lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZnvkxLQBideJH4MB@krava>
Date: Wed, 26 Jun 2024 11:52:04 +0200
From: Jiri Olsa <olsajiri@...il.com>
To: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: Tony Ambardar <tony.ambardar@...il.com>, bpf@...r.kernel.org,
	Alexei Starovoitov <ast@...nel.org>,
	Daniel Borkmann <daniel@...earbox.net>,
	Andrii Nakryiko <andrii@...nel.org>,
	Martin KaFai Lau <martin.lau@...ux.dev>,
	Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>,
	Yonghong Song <yonghong.song@...ux.dev>,
	John Fastabend <john.fastabend@...il.com>,
	KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...gle.com>,
	Hao Luo <haoluo@...gle.com>, Miguel Ojeda <ojeda@...nel.org>,
	kernel test robot <lkp@...el.com>, stable@...r.kernel.org,
	Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf v2 2/2] bpf: Harden __bpf_kfunc tag against linker
 kfunc removal

On Tue, Jun 25, 2024 at 12:46:48PM +0200, Geert Uytterhoeven wrote:
> 	Hi Tony,
> 
> On Mon, 3 Jun 2024, Tony Ambardar wrote:
> > BPF kfuncs are often not directly referenced and may be inadvertently
> > removed by optimization steps during kernel builds, thus the __bpf_kfunc
> > tag mitigates against this removal by including the __used macro. However,
> > this macro alone does not prevent removal during linking, and may still
> > yield build warnings (e.g. on mips64el):
> > 
> >    LD      vmlinux
> >    BTFIDS  vmlinux
> >  WARN: resolve_btfids: unresolved symbol bpf_verify_pkcs7_signature
> >  WARN: resolve_btfids: unresolved symbol bpf_lookup_user_key
> >  WARN: resolve_btfids: unresolved symbol bpf_lookup_system_key
> >  WARN: resolve_btfids: unresolved symbol bpf_key_put
> >  WARN: resolve_btfids: unresolved symbol bpf_iter_task_next
> >  WARN: resolve_btfids: unresolved symbol bpf_iter_css_task_new
> >  WARN: resolve_btfids: unresolved symbol bpf_get_file_xattr
> >  WARN: resolve_btfids: unresolved symbol bpf_ct_insert_entry
> >  WARN: resolve_btfids: unresolved symbol bpf_cgroup_release
> >  WARN: resolve_btfids: unresolved symbol bpf_cgroup_from_id
> >  WARN: resolve_btfids: unresolved symbol bpf_cgroup_acquire
> >  WARN: resolve_btfids: unresolved symbol bpf_arena_free_pages
> >    NM      System.map
> >    SORTTAB vmlinux
> >    OBJCOPY vmlinux.32
> > 
> > Update the __bpf_kfunc tag to better guard against linker optimization by
> > including the new __retain compiler macro, which fixes the warnings above.
> > 
> > Verify the __retain macro with readelf by checking object flags for 'R':
> > 
> >  $ readelf -Wa kernel/trace/bpf_trace.o
> >  Section Headers:
> >    [Nr]  Name              Type     Address  Off  Size ES Flg Lk Inf Al
> >  ...
> >    [178] .text.bpf_key_put PROGBITS 00000000 6420 0050 00 AXR  0   0  8
> >  ...
> >  Key to Flags:
> >  ...
> >    R (retain), D (mbind), p (processor specific)
> > 
> > Link: https://lore.kernel.org/bpf/ZlmGoT9KiYLZd91S@krava/T/
> > Reported-by: kernel test robot <lkp@...el.com>
> > Closes: https://lore.kernel.org/r/202401211357.OCX9yllM-lkp@intel.com/
> > Fixes: 57e7c169cd6a ("bpf: Add __bpf_kfunc tag for marking kernel functions as kfuncs")
> > Cc: stable@...r.kernel.org # v6.6+
> > Signed-off-by: Tony Ambardar <Tony.Ambardar@...il.com>
> 
> Thanks for your patch, which is now commit 7bdcedd5c8fb88e7
> ("bpf: Harden __bpf_kfunc tag against linker kfunc removal") in
> v6.10-rc5.
> 
> This is causing build failures on ARM with
> CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=y:
> 
>     net/core/filter.c:11859:1: error: ‘retain’ attribute ignored [-Werror=attributes]
>     11859 | {
>           | ^
>     net/core/filter.c:11872:1: error: ‘retain’ attribute ignored [-Werror=attributes]
>     11872 | {
>           | ^
>     net/core/filter.c:11885:1: error: ‘retain’ attribute ignored [-Werror=attributes]
>     11885 | {
>           | ^
>     net/core/filter.c:11906:1: error: ‘retain’ attribute ignored [-Werror=attributes]
>     11906 | {
>           | ^
>     net/core/filter.c:12092:1: error: ‘retain’ attribute ignored [-Werror=attributes]
>     12092 | {
>           | ^
>     net/core/xdp.c:713:1: error: ‘retain’ attribute ignored [-Werror=attributes]
>       713 | {
>           | ^
>     net/core/xdp.c:736:1: error: ‘retain’ attribute ignored [-Werror=attributes]
>       736 | {
>           | ^
>     net/core/xdp.c:769:1: error: ‘retain’ attribute ignored [-Werror=attributes]
>       769 | {
>           | ^
>     [...]
> 
> My compiler is arm-linux-gnueabihf-gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04).

hum, so it'd mean __has_attribute(__retain__) returns true while gcc still
ignores the retain attribute.. like in this bug which seems similar:
  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99587
but not sure how it got fixed.. any chance you can upgrade gcc and retest?

jirka

> 
> > --- a/include/linux/btf.h
> > +++ b/include/linux/btf.h
> > @@ -82,7 +82,7 @@
> >  * as to avoid issues such as the compiler inlining or eliding either a static
> >  * kfunc, or a global kfunc in an LTO build.
> >  */
> > -#define __bpf_kfunc __used noinline
> > +#define __bpf_kfunc __used __retain noinline
> > 
> > #define __bpf_kfunc_start_defs()					       \
> > 	__diag_push();							       \
> 
> Gr{oetje,eeting}s,
> 
> 						Geert
> 
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org
> 
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
> 							    -- Linus Torvalds


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ