| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Jul 2022 21:44:50 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Yonghong Song <yhs@...com>
Cc: Alan Maguire <alan.maguire@...cle.com>,
Alexei Starovoitov <ast@...nel.org>,
Andrii Nakryiko <andrii@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin Lau <kafai@...com>, Song Liu <songliubraving@...com>,
john fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>, Jiri Olsa <jolsa@...nel.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
David Vernet <void@...ifault.com>, swboyd@...omium.org,
Nick Desaulniers <ndesaulniers@...gle.com>,
Dmitrii Dolgov <9erthalion6@...il.com>,
Kenny Yu <kennyyu@...com>,
Geliang Tang <geliang.tang@...e.com>,
Kuniyuki Iwashima <kuniyu@...zon.co.jp>,
bpf <bpf@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 bpf-next 1/2] bpf: add a ksym BPF iterator
On Fri, Jul 1, 2022 at 10:58 PM Yonghong Song <yhs@...com> wrote:
>
>
>
> On 7/1/22 2:26 AM, Alan Maguire wrote:
> > add a "ksym" iterator which provides access to a "struct kallsym_iter"
> > for each symbol. Intent is to support more flexible symbol parsing
> > as discussed in [1].
> >
> > [1] https://lore.kernel.org/all/YjRPZj6Z8vuLeEZo@krava/
> >
> > Suggested-by: Alexei Starovoitov <alexei.starovoitov@...il.com>
> > Signed-off-by: Alan Maguire <alan.maguire@...cle.com>
> > ---
> > kernel/kallsyms.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 89 insertions(+)
> >
> > diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
> > index fbdf8d3..8b662da 100644
> > --- a/kernel/kallsyms.c
> > +++ b/kernel/kallsyms.c
> > @@ -30,6 +30,7 @@
> > #include <linux/module.h>
> > #include <linux/kernel.h>
> > #include <linux/bsearch.h>
> > +#include <linux/btf_ids.h>
> >
> > /*
> > * These will be re-linked against their real values
> > @@ -799,6 +800,91 @@ static int s_show(struct seq_file *m, void *p)
> > .show = s_show
> > };
> >
> > +#ifdef CONFIG_BPF_SYSCALL
> > +
> > +struct bpf_iter__ksym {
> > + __bpf_md_ptr(struct bpf_iter_meta *, meta);
> > + __bpf_md_ptr(struct kallsym_iter *, ksym);
> > +};
> > +
> > +static int ksym_prog_seq_show(struct seq_file *m, bool in_stop)
> > +{
> > + struct bpf_iter__ksym ctx;
> > + struct bpf_iter_meta meta;
> > + struct bpf_prog *prog;
> > +
> > + meta.seq = m;
> > + prog = bpf_iter_get_info(&meta, in_stop);
> > + if (!prog)
> > + return 0;
> > +
> > + ctx.meta = &meta;
> > + ctx.ksym = m ? m->private : NULL;
> > + return bpf_iter_run_prog(prog, &ctx);
> > +}
> > +
> > +static int bpf_iter_ksym_seq_show(struct seq_file *m, void *p)
> > +{
> > + return ksym_prog_seq_show(m, false);
> > +}
> > +
> > +static void bpf_iter_ksym_seq_stop(struct seq_file *m, void *p)
> > +{
> > + if (!p)
> > + (void) ksym_prog_seq_show(m, true);
> > + else
> > + s_stop(m, p);
> > +}
> > +
> > +static const struct seq_operations bpf_iter_ksym_ops = {
> > + .start = s_start,
> > + .next = s_next,
> > + .stop = bpf_iter_ksym_seq_stop,
> > + .show = bpf_iter_ksym_seq_show,
> > +};
> > +
> > +static int bpf_iter_ksym_init(void *priv_data, struct bpf_iter_aux_info *aux)
> > +{
> > + struct kallsym_iter *iter = priv_data;
> > +
> > + reset_iter(iter, 0);
> > +
> > + iter->show_value = true;
>
> I think instead of always having show_value = true, we should have
> iter->show_value = kallsyms_show_value(...);
>
> this is consistent with what `cat /proc/kallsyms` is doing, and
> also consistent with bpf_dump_raw_ok() used when dumping various
> kernel info in syscall.c.
>
> We don't have a file here, so credential can be from the current
> process with current_cred().
This seems wrong to use current_cred(). show_value is used to not
"leak" pointer values to unprivileged user-space, right? In our case
BPF iterator is privileged, so there is no need to hide (or mangle,
didn't check) values.
If it happens that a privileged process loads iter/ksym program and
then passes prog FD to unprivileged one to read iterator output,
iter/ksym should still get correct symbol values.
I think the initial approach with show_value = true is the right one
-- give all the information as it is to BPF iterator.
>
> > +
> > + return 0;
> > +}
> > +
> > +DEFINE_BPF_ITER_FUNC(ksym, struct bpf_iter_meta *meta, struct kallsym_iter *ksym)
> > +
> > +static const struct bpf_iter_seq_info ksym_iter_seq_info = {
> > + .seq_ops = &bpf_iter_ksym_ops,
> > + .init_seq_private = bpf_iter_ksym_init,
> > + .fini_seq_private = NULL,
> > + .seq_priv_size = sizeof(struct kallsym_iter),
> > +};
> > +
> > +static struct bpf_iter_reg ksym_iter_reg_info = {
> > + .target = "ksym",
> > + .ctx_arg_info_size = 1,
> > + .ctx_arg_info = {
> > + { offsetof(struct bpf_iter__ksym, ksym),
> > + PTR_TO_BTF_ID_OR_NULL },
> > + },
> > + .seq_info = &ksym_iter_seq_info,
> > +};
> > +
> > +BTF_ID_LIST(btf_ksym_iter_id)
> > +BTF_ID(struct, kallsym_iter)
> > +
> > +static void __init bpf_ksym_iter_register(void)
> > +{
> > + ksym_iter_reg_info.ctx_arg_info[0].btf_id = *btf_ksym_iter_id;
> > + if (bpf_iter_reg_target(&ksym_iter_reg_info))
> > + pr_warn("Warning: could not register bpf ksym iterator\n");
> > +}
> > +
> > +#endif /* CONFIG_BPF_SYSCALL */
> > +
> > static inline int kallsyms_for_perf(void)
> > {
> > #ifdef CONFIG_PERF_EVENTS
> > @@ -885,6 +971,9 @@ const char *kdb_walk_kallsyms(loff_t *pos)
> > static int __init kallsyms_init(void)
> > {
> > proc_create("kallsyms", 0444, NULL, &kallsyms_proc_ops);
> > +#if defined(CONFIG_BPF_SYSCALL)
> > + bpf_ksym_iter_register();
>
> You can inline this function here and if bpf_iter_reg_target(...)
> failed, just return the error code.
>
> > +#endif
> > return 0;
> > }
> > device_initcall(kallsyms_init);
Powered by blists - more mailing lists