lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEf4BzbUSQdYqce+gyjO7-VSrF45nqXuLBMU6qRd63LHD+-JLg@mail.gmail.com>
Date:   Fri, 4 Oct 2019 08:07:40 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Alexei Starovoitov <ast@...com>
Cc:     John Fastabend <john.fastabend@...il.com>,
        Andrii Nakryiko <andriin@...com>, bpf <bpf@...r.kernel.org>,
        Networking <netdev@...r.kernel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Kernel Team <Kernel-team@...com>
Subject: Re: [PATCH bpf-next 1/2] libbpf: stop enforcing kern_version,
 populate it for users

On Fri, Oct 4, 2019 at 7:36 AM Alexei Starovoitov <ast@...com> wrote:
>
> On 10/4/19 7:32 AM, Andrii Nakryiko wrote:
> >> If we are not going to validate the section should we also skip collect'ing it?
> > Well, if user supplied version, we will parse and use it to override
> > out prepopulated one, so in that sense we do have validation.
> >
> > But I think it's fine just to drop it altogether. Will do in v3.
> >
>
> what about older kernel that still enforce it?
> May be populate it in bpf_attr while loading, but
> don't check it in elf from libbpf?

That's what my change does. I pre-populate correct kernel version in
bpf_object->kern_version from uname(). If ELF has "version" section,
we still parse it and override bpf_object->kern_version.
bpf_object->kern_version then is always specified as part of
bpf_prog_load->kern_version.

So what we are discussing here is to not even look at user-provided
version, but just always specify correct current kernel version. So I
don't think we are going to break anything, except we might allow to
pass some programs that were failing before due to unspecified or zero
version.

So with that, do you think it's ok to get rid of version section altogether?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ