| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAADnVQL6yyRRUc1Xee4HOQ0QXEiqQ7M-xJ109w9aztYH4ZWHmA@mail.gmail.com>
Date: Thu, 28 Nov 2024 10:22:42 -0800
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Marco Elver <elver@...gle.com>
Cc: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>,
Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>,
Yonghong Song <yonghong.song@...ux.dev>, John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>,
Jiri Olsa <jolsa@...nel.org>, Nikola Grcevski <nikola.grcevski@...fana.com>,
bpf <bpf@...r.kernel.org>,
linux-trace-kernel <linux-trace-kernel@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH bpf-next v3 2/2] bpf: Refactor bpf_tracing_func_proto()
and remove bpf_get_probe_write_proto()
On Wed, Nov 27, 2024 at 6:10 AM Marco Elver <elver@...gle.com> wrote:
>
> With bpf_get_probe_write_proto() no longer printing a message, we can
> avoid it being a special case with its own permission check.
>
> Refactor bpf_tracing_func_proto() similar to bpf_base_func_proto() to
> have a section conditional on bpf_token_capable(CAP_SYS_ADMIN), where
> the proto for bpf_probe_write_user() is returned. Finally, remove the
> unnecessary bpf_get_probe_write_proto().
>
> This simplifies the code, and adding additional CAP_SYS_ADMIN-only
> helpers in future avoids duplicating the same CAP_SYS_ADMIN check.
>
> Suggested-by: Andrii Nakryiko <andrii@...nel.org>
> Signed-off-by: Marco Elver <elver@...gle.com>
> Acked-by: Jiri Olsa <jolsa@...nel.org>
> ---
> v3:
> * Fix where bpf_base_func_proto() is called - it needs to be last,
> because we may override protos (as is e.g. done for
> BPF_FUNC_get_smp_processor_id).
>
> v2:
> * New patch.
> ---
> kernel/trace/bpf_trace.c | 25 +++++++++++++------------
> 1 file changed, 13 insertions(+), 12 deletions(-)
>
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index 0ab56af2e298..9b1d1fa4c06c 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -357,14 +357,6 @@ static const struct bpf_func_proto bpf_probe_write_user_proto = {
> .arg3_type = ARG_CONST_SIZE,
> };
>
> -static const struct bpf_func_proto *bpf_get_probe_write_proto(void)
> -{
> - if (!capable(CAP_SYS_ADMIN))
> - return NULL;
> -
> - return &bpf_probe_write_user_proto;
> -}
> -
> #define MAX_TRACE_PRINTK_VARARGS 3
> #define BPF_TRACE_PRINTK_SIZE 1024
>
> @@ -1458,9 +1450,6 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> return &bpf_perf_event_read_proto;
> case BPF_FUNC_get_prandom_u32:
> return &bpf_get_prandom_u32_proto;
> - case BPF_FUNC_probe_write_user:
> - return security_locked_down(LOCKDOWN_BPF_WRITE_USER) < 0 ?
> - NULL : bpf_get_probe_write_proto();
> case BPF_FUNC_probe_read_user:
> return &bpf_probe_read_user_proto;
> case BPF_FUNC_probe_read_kernel:
> @@ -1539,8 +1528,20 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> case BPF_FUNC_trace_vprintk:
> return bpf_get_trace_vprintk_proto();
> default:
> - return bpf_base_func_proto(func_id, prog);
> + break;
> }
> +
> + if (bpf_token_capable(prog->aux->token, CAP_SYS_ADMIN)) {
> + switch (func_id) {
> + case BPF_FUNC_probe_write_user:
> + return security_locked_down(LOCKDOWN_BPF_WRITE_USER) < 0 ?
> + NULL : &bpf_probe_write_user_proto;
> + default:
> + break;
> + }
> + }
> +
> + return bpf_base_func_proto(func_id, prog);
Moving bpf_base_func_proto() all the way to the top was incorrect,
but here we can move it just above this bpf_token_capable() check
and remove extra indent like:
func_proto = bpf_base_func_proto();
if (func_proto)
return func_proto;
if (!bpf_token_capable(prog->aux->token, CAP_SYS_ADMIN))
return NULL;
switch (func_id) {
case BPF_FUNC_probe_write_user:
that will align it with the style of bpf_base_func_proto().
pw-bot: cr
Powered by blists - more mailing lists