lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87pnhbulxf.fsf@toke.dk>
Date:   Fri, 29 Nov 2019 09:27:40 +0100
From:   Toke Høiland-Jørgensen <toke@...hat.com>
To:     Andrii Nakryiko <andrii.nakryiko@...il.com>,
        Jesper Dangaard Brouer <brouer@...hat.com>
Cc:     "netdev\@vger.kernel.org" <netdev@...r.kernel.org>
Subject: Re: Better ways to validate map via BTF?

Andrii Nakryiko <andrii.nakryiko@...il.com> writes:

> On Thu, Nov 28, 2019 at 8:08 AM Jesper Dangaard Brouer
> <brouer@...hat.com> wrote:
>>
>> Hi Andrii,
>
>
> Hey, Jesper! Sorry for late reply, I'm on vacation for few days, so my
> availability is irregular at best :)
>
>>
>> Is there are better way to validate that a userspace BPF-program uses
>> the correct map via BTF?
>>
>> Below and in attached patch, I'm using bpf_obj_get_info_by_fd() to get
>> some map-info, and check info.value_size and info.max_entries match
>> what I expect.  What I really want, is to check that "map-value" have
>> same struct layout as:
>>
>>  struct config {
>>         __u32 action;
>>         int ifindex;
>>         __u32 options;
>>  };
>
> Well, there is no existing magical way to do this, but it is doable by
> comparing BTFs of two maps. It's not too hard to compare all the
> members of a struct, their names, sizes, types, etc (and do that
> recursively, if necessary), but it's a bunch of code requiring due
> diligence. Libbpf doesn't provide that in a ready-to-use form (it does
> implement equivalence checks between two type graphs for dedup, but
> it's quite coupled with and specific to BTF deduplication algorithm).
> Keep in mind, when Toke implemented map pinning support in libbpf, we
> decided to not check BTF for now, and just check key/value size,
> flags, type, max_elements, etc.

Yeah. Probably a good idea to provide convenience functions for this in
libbpf (split out the existing code and make it more general?). Then we
can also use that for the test in the map pinning code :)

-Toke

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ