| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Oct 2021 10:54:55 +0530
From: Kumar Kartikeya Dwivedi <memxor@...il.com>
To: Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc: bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Toke Høiland-Jørgensen <toke@...hat.com>,
Networking <netdev@...r.kernel.org>
Subject: Re: [PATCH bpf-next v1 3/6] libbpf: Ensure that module BTF fd is
never 0
On Wed, Oct 06, 2021 at 10:11:29AM IST, Andrii Nakryiko wrote:
> On Tue, Oct 5, 2021 at 5:29 PM Kumar Kartikeya Dwivedi <memxor@...il.com> wrote:
> >
> > Since the code assumes in various places that BTF fd for modules is
> > never 0, if we end up getting fd as 0, obtain a new fd > 0. Even though
> > fd 0 being free for allocation is usually an application error, it is
> > still possible that we end up getting fd 0 if the application explicitly
> > closes its stdin. Deal with this by getting a new fd using dup and
> > closing fd 0.
> >
> > Signed-off-by: Kumar Kartikeya Dwivedi <memxor@...il.com>
> > ---
> > tools/lib/bpf/libbpf.c | 14 ++++++++++++++
> > 1 file changed, 14 insertions(+)
> >
> > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> > index d286dec73b5f..3e5e460fe63e 100644
> > --- a/tools/lib/bpf/libbpf.c
> > +++ b/tools/lib/bpf/libbpf.c
> > @@ -4975,6 +4975,20 @@ static int load_module_btfs(struct bpf_object *obj)
> > pr_warn("failed to get BTF object #%d FD: %d\n", id, err);
> > return err;
> > }
> > + /* Make sure module BTF fd is never 0, as kernel depends on it
> > + * being > 0 to distinguish between vmlinux and module BTFs,
> > + * e.g. for BPF_PSEUDO_BTF_ID ld_imm64 insns (ksyms).
> > + */
> > + if (!fd) {
> > + fd = dup(0);
>
> This is not the only place where we make assumptions that fd > 0 but
> technically can get fd == 0. Instead of doing such a check in every
> such place, would it be possible to open (cheaply) some FD (/dev/null
> or whatever, don't know what's the best file to open), if we detect
> that FD == 0 is not allocated? Can we detect that fd 0 is not
> allocated?
>
We can, e.g. using access("/proc/self/fd/0", F_OK), but I think just calling
open unconditonally and doing if (ret > 0) close(ret) is better. Also, do I
leave it lingering, or should I close(0) if we created it on destroy?
> Doing something like that in bpf_object__open() or bpf_object__load()
> would make everything much simpler and we'll have a guarantee that fd
> == 0 is not going to be allocated (unless someone accidentally or not
> accidentally does close(0), but that's entirely different story).
>
> > + if (fd < 0) {
> > + err = -errno;
> > + pr_warn("failed to dup BTF object #%d FD 0 to FD > 0: %d\n", id, err);
> > + close(0);
> > + return err;
> > + }
> > + close(0);
> > + }
> >
> > len = sizeof(info);
> > memset(&info, 0, sizeof(info));
> > --
> > 2.33.0
> >
--
Kartikeya
Powered by blists - more mailing lists