lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 23 Feb 2024 18:00:51 +0200
From: Eduard Zingerman <eddyz87@...il.com>
To: Benjamin Tissoires <bentiss@...nel.org>, Alexei Starovoitov
 <ast@...nel.org>,  Daniel Borkmann <daniel@...earbox.net>, John Fastabend
 <john.fastabend@...il.com>, Andrii Nakryiko <andrii@...nel.org>, Martin
 KaFai Lau <martin.lau@...ux.dev>, Song Liu <song@...nel.org>, Yonghong Song
 <yonghong.song@...ux.dev>, KP Singh <kpsingh@...nel.org>, Stanislav
 Fomichev <sdf@...gle.com>, Hao Luo <haoluo@...gle.com>, Jiri Olsa
 <jolsa@...nel.org>, Jiri Kosina <jikos@...nel.org>,  Benjamin Tissoires
 <benjamin.tissoires@...hat.com>, Jonathan Corbet <corbet@....net>, Shuah
 Khan <shuah@...nel.org>
Cc: bpf@...r.kernel.org, linux-kernel@...r.kernel.org, 
	linux-input@...r.kernel.org, linux-doc@...r.kernel.org, 
	linux-kselftest@...r.kernel.org
Subject: Re: [PATCH RFC bpf-next v3 08/16] bpf/verifier: do_misc_fixups for
 is_bpf_timer_set_sleepable_cb_kfunc

On Wed, 2024-02-21 at 17:25 +0100, Benjamin Tissoires wrote:
> This is still a WIP, but I think this can be dropped as we never
> get to this instruction. So what should we do here?

As Alexei replied in a separate sub-thread you probably want this
for sleepable timers. Here is full source code block:

        if (insn->imm == BPF_FUNC_timer_set_callback ||
            is_bpf_timer_set_sleepable_cb_kfunc(insn->imm)) {
            ...
            struct bpf_insn ld_addrs[2] = {
                BPF_LD_IMM64(BPF_REG_3, (long)prog->aux),
            };

            insn_buf[0] = ld_addrs[0];
            insn_buf[1] = ld_addrs[1];
            insn_buf[2] = *insn;
            cnt = 3;

            new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt);
            ...
        }

Effectively, it sets up third function call parameter (R3)
for timer_set_callback() to be prog->aux.
E.g. before bpf_patch_insn_data():

   r1 = ... timer ...
   r2 = ... callback address ...
   call timer_set_callback

After bpf_patch_insn_data():

   r1 = ... timer ...
   r2 = ... callback address ...
   r3 = prog->aux ll
   call timer_set_callback

This way it won't be necessary to walk stack in search for ctx.aux
in bpf_timer_set_sleepable_cb().

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ