lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 8 Jan 2024 11:05:30 +0100
From: Jiri Olsa <olsajiri@...il.com>
To: Tiezhu Yang <yangtiezhu@...ngson.cn>
Cc: Alexei Starovoitov <ast@...nel.org>,
	Daniel Borkmann <daniel@...earbox.net>,
	Andrii Nakryiko <andrii@...nel.org>,
	Eduard Zingerman <eddyz87@...il.com>, bpf@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf-next v2] bpf: Return -ENOTSUPP if calls are not
 allowed in non-JITed programs

On Thu, Jan 04, 2024 at 09:08:17PM +0800, Tiezhu Yang wrote:
> If CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is 0, there
> exist 6 failed tests.
> 
>   [root@...ux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable
>   [root@...ux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled
>   [root@...ux bpf]# ./test_verifier | grep FAIL
>   #106/p inline simple bpf_loop call FAIL
>   #107/p don't inline bpf_loop call, flags non-zero FAIL
>   #108/p don't inline bpf_loop call, callback non-constant FAIL
>   #109/p bpf_loop_inline and a dead func FAIL
>   #110/p bpf_loop_inline stack locations for loop vars FAIL
>   #111/p inline bpf_loop call in a big program FAIL
>   Summary: 768 PASSED, 15 SKIPPED, 6 FAILED
> 
> The test log shows that callbacks are not allowed in non-JITed programs,
> interpreter doesn't support them yet, thus these tests should be skipped
> if jit is disabled, just return -ENOTSUPP instead of -EINVAL for pseudo
> calls in fixup_call_args().
> 
> With this patch:
> 
>   [root@...ux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable
>   [root@...ux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled
>   [root@...ux bpf]# ./test_verifier | grep FAIL
>   Summary: 768 PASSED, 21 SKIPPED, 0 FAILED
> 
> Additionally, as Eduard suggested, return -ENOTSUPP instead of -EINVAL
> for the other three places where "non-JITed" is used in error messages
> to keep consistent.
> 
> Signed-off-by: Tiezhu Yang <yangtiezhu@...ngson.cn>
> ---
> 
> v2:
>   -- rebase on the latest bpf-next tree.
>   -- return -ENOTSUPP instead of -EINVAL for the other three places
>      where "non-JITed" is used in error messages to keep consistent.
>   -- update the patch subject and commit message.
> 
>  kernel/bpf/verifier.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index d5f4ff1eb235..99558a5186b2 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -8908,7 +8908,7 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env,
>  			goto error;
>  		if (env->subprog_cnt > 1 && !allow_tail_call_in_subprogs(env)) {
>  			verbose(env, "tail_calls are not allowed in non-JITed programs with bpf-to-bpf calls\n");
> -			return -EINVAL;
> +			return -ENOTSUPP;

FWIW I agree with John review earlier [1], also there's chance (however small)
we could mess up with some app already checking on that

jirka

[1] https://lore.kernel.org/bpf/6594a4c15a677_11e86208cd@john.notmuch/

>  		}
>  		break;
>  	case BPF_FUNC_perf_event_read:
> @@ -19069,14 +19069,14 @@ static int fixup_call_args(struct bpf_verifier_env *env)
>  #ifndef CONFIG_BPF_JIT_ALWAYS_ON
>  	if (has_kfunc_call) {
>  		verbose(env, "calling kernel functions are not allowed in non-JITed programs\n");
> -		return -EINVAL;
> +		return -ENOTSUPP;
>  	}
>  	if (env->subprog_cnt > 1 && env->prog->aux->tail_call_reachable) {
>  		/* When JIT fails the progs with bpf2bpf calls and tail_calls
>  		 * have to be rejected, since interpreter doesn't support them yet.
>  		 */
>  		verbose(env, "tail_calls are not allowed in non-JITed programs with bpf-to-bpf calls\n");
> -		return -EINVAL;
> +		return -ENOTSUPP;
>  	}
>  	for (i = 0; i < prog->len; i++, insn++) {
>  		if (bpf_pseudo_func(insn)) {
> @@ -19084,7 +19084,7 @@ static int fixup_call_args(struct bpf_verifier_env *env)
>  			 * have to be rejected, since interpreter doesn't support them yet.
>  			 */
>  			verbose(env, "callbacks are not allowed in non-JITed programs\n");
> -			return -EINVAL;
> +			return -ENOTSUPP;
>  		}
>  
>  		if (!bpf_pseudo_call(insn))
> -- 
> 2.42.0
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ