lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Mar 2018 17:51:55 -0700 From: Alexei Starovoitov <ast@...com> To: Mathieu Desnoyers <mathieu.desnoyers@...icios.com> CC: rostedt <rostedt@...dmis.org>, "David S. Miller" <davem@...emloft.net>, Daniel Borkmann <daniel@...earbox.net>, Linus Torvalds <torvalds@...ux-foundation.org>, Peter Zijlstra <peterz@...radead.org>, netdev <netdev@...r.kernel.org>, kernel-team <kernel-team@...com>, linux-api <linux-api@...r.kernel.org>, Kees Cook <keescook@...omium.org> Subject: Re: [PATCH v6 bpf-next 08/11] bpf: introduce BPF_RAW_TRACEPOINT On 3/27/18 5:44 PM, Mathieu Desnoyers wrote: > ----- On Mar 27, 2018, at 8:00 PM, Alexei Starovoitov ast@...com wrote: > >> On 3/27/18 4:13 PM, Mathieu Desnoyers wrote: >>> ----- On Mar 27, 2018, at 6:48 PM, Alexei Starovoitov ast@...com wrote: >>> >>>> On 3/27/18 2:04 PM, Steven Rostedt wrote: >>>>> >>>>> +#ifdef CONFIG_BPF_EVENTS >>>>> +#define BPF_RAW_TP() . = ALIGN(8); \ >>> >>> Given that the section consists of a 16-bytes structure elements >>> on architectures with 8 bytes pointers, this ". = ALIGN(8)" should >>> be turned into a STRUCT_ALIGN(), especially given that the compiler >>> is free to up-align the structure on 32 bytes. >> >> STRUCT_ALIGN fixed the 'off by 8' issue with kasan, >> but it fails without kasan too. >> For some reason the whole region __start__bpf_raw_tp - __stop__bpf_raw_tp >> comes inited with cccc: >> [ 22.703562] i 1 btp ffffffff8288e530 btp->tp cccccccccccccccc func >> cccccccccccccccc >> [ 22.704638] i 2 btp ffffffff8288e540 btp->tp cccccccccccccccc func >> cccccccccccccccc >> [ 22.705599] i 3 btp ffffffff8288e550 btp->tp cccccccccccccccc func >> cccccccccccccccc >> [ 22.706551] i 4 btp ffffffff8288e560 btp->tp cccccccccccccccc func >> cccccccccccccccc >> [ 22.707503] i 5 btp ffffffff8288e570 btp->tp cccccccccccccccc func >> cccccccccccccccc >> [ 22.708452] i 6 btp ffffffff8288e580 btp->tp cccccccccccccccc func >> cccccccccccccccc >> [ 22.709406] i 7 btp ffffffff8288e590 btp->tp cccccccccccccccc func >> cccccccccccccccc >> [ 22.710368] i 8 btp ffffffff8288e5a0 btp->tp cccccccccccccccc func >> cccccccccccccccc >> >> while gdb shows that everything is good inside vmlinux >> for exactly these addresses. >> Some other linker magic missing? > > No, Steven's iteration code is incorrect. > > +extern struct bpf_raw_event_map __start__bpf_raw_tp; > +extern struct bpf_raw_event_map __stop__bpf_raw_tp; > > That should be: > > extern struct bpf_raw_event_map __start__bpf_raw_tp[]; > extern struct bpf_raw_event_map __stop__bpf_raw_tp[]; > > > + > +struct bpf_raw_event_map *bpf_find_raw_tracepoint(const char *name) > +{ > + const struct bpf_raw_event_map *btp = &__start__bpf_raw_tp; > > const struct bpf_raw_event_map *btp = __start__bpf_raw_tp; > > + int i = 0; > + > + for (; btp < &__stop__bpf_raw_tp; btp++) { > > for (; btp < __stop__bpf_raw_tp; btp++) { > > Those start/stop symbols are given their address by the linker > automatically (this is a GNU linker extension). We don't want > pointers to the symbols, but rather the symbols per se to act > as start/stop addresses. right. that part I fixed first. Turned out it was in init.data section and got poisoned. this fixes it: @@ -258,6 +258,7 @@ LIKELY_PROFILE() \ BRANCH_PROFILE() \ TRACE_PRINTKS() \ + BPF_RAW_TP() \ TRACEPOINT_STR() /* @@ -585,7 +586,6 @@ *(.init.rodata) \ FTRACE_EVENTS() \ TRACE_SYSCALLS() \ - BPF_RAW_TP() \ KPROBE_BLACKLIST() \ ERROR_INJECT_WHITELIST() \ MEM_DISCARD(init.rodata) \ and it works :) I will clean few other nits I found while debugging and respin.
Powered by blists - more mailing lists