lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 13 Jul 2023 16:17:39 -0700
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     "GONG, Ruiqi" <gongruiqi@...weicloud.com>
Cc:     Yonghong Song <yhs@...com>, Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <martin.lau@...ux.dev>,
        Song Liu <song@...nel.org>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Stanislav Fomichev <sdf@...gle.com>,
        Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
        bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
        Wang Weiyang <wangweiyang2@...wei.com>,
        Xiu Jianfeng <xiujianfeng@...wei.com>, gongruiqi1@...wei.com
Subject: Re: [PATCH] bpf: Add support of skipping the current object for
 bpf_iter progs

On Thu, Jul 13, 2023 at 01:13:23PM +0800, GONG, Ruiqi wrote:
> bpf_seq_read() can accept three different types of seq_ops->show()'s
> return value:
> 
>   err > 0: skip the obj and reuse seq_num
>   err < 0: abort the whole iter process
>   err == 0 (implicitly): continue
> 
> but bpf_iter_run_prog() is limited to the last two cases. Extend the
> legal return value of bpf_iter progs so that they can skip certain
> objects and then proceed to the followings.
> 
> Signed-off-by: GONG, Ruiqi <gongruiqi@...weicloud.com>
> ---
>  kernel/bpf/bpf_iter.c | 9 +++++----
>  kernel/bpf/verifier.c | 1 +
>  2 files changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/kernel/bpf/bpf_iter.c b/kernel/bpf/bpf_iter.c
> index 96856f130cbf..1c1d67ec466c 100644
> --- a/kernel/bpf/bpf_iter.c
> +++ b/kernel/bpf/bpf_iter.c
> @@ -716,13 +716,14 @@ int bpf_iter_run_prog(struct bpf_prog *prog, void *ctx)
>  		rcu_read_unlock();
>  	}
>  
> -	/* bpf program can only return 0 or 1:
> -	 *  0 : okay
> -	 *  1 : retry the same object
> +	/* bpf program can return:
> +	 *  0 : has shown the object, go next
> +	 *  1 : has skipped the object, go next
> +	 * -1 : encountered error and should terminate
>  	 * The bpf_iter_run_prog() return value
>  	 * will be seq_ops->show() return value.
>  	 */
> -	return ret == 0 ? 0 : -EAGAIN;
> +	return ret == 0 ? 0 : (ret == 1 ? 1 : -EAGAIN);

This breaks existing progs as you can see in CI
and you surely would have noticed if you run the selftests.

We're going to start auto rejecting patches without selftests and
those that break CI.
It's your job to test your patches.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ