netdev - Re: [PATCH bpf-next 2/3] bpf: emit RECORD_MMAP events for bpf prog load/unload

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <F4C210DE-F80F-4107-98A5-D74652F0E449@fb.com>
Date:   Thu, 20 Sep 2018 05:48:26 +0000
From:   Song Liu <songliubraving@...com>
To:     Alexei Starovoitov <ast@...com>
CC:     Alexei Starovoitov <ast@...nel.org>,
        "David S . Miller" <davem@...emloft.net>,
        "daniel@...earbox.net" <daniel@...earbox.net>,
        "peterz@...radead.org" <peterz@...radead.org>,
        "acme@...nel.org" <acme@...nel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "Kernel Team" <Kernel-team@...com>
Subject: Re: [PATCH bpf-next 2/3] bpf: emit RECORD_MMAP events for bpf prog
 load/unload



> On Sep 19, 2018, at 5:59 PM, Alexei Starovoitov <ast@...com> wrote:
> 
> On 9/19/18 4:44 PM, Song Liu wrote:
>> 
>> 
>>> On Sep 19, 2018, at 3:39 PM, Alexei Starovoitov <ast@...nel.org> wrote:
>>> 
>>> use perf_event_mmap_bpf_prog() helper to notify user space
>>> about JITed bpf programs.
>>> Use RECORD_MMAP perf event to tell user space where JITed bpf program was loaded.
>>> Use empty program name as unload indication.
>>> 
>>> Signed-off-by: Alexei Starovoitov <ast@...nel.org>
>>> ---
>>> kernel/bpf/core.c | 22 ++++++++++++++++++++--
>>> 1 file changed, 20 insertions(+), 2 deletions(-)
>>> 
>>> diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
>>> index 3f5bf1af0826..ddf11fdafd36 100644
>>> --- a/kernel/bpf/core.c
>>> +++ b/kernel/bpf/core.c
>>> @@ -384,7 +384,7 @@ bpf_get_prog_addr_region(const struct bpf_prog *prog,
>>> 	*symbol_end   = addr + hdr->pages * PAGE_SIZE;
>>> }
>>> 
>>> -static void bpf_get_prog_name(const struct bpf_prog *prog, char *sym)
>>> +static char *bpf_get_prog_name(const struct bpf_prog *prog, char *sym)
>>> {
>>> 	const char *end = sym + KSYM_NAME_LEN;
>>> 
>>> @@ -402,9 +402,10 @@ static void bpf_get_prog_name(const struct bpf_prog *prog, char *sym)
>>> 	sym += snprintf(sym, KSYM_NAME_LEN, "bpf_prog_");
>>> 	sym  = bin2hex(sym, prog->tag, sizeof(prog->tag));
>>> 	if (prog->aux->name[0])
>>> -		snprintf(sym, (size_t)(end - sym), "_%s", prog->aux->name);
>>> +		sym += snprintf(sym, (size_t)(end - sym), "_%s", prog->aux->name);
>>> 	else
>>> 		*sym = 0;
>>> +	return sym;
>>> }
>>> 
>>> static __always_inline unsigned long
>>> @@ -480,23 +481,40 @@ static bool bpf_prog_kallsyms_verify_off(const struct bpf_prog *fp)
>>> 
>>> void bpf_prog_kallsyms_add(struct bpf_prog *fp)
>>> {
>>> +	unsigned long symbol_start, symbol_end;
>>> +	char buf[KSYM_NAME_LEN], *sym;
>>> +
>>> 	if (!bpf_prog_kallsyms_candidate(fp) ||
>>> 	    !capable(CAP_SYS_ADMIN))
>>> 		return;
>>> 
>>> +	bpf_get_prog_addr_region(fp, &symbol_start, &symbol_end);
>>> +	sym = bpf_get_prog_name(fp, buf);
>>> +	sym++; /* sym - buf is the length of the name including trailing 0 */
>>> +	while (!IS_ALIGNED(sym - buf, sizeof(u64)))
>>> +		*sym++ = 0;
>> 
>> nit: This logic feels a little weird to me. How about we wrap the extra logic
>> in a separate function:
>> 
>> size_t bpf_get_prog_name_u64_aligned(const struct bpf_prog fp, char *buf)
> 
> probably bpf_get_prog_name_u64_padded() ?
> would be cleaner indeed.

bpf_get_prog_name_u64_padded does sound better. 

> Will send v2 once Peter and Arnaldo provide their feedback.
> 
> Thanks for reviewing!