lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250223062735.3341-1-laoar.shao@gmail.com>
Date: Sun, 23 Feb 2025 14:27:32 +0800
From: Yafang Shao <laoar.shao@...il.com>
To: ast@...nel.org,
	daniel@...earbox.net,
	andrii@...nel.org,
	martin.lau@...ux.dev,
	eddyz87@...il.com,
	song@...nel.org,
	yonghong.song@...ux.dev,
	john.fastabend@...il.com,
	kpsingh@...nel.org,
	sdf@...ichev.me,
	haoluo@...gle.com,
	jolsa@...nel.org,
	jpoimboe@...nel.org,
	peterz@...radead.org
Cc: bpf@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Yafang Shao <laoar.shao@...il.com>
Subject: [PATCH v2 bpf-next 0/3] bpf: Reject attaching fexit to __noreturn functions

Attaching fexit probes to functions marked with __noreturn may lead to
unpredictable behavior. To avoid this, we will reject attaching probes to
such functions. Currently, there is no ideal solution, so we will hardcode
a check for all __noreturn functions. Since objtool already handles
this, we will leverage its implementation.

Once a more robust solution is found, this workaround can be removed.

v1->v2:
- keep tools/objtool/noreturns.h as is (Josh)
- Add noreturns.h to objtool/sync-check.sh (Josh)
- Add verbose for the reject and simplify the test case (Song)

v1: https://lore.kernel.org/bpf/20250211023359.1570-1-laoar.shao@gmail.com/

Yafang Shao (3):
  objtool: Copy noreturns.h to include/linux
  bpf: Reject attaching fexit to functions annotated with __noreturn
  selftests/bpf: Add selftest for attaching fexit to __noreturn
    functions

 include/linux/noreturns.h                     | 52 +++++++++++++++++++
 kernel/bpf/verifier.c                         | 11 ++++
 tools/objtool/Documentation/objtool.txt       |  3 +-
 tools/objtool/sync-check.sh                   |  2 +
 .../bpf/prog_tests/fexit_noreturns.c          |  9 ++++
 .../selftests/bpf/progs/fexit_noreturns.c     | 15 ++++++
 6 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 include/linux/noreturns.h
 create mode 100644 tools/testing/selftests/bpf/prog_tests/fexit_noreturns.c
 create mode 100644 tools/testing/selftests/bpf/progs/fexit_noreturns.c

-- 
2.43.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ