| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7540678e9a46c13f680f2aacab28bb88446583f5.1744169424.git.dxu@dxuuu.xyz>
Date: Tue, 8 Apr 2025 21:34:05 -0600
From: Daniel Xu <dxu@...uu.xyz>
To: andrii@...nel.org,
ast@...nel.org,
daniel@...earbox.net
Cc: john.fastabend@...il.com,
martin.lau@...ux.dev,
eddyz87@...il.com,
song@...nel.org,
yonghong.song@...ux.dev,
kpsingh@...nel.org,
sdf@...ichev.me,
haoluo@...gle.com,
jolsa@...nel.org,
bpf@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [RFC bpf-next 10/13] bpf: verifier: Add indirection to kallsyms_lookup_name()
kallsyms_lookup_name() cannot be exported from the kernel for policy
reasons, so add this layer of indirection to allow the verifier to still
do kfunc and global variable relocations.
Signed-off-by: Daniel Xu <dxu@...uu.xyz>
---
include/linux/bpf.h | 2 ++
kernel/bpf/core.c | 14 ++++++++++++++
kernel/bpf/verifier.c | 13 +++++--------
3 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 44133727820d..a5806a7b31d3 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -2797,6 +2797,8 @@ static inline int kfunc_desc_cmp_by_id_off(const void *a, const void *b)
}
const struct bpf_kfunc_desc *
find_kfunc_desc(const struct bpf_prog *prog, u32 func_id, u16 offset);
+unsigned long bpf_lookup_type_addr(struct btf *btf, const struct btf_type *func,
+ const char **name);
int bpf_get_kfunc_addr(const struct bpf_prog *prog, u32 func_id,
u16 btf_fd_idx, u8 **func_addr);
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index e892e469061e..13301a668fe0 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -1639,6 +1639,20 @@ find_kfunc_desc(const struct bpf_prog *prog, u32 func_id, u16 offset)
}
EXPORT_SYMBOL_GPL(find_kfunc_desc);
+unsigned long bpf_lookup_type_addr(struct btf *btf, const struct btf_type *t,
+ const char **name)
+{
+ unsigned long addr;
+
+ *name = btf_name_by_offset(btf, t->name_off);
+ addr = kallsyms_lookup_name(*name);
+ if (!addr)
+ return -ENOENT;
+
+ return addr;
+}
+EXPORT_SYMBOL_GPL(bpf_lookup_type_addr);
+
int bpf_get_kfunc_addr(const struct bpf_prog *prog, u32 func_id,
u16 btf_fd_idx, u8 **func_addr)
{
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 7e84df2abe41..080cc380e806 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3131,11 +3131,9 @@ static int add_kfunc_call(struct bpf_verifier_env *env, u32 func_id, s16 offset)
return -EINVAL;
}
- func_name = btf_name_by_offset(desc_btf, func->name_off);
- addr = kallsyms_lookup_name(func_name);
- if (!addr) {
- verbose(env, "cannot find address for kernel function %s\n",
- func_name);
+ addr = bpf_lookup_type_addr(desc_btf, func, &func_name);
+ if (addr < 0) {
+ verbose(env, "cannot find address for kernel function %s\n", func_name);
return -EINVAL;
}
specialize_kfunc(env, func_id, offset, &addr);
@@ -19707,9 +19705,8 @@ static int __check_pseudo_btf_id(struct bpf_verifier_env *env,
return -EINVAL;
}
- sym_name = btf_name_by_offset(btf, t->name_off);
- addr = kallsyms_lookup_name(sym_name);
- if (!addr) {
+ addr = bpf_lookup_type_addr(btf, t, &sym_name);
+ if (addr < 0) {
verbose(env, "ldimm64 failed to find the address for kernel symbol '%s'.\n",
sym_name);
return -ENOENT;
--
2.47.1
Powered by blists - more mailing lists