lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4089f118-662c-4ea2-131f-c8a9b702b6ca@iogearbox.net>
Date:   Mon, 30 May 2022 23:55:10 +0200
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Roberto Sassu <roberto.sassu@...wei.com>, ast@...nel.org,
        andrii@...nel.org, kpsingh@...nel.org
Cc:     bpf@...r.kernel.org, netdev@...r.kernel.org,
        linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] libbpf: Retry map access with read-only permission

On 5/30/22 10:45 AM, Roberto Sassu wrote:
> Retry map access with read-only permission, if access was denied when all
> permissions were requested (open_flags is set to zero). Write access might
> have been denied by the bpf_map security hook.
> 
> Some operations, such as show and dump, don't need write permissions, so
> there is a good chance of success with retrying.
> 
> Prefer this solution to extending the API, as otherwise a new mechanism
> would need to be implemented to determine the right permissions for an
> operation.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> ---
>   tools/lib/bpf/bpf.c | 5 +++++
>   1 file changed, 5 insertions(+)
> 
> diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c
> index 240186aac8e6..b4eec39021a4 100644
> --- a/tools/lib/bpf/bpf.c
> +++ b/tools/lib/bpf/bpf.c
> @@ -1056,6 +1056,11 @@ int bpf_map_get_fd_by_id(__u32 id)
>   	attr.map_id = id;
>   
>   	fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr));
> +	if (fd < 0) {
> +		attr.open_flags = BPF_F_RDONLY;
> +		fd = sys_bpf_fd(BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr));
> +	}
> +

But then what about bpf_obj_get() API in libbpf? attr.file_flags has similar
purpose as attr.open_flags in this case.

The other issue is that this could have upgrade implications, e.g. where an
application bailed out before, it is now passing wrt bpf_map_get_fd_by_id(),
but then suddenly failing during map update calls.

Imho, it might be better to be explicit about user intent w/o the lib doing
guess work upon failure cases (... or have the BPF LSM set the attr.open_flags
to BPF_F_RDONLY from within the BPF prog).

>   	return libbpf_err_errno(fd);
>   }
>   
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ