| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jul 2023 10:56:00 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Anton Protopopov <aspsk@...valent.com>
Cc: Martin KaFai Lau <martin.lau@...ux.dev>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...gle.com>,
Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
Mykola Lysenko <mykolal@...com>, Shuah Khan <shuah@...nel.org>,
Hou Tao <houtao1@...wei.com>, Joe Stringer <joe@...valent.com>,
bpf <bpf@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>
Subject: Re: [PATCH bpf-next 1/3] bpf: consider CONST_PTR_TO_MAP as trusted
pointer to struct bpf_map
On Fri, Jul 14, 2023 at 7:20 AM Anton Protopopov <aspsk@...valent.com> wrote:
>
> Patch verifier to regard values of type CONST_PTR_TO_MAP as trusted
> pointers to struct bpf_map. This allows kfuncs to work with `struct
> bpf_map *` arguments.
>
> Save some bytes by defining btf_bpf_map_id as BTF_ID_LIST_GLOBAL_SINGLE
> (which is u32[1]), not as BTF_ID_LIST (which is u32[64]).
>
> Signed-off-by: Anton Protopopov <aspsk@...valent.com>
> ---
> include/linux/btf_ids.h | 1 +
> kernel/bpf/map_iter.c | 3 +--
> kernel/bpf/verifier.c | 5 ++++-
> 3 files changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/btf_ids.h b/include/linux/btf_ids.h
> index 00950cc03bff..a3462a9b8e18 100644
> --- a/include/linux/btf_ids.h
> +++ b/include/linux/btf_ids.h
> @@ -267,5 +267,6 @@ MAX_BTF_TRACING_TYPE,
> extern u32 btf_tracing_ids[];
> extern u32 bpf_cgroup_btf_id[];
> extern u32 bpf_local_storage_map_btf_id[];
> +extern u32 btf_bpf_map_id[];
>
> #endif
> diff --git a/kernel/bpf/map_iter.c b/kernel/bpf/map_iter.c
> index d06d3b7150e5..b67996147895 100644
> --- a/kernel/bpf/map_iter.c
> +++ b/kernel/bpf/map_iter.c
> @@ -78,8 +78,7 @@ static const struct seq_operations bpf_map_seq_ops = {
> .show = bpf_map_seq_show,
> };
>
> -BTF_ID_LIST(btf_bpf_map_id)
> -BTF_ID(struct, bpf_map)
> +BTF_ID_LIST_GLOBAL_SINGLE(btf_bpf_map_id, struct, bpf_map)
>
> static const struct bpf_iter_seq_info bpf_map_seq_info = {
> .seq_ops = &bpf_map_seq_ops,
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 0b9da95331d7..5663f97ef292 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -5419,6 +5419,9 @@ static bool is_trusted_reg(const struct bpf_reg_state *reg)
> if (reg->ref_obj_id)
> return true;
>
> + if (reg->type == CONST_PTR_TO_MAP)
> + return true;
> +
Overall it looks great.
Instead of above, how about the following instead:
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 0b9da95331d7..cd08167dc347 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -10775,7 +10775,7 @@ static int check_kfunc_args(struct
bpf_verifier_env *env, struct bpf_kfunc_call_
if (!is_kfunc_trusted_args(meta) && !is_kfunc_rcu(meta))
break;
- if (!is_trusted_reg(reg)) {
+ if (!is_trusted_reg(reg) &&
!reg2btf_ids[base_type(reg->type)]) {
This way we won't need to list every convertible type in is_trusted_reg.
I'm a bit hesitant to put reg2btf_ids[] check directly into is_trusted_reg().
Maybe it's ok, but it needs more analysis.
Powered by blists - more mailing lists