lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <A8A5C206-CEAA-472B-A2BE-99D3E8940159@fb.com>
Date: Thu, 19 Dec 2024 06:59:44 +0000
From: Song Liu <songliubraving@...a.com>
To: Alexei Starovoitov <alexei.starovoitov@...il.com>
CC: Song Liu <songliubraving@...a.com>, Song Liu <song@...nel.org>,
        bpf
	<bpf@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>,
        LSM List
	<linux-security-module@...r.kernel.org>,
        Kernel Team <kernel-team@...a.com>,
        Andrii Nakryiko <andrii@...nel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau
	<martin.lau@...ux.dev>,
        KP Singh <kpsingh@...nel.org>,
        Matt Bobrowski
	<mattbobrowski@...gle.com>,
        Paul Moore <paul@...l-moore.com>, James Morris
	<jmorris@...ei.org>,
        "Serge E . Hallyn" <serge@...lyn.com>,
        Kumar Kartikeya
 Dwivedi <memxor@...il.com>
Subject: Re: [PATCH v5 bpf-next 4/5] bpf: fs/xattr: Add BPF kfuncs to set and
 remove xattrs


> On Dec 18, 2024, at 4:17 PM, Alexei Starovoitov <alexei.starovoitov@...il.com> wrote:

[...]

>>> This part is not necessary.
>>> _locked() shouldn't be exposed and it should be an error
>>> if bpf prog attempts to use invalid kfunc.
>> 
>> I was implementing this in different way than the solution you and Kumar
>> suggested. Instead of updating this in add_kfunc_call, check_kfunc_call,
>> and fixup_kfunc_call, remap_kfunc_locked_func_id happens before
>> add_kfunc_call. Then, for the rest of the process, the verifier handles
>> _locked version and not _locked version as two different kfuncs. This is
>> why we need the _locked version in bpf_fs_kfunc_set_ids. I personally
>> think this approach is a lot cleaner.
> 
> I see. Blind rewrite in add_kfunc_call() looks simpler,
> but allowing progs call _locked() version directly is not clean.

Agreed. 

> 
> See specialize_kfunc() as an existing approach that does polymorphism.
> 
> _locked() doesn't need to be __bpf_kfunc annotated.
> It can be just like bpf_dynptr_from_skb_rdonly.

I am thinking about a more modular approach. Instead of pushing the
polymorphism logic to verifer.c, we can have each btf_kfunc_id_set 
handle the remap of its kfuncs. Specifically, we can extend 
btf_kfunc_id_set as:

typedef u32 (*btf_kfunc_remap_t)(const struct bpf_prog *prog, u32 kfunc_id);

struct btf_kfunc_id_set {
        struct module *owner;
        struct btf_id_set8 *set;
        /* hidden_set contains kfuncs that are not marked as kfunc in
         * vmlinux.h. These kfuncs are usually a variation of a kfunc
         * in @set.
         */
        struct btf_id_set8 *hidden_set;
        btf_kfunc_filter_t filter;
        /* @remap method matches kfuncs in @set to proper version in
         * @hidden_set.
         */
        btf_kfunc_remap_t remap;
};

In this case, not_locked version of kfuncs will be added to @set;
while _locked kfuncs will be added to @hidden_set. @hidden_set 
will not be exposed in vmlinux.h. Then the new remap method is 
used to map not_locked kfuncs to _locked kfuncs for inode-locked 
context. 

We can also move bpf_dynptr_from_skb_rdonly to this model, and 
simplify specialize_kfunc(). 

I will send patch for this version for review. 

Thanks,
Song

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ