lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Jan 2020 18:29:39 +0000
From:   Martin Lau <kafai@...com>
To:     Andrii Nakryiko <andriin@...com>
CC:     "bpf@...r.kernel.org" <bpf@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Alexei Starovoitov <ast@...com>,
        "daniel@...earbox.net" <daniel@...earbox.net>,
        "andrii.nakryiko@...il.com" <andrii.nakryiko@...il.com>,
        Kernel Team <Kernel-team@...com>
Subject: Re: [Potential Spoof] [PATCH bpf-next] libbpf: poison kernel-only
 integer types

On Fri, Jan 10, 2020 at 10:19:16AM -0800, Andrii Nakryiko wrote:
> It's been a recurring issue with types like u32 slipping into libbpf source
> code accidentally. This is not detected during builds inside kernel source
> tree, but becomes a compilation error in libbpf's Github repo. Libbpf is
> supposed to use only __{s,u}{8,16,32,64} typedefs, so poison {s,u}{8,16,32,64}
> explicitly in every .c file. Doing that in a bit more centralized way, e.g.,
> inside libbpf_internal.h breaks selftests, which are both using kernel u32 and
> libbpf_internal.h.
> 
> This patch also fixes a new u32 occurence in libbpf.c, added recently.
> 
> Fixes: 590a00888250 ("bpf: libbpf: Add STRUCT_OPS support")
> Signed-off-by: Andrii Nakryiko <andriin@...com>
> ---
>  tools/lib/bpf/bpf.c            | 3 +++
>  tools/lib/bpf/bpf_prog_linfo.c | 3 +++
>  tools/lib/bpf/btf.c            | 3 +++
>  tools/lib/bpf/btf_dump.c       | 3 +++
>  tools/lib/bpf/hashmap.c        | 3 +++
>  tools/lib/bpf/libbpf.c         | 5 ++++-
>  tools/lib/bpf/libbpf_errno.c   | 3 +++
>  tools/lib/bpf/libbpf_probes.c  | 3 +++
>  tools/lib/bpf/netlink.c        | 3 +++
>  tools/lib/bpf/nlattr.c         | 3 +++
>  tools/lib/bpf/str_error.c      | 3 +++
>  tools/lib/bpf/xsk.c            | 3 +++
>  12 files changed, 37 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c
> index b0ecbe9ef2d4..500afe478e94 100644
> --- a/tools/lib/bpf/bpf.c
> +++ b/tools/lib/bpf/bpf.c
> @@ -32,6 +32,9 @@
>  #include "libbpf.h"
>  #include "libbpf_internal.h"
>  
> +/* make sure libbpf doesn't use kernel-only integer typedefs */
> +#pragma GCC poison u8 u16 u32 u64 s8 s16 s32 s64
> +
>  /*
>   * When building perf, unistd.h is overridden. __NR_bpf is
>   * required to be defined explicitly.
> diff --git a/tools/lib/bpf/bpf_prog_linfo.c b/tools/lib/bpf/bpf_prog_linfo.c
> index 3ed1a27b5f7c..bafca49cb1e6 100644
> --- a/tools/lib/bpf/bpf_prog_linfo.c
> +++ b/tools/lib/bpf/bpf_prog_linfo.c
> @@ -8,6 +8,9 @@
>  #include "libbpf.h"
>  #include "libbpf_internal.h"
>  
> +/* make sure libbpf doesn't use kernel-only integer typedefs */
> +#pragma GCC poison u8 u16 u32 u64 s8 s16 s32 s64
> +
>  struct bpf_prog_linfo {
>  	void *raw_linfo;
>  	void *raw_jited_linfo;
> diff --git a/tools/lib/bpf/btf.c b/tools/lib/bpf/btf.c
> index 5f04f56e1eb6..cfeb6a44480b 100644
> --- a/tools/lib/bpf/btf.c
> +++ b/tools/lib/bpf/btf.c
> @@ -17,6 +17,9 @@
>  #include "libbpf_internal.h"
>  #include "hashmap.h"
>  
> +/* make sure libbpf doesn't use kernel-only integer typedefs */
> +#pragma GCC poison u8 u16 u32 u64 s8 s16 s32 s64
> +
>  #define BTF_MAX_NR_TYPES 0x7fffffff
>  #define BTF_MAX_STR_OFFSET 0x7fffffff
>  
> diff --git a/tools/lib/bpf/btf_dump.c b/tools/lib/bpf/btf_dump.c
> index e95f7710f210..885acebd4396 100644
> --- a/tools/lib/bpf/btf_dump.c
> +++ b/tools/lib/bpf/btf_dump.c
> @@ -18,6 +18,9 @@
>  #include "libbpf.h"
>  #include "libbpf_internal.h"
>  
> +/* make sure libbpf doesn't use kernel-only integer typedefs */
> +#pragma GCC poison u8 u16 u32 u64 s8 s16 s32 s64
> +
>  static const char PREFIXES[] = "\t\t\t\t\t\t\t\t\t\t\t\t\t";
>  static const size_t PREFIX_CNT = sizeof(PREFIXES) - 1;
>  
> diff --git a/tools/lib/bpf/hashmap.c b/tools/lib/bpf/hashmap.c
> index 6122272943e6..54c30c802070 100644
> --- a/tools/lib/bpf/hashmap.c
> +++ b/tools/lib/bpf/hashmap.c
> @@ -12,6 +12,9 @@
>  #include <linux/err.h>
>  #include "hashmap.h"
>  
> +/* make sure libbpf doesn't use kernel-only integer typedefs */
> +#pragma GCC poison u8 u16 u32 u64 s8 s16 s32 s64
> +
>  /* start with 4 buckets */
>  #define HASHMAP_MIN_CAP_BITS 2
>  
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 3afd780b0f06..0c229f00a67e 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -55,6 +55,9 @@
>  #include "libbpf_internal.h"
>  #include "hashmap.h"
>  
> +/* make sure libbpf doesn't use kernel-only integer typedefs */
> +#pragma GCC poison u8 u16 u32 u64 s8 s16 s32 s64
> +
>  #ifndef EM_BPF
>  #define EM_BPF 247
>  #endif
> @@ -6475,7 +6478,7 @@ static int bpf_object__collect_struct_ops_map_reloc(struct bpf_object *obj,
>  	Elf_Data *symbols;
>  	unsigned int moff;
>  	const char *name;
> -	u32 member_idx;
> +	__u32 member_idx;
Acked-by: Martin KaFai Lau <kafai@...com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ