| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5d7d1ff3-14cd-4c18-a180-3c99e784bbeb@linux.dev> Date: Fri, 25 Jul 2025 16:42:29 -0700 From: Yonghong Song <yonghong.song@...ux.dev> To: Sami Tolvanen <samitolvanen@...gle.com>, bpf@...r.kernel.org Cc: Vadim Fedorenko <vadim.fedorenko@...ux.dev>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Jamal Hadi Salim <jhs@...atatu.com>, Cong Wang <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH bpf-next v2 0/4] Use correct destructor kfunc types On 7/25/25 2:44 PM, Sami Tolvanen wrote: > Hi folks, > > While running BPF self-tests with CONFIG_CFI_CLANG (Clang Control > Flow Integrity) enabled, I ran into a couple of CFI failures > in bpf_obj_free_fields() caused by type mismatches between > the btf_dtor_kfunc_t function pointer type and the registered > destructor functions. > > It looks like we can't change the argument type for these > functions to match btf_dtor_kfunc_t because the verifier doesn't > like void pointer arguments for functions used in BPF programs, > so this series fixes the issue by adding stubs with correct types > to use as destructors for each instance of this I found in the > kernel tree. > > The last patch changes btf_check_dtor_kfuncs() to enforce the > function type when CFI is enabled, so we don't end up registering > destructors that panic the kernel. Perhaps this is something we > could enforce even without CONFIG_CFI_CLANG? > > Sami > > --- > v2: > - Annotated the stubs with CFI_NOSEAL to fix issues with IBT > sealing on x86. > - Changed __bpf_kfunc to explicit __used __retain. > > v1: https://lore.kernel.org/bpf/20250724223225.1481960-6-samitolvanen@google.com/ > > --- > Sami Tolvanen (4): > bpf: crypto: Use the correct destructor kfunc type > bpf: net_sched: Use the correct destructor kfunc type > selftests/bpf: Use the correct destructor kfunc type > bpf, btf: Enforce destructor kfunc type with CFI > > kernel/bpf/btf.c | 7 +++++++ > kernel/bpf/crypto.c | 9 ++++++++- > net/sched/bpf_qdisc.c | 9 ++++++++- > tools/testing/selftests/bpf/test_kmods/bpf_testmod.c | 9 ++++++++- > 4 files changed, 31 insertions(+), 3 deletions(-) > > > base-commit: 95993dc3039e29dabb9a50d074145d4cb757b08b With this patch set and no CONFIG_CFI_CLANG in .config, the bpf selftests work okay. In bpf ci, CONFIG_CFI_CLANG is not enabled. But if enabling CONFIG_CFI_CLANG, this patch set fixed ./test_progs run issue, but there are some test failures like === test_get_linfo:FAIL:check jited_linfo[1]:ffffffffa000d581 - ffffffffa000d558 > 39 processed 4 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 #32/186 btf/line_info (No subprog):FAIL test_get_linfo:FAIL:check jited_linfo[1]:ffffffffa000dee5 - ffffffffa000debc > 39 processed 4 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 #32/189 btf/line_info (No subprog. zero tailing line_info:FAIL ... test_get_linfo:FAIL:check jited_linfo[1]:ffffffffa000e069 - ffffffffa000e040 > 38 processed 9 insns (limit 1000000) max_states_per_insn 0 total_states 1 peak_states 1 mark_read 0 #32/202 btf/line_info (dead subprog + dead start w/ move):FAIL #32 btf:FAIL === The failure probably not related to this patch, but rather related to CONFIG_CFI_CLANG itself. I will debug this separately.
Powered by blists - more mailing lists