lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4cabeaa5-0a6f-4be0-89c8-b7d0552b0dd0@oracle.com>
Date: Wed, 30 Apr 2025 18:57:14 +0100
From: Alan Maguire <alan.maguire@...cle.com>
To: Tao Chen <chen.dylane@...ux.dev>, ast@...nel.org, daniel@...earbox.net,
        john.fastabend@...il.com, andrii@...nel.org, martin.lau@...ux.dev,
        eddyz87@...il.com, song@...nel.org, yonghong.song@...ux.dev,
        kpsingh@...nel.org, sdf@...ichev.me, haoluo@...gle.com,
        jolsa@...nel.org
Cc: bpf@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH bpf-next 2/2] bpf: Get fentry func addr from user when
 BTF info invalid

On 30/04/2025 17:46, Tao Chen wrote:
> If kernel function optimized by the compiler, the function name in
> kallsyms will have suffix like ".isra.0" or others. And fentry uses
> function name from BTF to find the function address in kallsyms, in this
> situation, it will fail due to the inconsistency of function names.
> If so, try to use the function address passed from the user.
> 
> Signed-off-by: Tao Chen <chen.dylane@...ux.dev>
> ---
>  include/linux/bpf.h      | 1 +
>  include/uapi/linux/bpf.h | 1 +
>  kernel/bpf/syscall.c     | 1 +
>  kernel/bpf/verifier.c    | 9 +++++++++
>  4 files changed, 12 insertions(+)
> 
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index 3f0cc89c06..fd53d1817f 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -1626,6 +1626,7 @@ struct bpf_prog_aux {
>  		struct work_struct work;
>  		struct rcu_head	rcu;
>  	};
> +	u64 fentry_func;
>  };
>  
>  struct bpf_prog {
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index 07ee73cdf9..7016e47a70 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -1577,6 +1577,7 @@ union bpf_attr {
>  		 * If provided, prog_flags should have BPF_F_TOKEN_FD flag set.
>  		 */
>  		__s32		prog_token_fd;
> +		__aligned_u64	fentry_func;

since it can be used for fentry/fexit (I think from below?) might be
clearer to call it attach_func_addr or similar.

>  		/* The fd_array_cnt can be used to pass the length of the
>  		 * fd_array array. In this case all the [map] file descriptors
>  		 * passed in this array will be bound to the program, even if
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index 9794446bc8..6c1e3572cc 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -2892,6 +2892,7 @@ static int bpf_prog_load(union bpf_attr *attr, bpfptr_t uattr, u32 uattr_size)
>  	prog->sleepable = !!(attr->prog_flags & BPF_F_SLEEPABLE);
>  	prog->aux->attach_btf = attach_btf;
>  	prog->aux->attach_btf_id = attr->attach_btf_id;
> +	prog->aux->fentry_func = attr->fentry_func;
>  	prog->aux->dst_prog = dst_prog;
>  	prog->aux->dev_bound = !!attr->prog_ifindex;
>  	prog->aux->xdp_has_frags = attr->prog_flags & BPF_F_XDP_HAS_FRAGS;
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 54c6953a8b..507c281ddc 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -23304,6 +23304,15 @@ int bpf_check_attach_target(struct bpf_verifier_log *log,
>  			} else {
>  				addr = kallsyms_lookup_name(tname);
>  			}
> +
> +			if (!addr && (prog->expected_attach_type == BPF_TRACE_FENTRY ||
> +					prog->expected_attach_type == BPF_TRACE_FEXIT)) {
> +				fname = kallsyms_lookup((unsigned long)prog->aux->fentry_func,
> +							NULL, NULL, NULL, trace_symbol);
> +				if (fname)
> +					addr = (long)prog->aux->fentry_func;


We should do some validation that the fname we get back matches the BTF
func name prefix (fname "foo.isra.0" matches "foo") I think?

> +			}
> +
>  			if (!addr) {
>  				module_put(mod);
>  				bpf_log(log,


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ