lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZXcd-_lVhoiWBh-4@krava>
Date:   Mon, 11 Dec 2023 15:34:35 +0100
From:   Jiri Olsa <olsajiri@...il.com>
To:     Jiri Olsa <olsajiri@...il.com>
Cc:     Hou Tao <houtao@...weicloud.com>, mhiramat@...nel.org,
        xingwei lee <xrivendell7@...il.com>, ast@...nel.org,
        daniel@...earbox.net, andrii@...nel.org, martin.lau@...ux.dev,
        song@...nel.org, yonghong.song@...ux.dev, john.fastabend@...il.com,
        kpsingh@...nel.org, sdf@...gle.com, haoluo@...gle.com,
        rostedt@...dmis.org, mathieu.desnoyers@...icios.com,
        bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-trace-kernel@...r.kernel.org
Subject: Re: WARNING: kmalloc bug in bpf_uprobe_multi_link_attach

On Mon, Dec 11, 2023 at 02:01:43PM +0100, Jiri Olsa wrote:
> On Mon, Dec 11, 2023 at 07:29:40PM +0800, Hou Tao wrote:
> 
> SNIP
> 
> > 
> > It seems a big attr->link_create.uprobe_multi.cnt is passed to
> > bpf_uprobe_multi_link_attach(). Could you please try the first patch in
> > the following patch set ?
> > 
> > https://lore.kernel.org/bpf/20231211112843.4147157-1-houtao@huaweicloud.com/T/#t
> > > [   68.389633][ T8223]  ? __might_fault+0x13f/0x1a0
> > > [   68.390129][ T8223]  ? bpf_kprobe_multi_link_attach+0x10/0x10
> > 
> > SNIP
> > >   res = syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x20000140ul, /*size=*/0x90ul);
> > >   if (res != -1) r[0] = res;
> > >   memcpy((void*)0x20000000, "./file0\000", 8);
> > >   syscall(__NR_creat, /*file=*/0x20000000ul, /*mode=*/0ul);
> > >   *(uint32_t*)0x20000340 = r[0];
> > >   *(uint32_t*)0x20000344 = 0;
> > >   *(uint32_t*)0x20000348 = 0x30;
> > >   *(uint32_t*)0x2000034c = 0;
> > >   *(uint64_t*)0x20000350 = 0x20000080;
> > >   memcpy((void*)0x20000080, "./file0\000", 8);
> > 
> > 0x20000350 is the address of attr->link_create.uprobe_multi.path.
> > >   *(uint64_t*)0x20000358 = 0x200000c0;
> > >   *(uint64_t*)0x200000c0 = 0;
> > >   *(uint64_t*)0x20000360 = 0;
> > >   *(uint64_t*)0x20000368 = 0;
> > >   *(uint32_t*)0x20000370 = 0xffffff1f;
> > 
> > The value of attr->link_create.uprobe_multi.cnt is 0xffffff1f, so 
> > 0xffffff1f * sizeof(bpf_uprobe) will be greater than INT_MAX, and
> > triggers the warning in mm/util.c:
> > 
> >         /* Don't even allow crazy sizes */
> >         if (unlikely(size > INT_MAX)) {
> >                 WARN_ON_ONCE(!(flags & __GFP_NOWARN));
> >                 return NULL;
> >         }
> > 
> > Adding __GFP_NOWARN when doing kvcalloc() can fix the warning.
> 
> hi,
> looks like that's the case.. thanks for fixing that
> 
> btw while checking on that I found kprobe_multi bench attach test
> takes forever on latest bpf-next/master
> 
> 	test_kprobe_multi_bench_attach:PASS:bpf_program__attach_kprobe_multi_opts 0 nsec
> 	test_kprobe_multi_bench_attach: found 56140 functions
> 	test_kprobe_multi_bench_attach: attached in  89.174s
> 	test_kprobe_multi_bench_attach: detached in  13.245s
> 	#113/1   kprobe_multi_bench_attach/kernel:OK
> 
> Masami,
> any idea of any change on fprobe/ftrace side recently? I'm going to check ;-)

nah sry, I had IBT enabled.. forgot the reason, but it's slow ;-)

jirka

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ