lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 14 Jan 2020 16:44:54 -0800
From:   Stanislav Fomichev <sdf@...ichev.me>
To:     Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        "David S. Miller" <davem@...emloft.net>,
        Daniel Borkmann <daniel@...earbox.net>,
        Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
        Kernel Team <kernel-team@...com>
Subject: Re: [PATCH bpf-next 3/6] bpf: Introduce function-by-function
 verification

On 01/14, Andrii Nakryiko wrote:
> On Tue, Jan 14, 2020 at 3:39 PM Stanislav Fomichev <sdf@...ichev.me> wrote:
> >
> > On 01/07, Alexei Starovoitov wrote:
> > > New llvm and old llvm with libbpf help produce BTF that distinguish global and
> > > static functions. Unlike arguments of static function the arguments of global
> > > functions cannot be removed or optimized away by llvm. The compiler has to use
> > > exactly the arguments specified in a function prototype. The argument type
> > > information allows the verifier validate each global function independently.
> > > For now only supported argument types are pointer to context and scalars. In
> > > the future pointers to structures, sizes, pointer to packet data can be
> > > supported as well. Consider the following example:
> > > --- a/kernel/bpf/btf.c
> > > +++ b/kernel/bpf/btf.c
> > > @@ -2621,8 +2621,8 @@ static s32 btf_func_check_meta(struct btf_verifier_env *env,
> > >               return -EINVAL;
> > >       }
> > >
> > > -     if (btf_type_vlen(t)) {
> > > -             btf_verifier_log_type(env, t, "vlen != 0");
> > > +     if (btf_type_vlen(t) > BTF_FUNC_EXTERN) {
> > > +             btf_verifier_log_type(env, t, "invalid func linkage");
> > >               return -EINVAL;
> > Sorry for bringing it up after the review:
> >
> > This effectively teaches kernel about BTF_KIND_FUNC scope argument,
> > right? Which means, if I take clang from the tip
> > (https://github.com/llvm/llvm-project/commit/fbb64aa69835c8e3e9efe0afc8a73058b5a0fb3c#diff-f191c05d1eb0a6ca0e89d7e7938d73d4)
> > and take 5.4 kernel, it will reject BTF because it now has a
> > BTF_KIND_FUNC with global scope (any 'main' function is global and has
> > non-zero vlen).
> >
> > What's the general guidance on the situation where clang starts
> > spitting out some BTF and released kernels reject it? Is there some list of
> > flags I can pass to clang to not emit some of the BTF features?
> > Or am I missing something?
> 
> Isn't that the issue that 2d3eb67f64ec ("libbpf: Sanitize global
> functions") addresses by sanitizing those BTF_KIND_FUNC as static
> functions (with vlen=0)?
> 
> The general guidance is to have libbpf sanitize such BTF to make it
> compatible with old kernels.
Ah, that was the missing piece, thank you!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ