[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202507301608.C939FE7D9@keescook>
Date: Wed, 30 Jul 2025 16:09:33 -0700
From: Kees Cook <kees@...nel.org>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: Kumar Kartikeya Dwivedi <memxor@...il.com>, bpf <bpf@...r.kernel.org>,
Emil Tsalapatis <emil@...alapatis.com>,
Alexei Starovoitov <ast@...nel.org>,
Andrii Nakryiko <andrii@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <martin.lau@...nel.org>,
Eduard Zingerman <eddyz87@...il.com>,
Barret Rhoden <brho@...gle.com>,
Matt Bobrowski <mattbobrowski@...gle.com>, kkd@...a.com,
Kernel Team <kernel-team@...a.com>, linux-hardening@...r.kernel.org
Subject: Re: [PATCH bpf-next v5 08/12] bpf: Report rqspinlock
deadlocks/timeout to BPF stderr
On Wed, Jul 30, 2025 at 04:07:33PM -0700, Alexei Starovoitov wrote:
> On Wed, Jul 30, 2025 at 4:02 PM Kees Cook <kees@...nel.org> wrote:
> >
> > On Thu, Jul 03, 2025 at 01:48:14PM -0700, Kumar Kartikeya Dwivedi wrote:
> > > +static void bpf_prog_report_rqspinlock_violation(const char *str, void *lock, bool irqsave)
> > > +{
> > > + struct rqspinlock_held *rqh = this_cpu_ptr(&rqspinlock_held_locks);
> > > + struct bpf_stream_stage ss;
> > > + struct bpf_prog *prog;
> > > +
> > > + prog = bpf_prog_find_from_stack();
> > > + if (!prog)
> > > + return;
> > > + bpf_stream_stage(ss, prog, BPF_STDERR, ({
> > > + bpf_stream_printk(ss, "ERROR: %s for bpf_res_spin_lock%s\n", str, irqsave ? "_irqsave" : "");
> > > + bpf_stream_printk(ss, "Attempted lock = 0x%px\n", lock);
> > > + bpf_stream_printk(ss, "Total held locks = %d\n", rqh->cnt);
> > > + for (int i = 0; i < min(RES_NR_HELD, rqh->cnt); i++)
> > > + bpf_stream_printk(ss, "Held lock[%2d] = 0x%px\n", i, rqh->locks[i]);
> > > + bpf_stream_dump_stack(ss);
> >
> > Please don't include %px in stuff going back to userspace in standard
> > error reporting. That's a kernel address leak:
> > https://docs.kernel.org/process/deprecated.html#p-format-specifier
> >
> > I don't see any justification here, please remove the lock address or
> > use regular %p to get a hashed value.
>
> There is no leak here.
> The prog was loaded by root and error is read by root.
uid has nothing to do with it. Leaking addresses needs the right
capability set. Is that always true here?
--
Kees Cook
Powered by blists - more mailing lists