lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 8 Mar 2024 13:04:53 -0800
From: Calvin Owens <jcalvinowens@...il.com>
To: Christophe Leroy <christophe.leroy@...roup.eu>
Cc: Luis Chamberlain <mcgrof@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Alexei Starovoitov <ast@...nel.org>,
	Steven Rostedt <rostedt@...dmis.org>,
	Daniel Borkmann <daniel@...earbox.net>,
	Andrii Nakryiko <andrii@...nel.org>,
	Masami Hiramatsu <mhiramat@...nel.org>,
	Naveen N Rao <naveen.n.rao@...ux.ibm.com>,
	Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>,
	David S Miller <davem@...emloft.net>,
	Thomas Gleixner <tglx@...utronix.de>,
	"bpf@...r.kernel.org" <bpf@...r.kernel.org>,
	"linux-modules@...r.kernel.org" <linux-modules@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [RFC][PATCH 2/4] bpf: Allow BPF_JIT with CONFIG_MODULES=n

On Thursday 03/07 at 22:09 +0000, Christophe Leroy wrote:
> 
> 
> Le 06/03/2024 à 21:05, Calvin Owens a écrit :
> > [Vous ne recevez pas souvent de courriers de jcalvinowens@...il.com. Découvrez pourquoi ceci est important à https://aka.ms/LearnAboutSenderIdentification ]
> > 
> > No BPF code has to change, except in struct_ops (for module refs).
> > 
> > This conflicts with bpf-next because of this (relevant) series:
> > 
> >      https://lore.kernel.org/all/20240119225005.668602-1-thinker.li@gmail.com/
> > 
> > If something like this is merged down the road, it can go through
> > bpf-next at leisure once the module_alloc change is in: it's a one-way
> > dependency.
> > 
> > Signed-off-by: Calvin Owens <jcalvinowens@...il.com>
> > ---
> >   kernel/bpf/Kconfig          |  2 +-
> >   kernel/bpf/bpf_struct_ops.c | 28 ++++++++++++++++++++++++----
> >   2 files changed, 25 insertions(+), 5 deletions(-)
> > 
> > diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig
> > index 6a906ff93006..77df483a8925 100644
> > --- a/kernel/bpf/Kconfig
> > +++ b/kernel/bpf/Kconfig
> > @@ -42,7 +42,7 @@ config BPF_JIT
> >          bool "Enable BPF Just In Time compiler"
> >          depends on BPF
> >          depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT
> > -       depends on MODULES
> > +       select MODULE_ALLOC
> >          help
> >            BPF programs are normally handled by a BPF interpreter. This option
> >            allows the kernel to generate native code when a program is loaded
> > diff --git a/kernel/bpf/bpf_struct_ops.c b/kernel/bpf/bpf_struct_ops.c
> > index 02068bd0e4d9..fbf08a1bb00c 100644
> > --- a/kernel/bpf/bpf_struct_ops.c
> > +++ b/kernel/bpf/bpf_struct_ops.c
> > @@ -108,11 +108,30 @@ const struct bpf_prog_ops bpf_struct_ops_prog_ops = {
> >   #endif
> >   };
> > 
> > +#if IS_ENABLED(CONFIG_MODULES)
> 
> Can you avoid ifdefs as much as possible ?

Similar to the other one, this was just a misguided attempt to avoid
triggering -Wunused, I'll clean it up.

This particular patch will look very different when rebased on bpf-next.

> >   static const struct btf_type *module_type;
> > 
> > +static int bpf_struct_module_type_init(struct btf *btf)
> > +{
> > +       s32 module_id;
> 
> Could be:
> 
> 	if (!IS_ENABLED(CONFIG_MODULES))
> 		return 0;
> 
> > +
> > +       module_id = btf_find_by_name_kind(btf, "module", BTF_KIND_STRUCT);
> > +       if (module_id < 0)
> > +               return 1;
> > +
> > +       module_type = btf_type_by_id(btf, module_id);
> > +       return 0;
> > +}
> > +#else
> > +static int bpf_struct_module_type_init(struct btf *btf)
> > +{
> > +       return 0;
> > +}
> > +#endif
> > +
> >   void bpf_struct_ops_init(struct btf *btf, struct bpf_verifier_log *log)
> >   {
> > -       s32 type_id, value_id, module_id;
> > +       s32 type_id, value_id;
> >          const struct btf_member *member;
> >          struct bpf_struct_ops *st_ops;
> >          const struct btf_type *t;
> > @@ -125,12 +144,10 @@ void bpf_struct_ops_init(struct btf *btf, struct bpf_verifier_log *log)
> >   #include "bpf_struct_ops_types.h"
> >   #undef BPF_STRUCT_OPS_TYPE
> > 
> > -       module_id = btf_find_by_name_kind(btf, "module", BTF_KIND_STRUCT);
> > -       if (module_id < 0) {
> > +       if (bpf_struct_module_type_init(btf)) {
> >                  pr_warn("Cannot find struct module in btf_vmlinux\n");
> >                  return;
> >          }
> > -       module_type = btf_type_by_id(btf, module_id);
> > 
> >          for (i = 0; i < ARRAY_SIZE(bpf_struct_ops); i++) {
> >                  st_ops = bpf_struct_ops[i];
> > @@ -433,12 +450,15 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key,
> > 
> >                  moff = __btf_member_bit_offset(t, member) / 8;
> >                  ptype = btf_type_resolve_ptr(btf_vmlinux, member->type, NULL);
> > +
> > +#if IS_ENABLED(CONFIG_MODULES)
> 
> Can't see anything depending on CONFIG_MODULES here, can you instead do:
> 
> 		if (IS_ENABLED(CONFIG_MODULES) && ptype == module_type) {
> 
> >                  if (ptype == module_type) {
> >                          if (*(void **)(udata + moff))
> >                                  goto reset_unlock;
> >                          *(void **)(kdata + moff) = BPF_MODULE_OWNER;
> >                          continue;
> >                  }
> > +#endif
> > 
> >                  err = st_ops->init_member(t, member, kdata, udata);
> >                  if (err < 0)
> > --
> > 2.43.0
> > 
> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ