| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Nov 2017 06:39:28 +0900
From: Alexei Starovoitov <ast@...com>
To: Y Song <ys114321@...il.com>,
"Naveen N. Rao" <naveen.n.rao@...ux.vnet.ibm.com>
CC: netdev <netdev@...r.kernel.org>,
Sandipan Das <sandipan@...ux.vnet.ibm.com>,
Brendan Gregg <brendan.d.gregg@...il.com>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <kafai@...com>,
Kees Cook <keescook@...omium.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH] bpf: Add helpers to read useful task_struct members
On 11/8/17 6:14 AM, Y Song wrote:
> On Tue, Nov 7, 2017 at 12:37 AM, Naveen N. Rao
> <naveen.n.rao@...ux.vnet.ibm.com> wrote:
>> Alexei Starovoitov wrote:
>>>
>>> On 11/7/17 12:55 AM, Naveen N. Rao wrote:
>>>>>
>>>>> I thought such struct shouldn't change layout.
>>>>> If it is we need to fix include/linux/compiler-clang.h to do that
>>>>> anon struct as well.
>>>>
>>>>
>>>> We considered that, but it looked to be very dependent on the version of
>>>> gcc used to build the kernel. But, this may be a simpler approach for
>>>> the shorter term.
>>>>
>>>
>>> why it would depend on version of gcc?
>>
>>
>> From what I can see, randomized_struct_fields_start is defined only for gcc
>>> = 4.6. For older versions, it does not get mapped to an anonymous
>> structure. We may not care for older gcc versions, but..
>>
>> The other issue was that __randomize_layout maps to __designated_init when
>> randstruct plugin is not enabled, which is in turn an attribute on gcc >=
>> v5.1, but not otherwise.
>>
>>> We just need this, no?
>>>
>>> diff --git a/include/linux/compiler-clang.h
>>> b/include/linux/compiler-clang.h
>>> index de179993e039..4e29ab6187cb 100644
>>> --- a/include/linux/compiler-clang.h
>>> +++ b/include/linux/compiler-clang.h
>>> @@ -15,3 +15,6 @@
>>> * with any version that can compile the kernel
>>> */
>>> #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix),
>>> __COUNTER__)
>>> +
>>> +#define randomized_struct_fields_start struct {
>>> +#define randomized_struct_fields_end };
>>>
>>> since offsets are mandated by C standard.
>>
>>
>> Yes, this is what we're testing with and is probably sufficient for our
>> purposes.
>
> Just tested this with bcc. bcc actually complains. the rewriter
> is not able to rewrite prev->pid where prev is "struct task_struct *prev".
> I will change bcc rewriter to see whether the field value is correct or not.
>
> Not sure my understanding is correct or not, but I am afraid that
> the above approach for clang compiler change may not work.
> If clang calculates the field offset based on header file, the offset
> may not be the same as kernel one....
why is that?
When randomization is off both gcc and clang must generate the same
offsets, since it's C standard.
bcc rewriter issue is odd. I suspect it was broken from day one.
Meaning that bcc didn't support poking into anonymous union and structs.
> I verified that the drawf info with randomized structure config does not
> match randomized structure member offset. Specifically, I tried
> linux/proc_ns.h struct proc_ns_operations,
> dwarf says:
> field name: offset 0
> field real_ns_name: offset 8
> But if you print out the real offset at runtime, you get 40 and 16 respectively.
thanks for confirming. It means that gcc randomization plugin is broken
and has to be fixed with regard to adjusting debug info while
randomizing the fields.
Powered by blists - more mailing lists