| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 26 Oct 2015 07:13:08 +0000
From: Wang Nan <wangnan0@...wei.com>
To: <acme@...nel.org>, <ast@...nel.org>
CC: <linux-kernel@...r.kernel.org>, <pi3orama@....com>,
<lizefan@...wei.com>, Wang Nan <wangnan0@...wei.com>,
Arnaldo Carvalho de Melo <acme@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
Wu Fengguang <fengguang.wu@...el.com>
Subject: [net-next PATCHv2] bpf: Output error message to logbuf when loading failure
Many reasons can make bpf_prog_load() return EINVAL. This patch utilizes
logbuf to deliver the actual reason of the failure.
Without this patch, it is very easy for user to pass an object with
"version" section not match the kernel version code, and the problem
is hard to determine from return code (EINVAL).
Signed-off-by: Wang Nan <wangnan0@...wei.com>
Cc: Alexei Starovoitov <ast@...nel.org>
Cc: Arnaldo Carvalho de Melo <acme@...hat.com>
Cc: David S. Miller <davem@...emloft.net>
Cc: Wu Fengguang <fengguang.wu@...el.com>
---
kernel/bpf/syscall.c | 45 ++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 42 insertions(+), 3 deletions(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 687dd6c..719d0cb 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -17,6 +17,7 @@
#include <linux/license.h>
#include <linux/filter.h>
#include <linux/version.h>
+#include <linux/bug.h>
int sysctl_unprivileged_bpf_disabled __read_mostly;
@@ -574,6 +575,35 @@ struct bpf_prog *bpf_prog_get(u32 ufd)
}
EXPORT_SYMBOL_GPL(bpf_prog_get);
+static void
+bpf_prog_load_note(union bpf_attr *attr, const char *fmt, ...)
+{
+ u32 log_level, log_size;
+ char __user *log_ubuf = NULL;
+ /* 64 chars should be long enough for a one line note. */
+ char log_buf[64];
+ va_list args;
+
+ log_ubuf = (char __user *) (unsigned long) attr->log_buf;
+ log_level = attr->log_level;
+ log_size = sizeof(log_buf);
+ if (attr->log_size < log_size)
+ log_size = attr->log_size;
+
+ if (log_level == 0 || !log_size || !log_ubuf)
+ return;
+
+ va_start(args, fmt);
+ vscnprintf(log_buf, log_size, fmt, args);
+ va_end(args);
+ log_buf[sizeof(log_buf) - 1] = '\0';
+
+ /* Don't need care the copying result too much */
+ WARN(copy_to_user(log_ubuf, log_buf, log_size),
+ KERN_WARNING "Failed to copy BPF error note '%s' to log buffer\n",
+ log_buf);
+}
+
/* last field in 'union bpf_attr' used by this command */
#define BPF_PROG_LOAD_LAST_FIELD kern_version
@@ -597,12 +627,19 @@ static int bpf_prog_load(union bpf_attr *attr)
/* eBPF programs must be GPL compatible to use GPL-ed functions */
is_gpl = license_is_gpl_compatible(license);
- if (attr->insn_cnt >= BPF_MAXINSNS)
+ if (attr->insn_cnt >= BPF_MAXINSNS) {
+ bpf_prog_load_note(attr, "Too many instructions: %d > %d\n",
+ attr->insn_cnt, BPF_MAXINSNS);
return -EINVAL;
+ }
if (type == BPF_PROG_TYPE_KPROBE &&
- attr->kern_version != LINUX_VERSION_CODE)
+ attr->kern_version != LINUX_VERSION_CODE) {
+ bpf_prog_load_note(attr,
+ "Kernel version mismatch: 0x%x != 0x%x\n",
+ attr->kern_version, LINUX_VERSION_CODE);
return -EINVAL;
+ }
if (type != BPF_PROG_TYPE_SOCKET_FILTER && !capable(CAP_SYS_ADMIN))
return -EPERM;
@@ -631,8 +668,10 @@ static int bpf_prog_load(union bpf_attr *attr)
/* find program type: socket_filter vs tracing_filter */
err = find_prog_type(type, prog);
- if (err < 0)
+ if (err < 0) {
+ bpf_prog_load_note(attr, "Invalid program type: %d\n", type);
goto free_prog;
+ }
/* run eBPF verifier */
err = bpf_check(&prog, attr);
--
1.8.3.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists