lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <832aa9b3-8c7a-6304-ad09-e825a1c72e3a@fb.com>
Date:   Wed, 9 Oct 2019 19:38:17 +0000
From:   Alexei Starovoitov <ast@...com>
To:     Andrii Nakryiko <andrii.nakryiko@...il.com>,
        Alexei Starovoitov <ast@...nel.org>
CC:     "David S. Miller" <davem@...emloft.net>,
        Daniel Borkmann <daniel@...earbox.net>,
        "x86@...nel.org" <x86@...nel.org>,
        Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
        Kernel Team <Kernel-team@...com>
Subject: Re: [PATCH bpf-next 09/10] bpf: disallow bpf_probe_read[_str] helpers

On 10/8/19 10:29 PM, Andrii Nakryiko wrote:
> On Fri, Oct 4, 2019 at 10:04 PM Alexei Starovoitov <ast@...nel.org> wrote:
>>
>> Disallow bpf_probe_read() and bpf_probe_read_str() helpers in
>> raw_tracepoint bpf programs that use in-kernel BTF to track
>> types of memory accesses.
>>
>> Signed-off-by: Alexei Starovoitov <ast@...nel.org>
>> ---
>>   kernel/trace/bpf_trace.c | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
>> index 52f7e9d8c29b..7c607f79f1bb 100644
>> --- a/kernel/trace/bpf_trace.c
>> +++ b/kernel/trace/bpf_trace.c
>> @@ -700,6 +700,8 @@ tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
>>          case BPF_FUNC_map_peek_elem:
>>                  return &bpf_map_peek_elem_proto;
>>          case BPF_FUNC_probe_read:
>> +               if (prog->expected_attach_type)
>> +                       return NULL;
> 
> This can unintentionally disable bpf_probe_read/bpf_probe_read_str for
> non-raw_tp programs that happened to specify non-zero
> expected_attach_type, which we don't really validate for
> kprobe/tp/perf_event/etc. So how about passing program type into
> tracing_func_proto() so that we can have more granular control?

yeah. that sucks that we forgot to check expected_attach_type for zero
when that field was introduced for networking progs.
I'll add new u32 to prog_load command instead. It's cleaner too.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ