| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3FB6EC86-700C-4C80-A467-55B6753B07FE@fb.com>
Date: Wed, 19 Sep 2018 23:44:19 +0000
From: Song Liu <songliubraving@...com>
To: Alexei Starovoitov <ast@...nel.org>
CC: "David S . Miller" <davem@...emloft.net>,
"daniel@...earbox.net" <daniel@...earbox.net>,
"peterz@...radead.org" <peterz@...radead.org>,
"acme@...nel.org" <acme@...nel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
Kernel Team <Kernel-team@...com>
Subject: Re: [PATCH bpf-next 2/3] bpf: emit RECORD_MMAP events for bpf prog
load/unload
> On Sep 19, 2018, at 3:39 PM, Alexei Starovoitov <ast@...nel.org> wrote:
>
> use perf_event_mmap_bpf_prog() helper to notify user space
> about JITed bpf programs.
> Use RECORD_MMAP perf event to tell user space where JITed bpf program was loaded.
> Use empty program name as unload indication.
>
> Signed-off-by: Alexei Starovoitov <ast@...nel.org>
> ---
> kernel/bpf/core.c | 22 ++++++++++++++++++++--
> 1 file changed, 20 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
> index 3f5bf1af0826..ddf11fdafd36 100644
> --- a/kernel/bpf/core.c
> +++ b/kernel/bpf/core.c
> @@ -384,7 +384,7 @@ bpf_get_prog_addr_region(const struct bpf_prog *prog,
> *symbol_end = addr + hdr->pages * PAGE_SIZE;
> }
>
> -static void bpf_get_prog_name(const struct bpf_prog *prog, char *sym)
> +static char *bpf_get_prog_name(const struct bpf_prog *prog, char *sym)
> {
> const char *end = sym + KSYM_NAME_LEN;
>
> @@ -402,9 +402,10 @@ static void bpf_get_prog_name(const struct bpf_prog *prog, char *sym)
> sym += snprintf(sym, KSYM_NAME_LEN, "bpf_prog_");
> sym = bin2hex(sym, prog->tag, sizeof(prog->tag));
> if (prog->aux->name[0])
> - snprintf(sym, (size_t)(end - sym), "_%s", prog->aux->name);
> + sym += snprintf(sym, (size_t)(end - sym), "_%s", prog->aux->name);
> else
> *sym = 0;
> + return sym;
> }
>
> static __always_inline unsigned long
> @@ -480,23 +481,40 @@ static bool bpf_prog_kallsyms_verify_off(const struct bpf_prog *fp)
>
> void bpf_prog_kallsyms_add(struct bpf_prog *fp)
> {
> + unsigned long symbol_start, symbol_end;
> + char buf[KSYM_NAME_LEN], *sym;
> +
> if (!bpf_prog_kallsyms_candidate(fp) ||
> !capable(CAP_SYS_ADMIN))
> return;
>
> + bpf_get_prog_addr_region(fp, &symbol_start, &symbol_end);
> + sym = bpf_get_prog_name(fp, buf);
> + sym++; /* sym - buf is the length of the name including trailing 0 */
> + while (!IS_ALIGNED(sym - buf, sizeof(u64)))
> + *sym++ = 0;
nit: This logic feels a little weird to me. How about we wrap the extra logic
in a separate function:
size_t bpf_get_prog_name_u64_aligned(const struct bpf_prog fp, char *buf)
where the return value is the u64 aligned size.
Other than this
Acked-by: Song Liu <songliubraving@...com>
> spin_lock_bh(&bpf_lock);
> bpf_prog_ksym_node_add(fp->aux);
> spin_unlock_bh(&bpf_lock);
> + perf_event_mmap_bpf_prog(symbol_start, symbol_end - symbol_start,
> + buf, sym - buf);
> }
>
> void bpf_prog_kallsyms_del(struct bpf_prog *fp)
> {
> + unsigned long symbol_start, symbol_end;
> + /* mmap_record.filename cannot be NULL and has to be u64 aligned */
> + char buf[sizeof(u64)] = {};
> +
> if (!bpf_prog_kallsyms_candidate(fp))
> return;
>
> spin_lock_bh(&bpf_lock);
> bpf_prog_ksym_node_del(fp->aux);
> spin_unlock_bh(&bpf_lock);
> + bpf_get_prog_addr_region(fp, &symbol_start, &symbol_end);
> + perf_event_mmap_bpf_prog(symbol_start, symbol_end - symbol_start,
> + buf, sizeof(buf));
> }
>
> static struct bpf_prog *bpf_prog_kallsyms_find(unsigned long addr)
> --
> 2.17.1
>
Powered by blists - more mailing lists