lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <nycvar.YFH.7.76.2212020135390.6045@cbobk.fhfr.pm>
Date:   Fri, 2 Dec 2022 01:40:04 +0100 (CET)
From:   Jiri Kosina <jikos@...nel.org>
To:     Benjamin Tissoires <benjamin.tissoires@...hat.com>
cc:     Florent Revest <revest@...omium.org>,
        Jon Hunter <jonathanh@...dia.com>, linux-input@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] HID: bpf: enforce HID_BPF dependencies

On Wed, 30 Nov 2022, Benjamin Tissoires wrote:

> As mentioned in the link below, having JIT and BPF is not enough to
> have fmod_ret and error injection APIs. This resolves the error that
> happens on a system without tracing enabled when hid-bpf tries to
> load itself.
> 
> Link: https://lore.kernel.org/r/CABRcYmKyRchQhabi1Vd9RcMQFCcb=EtWyEbFDFRTc-L-U8WhgA@mail.gmail.com
> Fixes: f5c27da4e3c8 ("HID: initial BPF implementation")
> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@...hat.com>
> ---
>  drivers/hid/bpf/Kconfig | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/hid/bpf/Kconfig b/drivers/hid/bpf/Kconfig
> index 298634fc3335..498232f9faa9 100644
> --- a/drivers/hid/bpf/Kconfig
> +++ b/drivers/hid/bpf/Kconfig
> @@ -4,7 +4,9 @@ menu "HID-BPF support"
>  config HID_BPF
>  	bool "HID-BPF support"
>  	default HID_SUPPORT
> -	depends on BPF && BPF_SYSCALL
> +	depends on BPF && BPF_SYSCALL && \
> +		   DYNAMIC_FTRACE_WITH_DIRECT_CALLS && \
> +		   FUNCTION_ERROR_INJECTION

FUNCTION_ERROR_INJECTION is a purely debugging feature, and not something 
we want to have enabled in production kernels (which is where HID-BPF 
should, on the other hand, be enabled). I am afraid this needs to go back 
to the drawing board.

JFTR, to make sure this gets properly discussed before 6.2 merge window 
opens up

	Nacked-by: Jiri Kosina <jkosina@...e.cz>

Which unfortunately means the whole hid-bpf implementation would need to 
be revised and postponed for 6.3 at least.

Sorry,

-- 
Jiri Kosina
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ