| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c7241cc9-2b20-4f32-8ae2-93f40d12fc85@linux.dev> Date: Fri, 25 Jul 2025 09:05:31 -0700 From: Yonghong Song <yonghong.song@...ux.dev> To: Sami Tolvanen <samitolvanen@...gle.com>, bpf@...r.kernel.org Cc: Vadim Fedorenko <vadim.fedorenko@...ux.dev>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>, Song Liu <song@...nel.org>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Jamal Hadi Salim <jhs@...atatu.com>, Cong Wang <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us>, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH bpf-next 0/4] Use correct destructor kfunc types On 7/24/25 3:32 PM, Sami Tolvanen wrote: > Hi folks, > > While running BPF self-tests with CONFIG_CFI_CLANG (Clang Control > Flow Integrity) enabled, I ran into a couple of CFI failures > in bpf_obj_free_fields() caused by type mismatches between > the btf_dtor_kfunc_t function pointer type and the registered > destructor functions. > > It looks like we can't change the argument type for these > functions to match btf_dtor_kfunc_t because the verifier doesn't > like void pointer arguments for functions used in BPF programs, > so this series fixes the issue by adding stubs with correct types > to use as destructors for each instance of this I found in the > kernel tree. > > The last patch changes btf_check_dtor_kfuncs() to enforce the > function type when CFI is enabled, so we don't end up registering > destructors that panic the kernel. Perhaps this is something we > could enforce even without CONFIG_CFI_CLANG? I tried your patch set on top of latest bpf-next. The problem still exists with the following error: [ 71.976265] CFI failure at bpf_obj_free_fields+0x298/0x620 (target: __bpf_crypto_ctx_release+0x0/0x10; expected type: 0xc1113566) [ 71.980134] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI ... The following is the CFI related config items: $ grep CFI .config CONFIG_CFI_AUTO_DEFAULT=y CONFIG_FUNCTION_PADDING_CFI=11 CONFIG_ARCH_SUPPORTS_CFI_CLANG=y CONFIG_ARCH_USES_CFI_TRAPS=y CONFIG_CFI_CLANG=y # CONFIG_CFI_ICALL_NORMALIZE_INTEGERS is not set CONFIG_HAVE_CFI_ICALL_NORMALIZE_INTEGERS_CLANG=y CONFIG_HAVE_CFI_ICALL_NORMALIZE_INTEGERS_RUSTC=y # CONFIG_CFI_PERMISSIVE is not set Did I miss anything? > > Sami > > --- > > Sami Tolvanen (4): > bpf: crypto: Use the correct destructor kfunc type > bpf: net_sched: Use the correct destructor kfunc type > selftests/bpf: Use the correct destructor kfunc type > bpf, btf: Enforce destructor kfunc type with CFI > > kernel/bpf/btf.c | 7 +++++++ > kernel/bpf/crypto.c | 7 ++++++- > net/sched/bpf_qdisc.c | 7 ++++++- > tools/testing/selftests/bpf/test_kmods/bpf_testmod.c | 7 ++++++- > 4 files changed, 25 insertions(+), 3 deletions(-) > > > base-commit: 95993dc3039e29dabb9a50d074145d4cb757b08b
Powered by blists - more mailing lists