1 is valid.
> These two fields won't be properly accessible by 32-bit user space
> on 64-bit kernel.

Yes, and currently there is no way to build a 32-bit userspace that would
work properly both with 32-bit and 64-bit kernels.

> But the fix in patch 1 is wrong.

Please elaborate.

> The patch 2 is completely unnecessary.

The patch 2 doesn't have to be backported to 4.16, but if it was
implemented in 4.16, there would be no bug to discuss.  That is,
the patch 2 is a good policy that would help to avoid this class of bugs
in the future.

Alexei, looks like your Acked-by on the buggy commit
52775b33bb5072fbc07b02c0cf4fe8da1f7ee7cd affects your judgement.
If this is the case, please refer patch 2 to other people who are less biased.

> Everyone can also see that the patches are still marked as 'new' in patchworks
> meaning that we didn't process them.
> At the moment many networking folks are traveling to netconf
> and we only had a chance to discuss this set last night.
> We'll try to send a fix in coming days.
> But regardless whether 4.17 is realesed this sunday or not
> we're not going to rush wrong patch in without proper code review
> and discussion.
> That future patch either will land in 4.17 (if it's dealyed into next sunday)
> or it will be sent to stable.

Note that the fix was submitted to netdev on 2018-05-27.
One week is surely enough to make this bug fixed, isn't it?

> To speed up the situation next time please report the issue that you find
> to public netdev mailing list instead of using proprietary distro emails.

Please explain to me and to the public what do you mean by making this
statement.

I do believe strace developers are free to discuss among themselves
using whatever means of communication they find appropriate.

I do believe the issue was properly reported to netdev, see
https://lkml.kernel.org/r/20180527112835.GA9118@asgard.redhat.com
https://lkml.kernel.org/r/20180527112842.GA18204@asgard.redhat.com

I'd like to use this opportunity to thank Eugene for submitting the fix
the same day the issue was identified as a kernel bug.

Alexei, please do not exclude my email address from this discussion.
Thanks.

> > On Wed, May 30, 2018 at 09:18:58PM +0300, Dmitry V. Levin wrote:
> > > On Sun, May 27, 2018 at 01:28:42PM +0200, Eugene Syromiatnikov wrote:
> > > > Recent introduction of netns_dev/netns_ino to bpf_map_info/bpf_prog info
> > > > has broken compat, as offsets of these fields are different in 32-bit
> > > > and 64-bit ABIs.  One fix (other than implementing compat support in
> > > > syscall in order to handle this discrepancy) is to use __aligned_u64
> > > > instead of __u64 for these fields.
> > > > 
> > > > Reported-by: Dmitry V. Levin <ldv@...linux.org>
> > > > Fixes: 52775b33bb507 ("bpf: offload: report device information about
> > > > offloaded maps")
> > > > Fixes: 675fc275a3a2d ("bpf: offload: report device information for
> > > > offloaded programs")
> > > > 
> > > > Signed-off-by: Eugene Syromiatnikov <esyr@...hat.com>
> > > 
> > > Reviewed-by: "Dmitry V. Levin" <ldv@...linux.org>
> > > Cc: <stable@...r.kernel.org> # v4.16+
> > > 
> > > Thanks,
> > > 
> > > > ---
> > > >  include/uapi/linux/bpf.h       | 8 ++++----
> > > >  tools/include/uapi/linux/bpf.h | 8 ++++----
> > > >  2 files changed, 8 insertions(+), 8 deletions(-)
> > > > 
> > > > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> > > > index c5ec897..903010a 100644
> > > > --- a/include/uapi/linux/bpf.h
> > > > +++ b/include/uapi/linux/bpf.h
> > > > @@ -1017,8 +1017,8 @@ struct bpf_prog_info {
> > > >  	__aligned_u64 map_ids;
> > > >  	char name[BPF_OBJ_NAME_LEN];
> > > >  	__u32 ifindex;
> > > > -	__u64 netns_dev;
> > > > -	__u64 netns_ino;
> > > > +	__aligned_u64 netns_dev;
> > > > +	__aligned_u64 netns_ino;
> > > >  } __attribute__((aligned(8)));
> > > >  
> > > >  struct bpf_map_info {
> > > > @@ -1030,8 +1030,8 @@ struct bpf_map_info {
> > > >  	__u32 map_flags;
> > > >  	char  name[BPF_OBJ_NAME_LEN];
> > > >  	__u32 ifindex;
> > > > -	__u64 netns_dev;
> > > > -	__u64 netns_ino;
> > > > +	__aligned_u64 netns_dev;
> > > > +	__aligned_u64 netns_ino;
> > > >  } __attribute__((aligned(8)));
> > > >  
> > > >  /* User bpf_sock_addr struct to access socket fields and sockaddr struct passed
> > > > diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> > > > index c5ec897..903010a 100644
> > > > --- a/tools/include/uapi/linux/bpf.h
> > > > +++ b/tools/include/uapi/linux/bpf.h
> > > > @@ -1017,8 +1017,8 @@ struct bpf_prog_info {
> > > >  	__aligned_u64 map_ids;
> > > >  	char name[BPF_OBJ_NAME_LEN];
> > > >  	__u32 ifindex;
> > > > -	__u64 netns_dev;
> > > > -	__u64 netns_ino;
> > > > +	__aligned_u64 netns_dev;
> > > > +	__aligned_u64 netns_ino;
> > > >  } __attribute__((aligned(8)));
> > > >  
> > > >  struct bpf_map_info {
> > > > @@ -1030,8 +1030,8 @@ struct bpf_map_info {
> > > >  	__u32 map_flags;
> > > >  	char  name[BPF_OBJ_NAME_LEN];
> > > >  	__u32 ifindex;
> > > > -	__u64 netns_dev;
> > > > -	__u64 netns_ino;
> > > > +	__aligned_u64 netns_dev;
> > > > +	__aligned_u64 netns_ino;
> > > >  } __attribute__((aligned(8)));
> > > >  
> > > >  /* User bpf_sock_addr struct to access socket fields and sockaddr struct passed


-- 
ldv

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists