lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20200506132946.2164578-1-jolsa@kernel.org>
Date:   Wed,  6 May 2020 15:29:37 +0200
From:   Jiri Olsa <jolsa@...nel.org>
To:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>
Cc:     netdev@...r.kernel.org, bpf@...r.kernel.org,
        Yonghong Song <yhs@...com>, Martin KaFai Lau <kafai@...com>,
        David Miller <davem@...hat.com>,
        John Fastabend <john.fastabend@...il.com>,
        Jesper Dangaard Brouer <hawk@...nel.org>,
        Wenbo Zhang <ethercflow@...il.com>,
        KP Singh <kpsingh@...omium.org>,
        Andrii Nakryiko <andriin@...com>, bgregg@...flix.com,
        Florent Revest <revest@...omium.org>,
        Al Viro <viro@...iv.linux.org.uk>
Subject: [RFCv2 0/9] bpf: Add d_path helper

hi,
adding d_path helper to return full path for 'path' object.

I originally added and used 'file_path' helper, which did the same,
but used 'struct file' object. Then realized that file_path is just
a wrapper for d_path, so we'd cover more calling sites if we add
d_path helper and allowed resolving BTF object within another object,
so we could call d_path also with file pointer, like:

  bpf_d_path(&file->f_path, buf, size);

This feature is mainly to be able to add dpath (filepath originally)
function to bpftrace, which seems to work nicely now, like:

  # bpftrace -e 'kfunc:vfs_open { printf("%s\n", dpath(args->path)); }'


RFC v2 changes:

  - added whitelist support, d_path helper is allowed only for
    list of functions, the whitelist checking works as follows:

      - helper's whitelist is defined as list of functions in file:
        kernel/bpf/helpers-whitelist/helper
      - at vmlinux linking time, the bpfwl tool reads the whitelist
        and translates functions into BTF IDs, which are then compiled
        as following data section into vmlinux object:

          .BTF_whitelist
              BTF_whitelist_<helper1>
              BTF_whitelist_<helper2>
              BTF_whitelist_<helper3>

        Each BTF_whitelist_<helperX> data is a sorted array of BTF ids.
      - new 'allowed' function is added to 'struct bpf_func_proto',
        which is used by verifier code to check (if defined) on whether
        the helper is called from allowed function (from whitelist).

    Currently it's needed and implemented only for d_path helper,
    but it's easy to add support for another helper.

  - I don't change the btf_id value in check_func_arg as suggested by Alexei
  - added new test_verifier test

Also available at:
  https://git.kernel.org/pub/scm/linux/kernel/git/jolsa/perf.git
  bpf/d_path

thoughts? thanks,
jirka


---
Jiri Olsa (9):
      bpf: Add d_path helper
      bpf: Add d_path whitelist
      bpf: Add bpfwl tool to construct bpf whitelists
      bpf: Allow nested BTF object to be refferenced by BTF object + offset
      bpf: Add support to check on BTF id whitelist for d_path helper
      bpf: Compile bpfwl tool at kernel compilation start
      bpf: Compile the BTF id whitelist data in vmlinux
      selftests/bpf: Add test for d_path helper
      selftests/bpf: Add verifier test for d_path helper

 Makefile                                        |  24 +++++++--
 include/asm-generic/vmlinux.lds.h               |   5 ++
 include/linux/bpf.h                             |   4 ++
 include/uapi/linux/bpf.h                        |  14 +++++-
 kernel/bpf/btf.c                                |  69 +++++++++++++++++++++++++
 kernel/bpf/helpers-whitelist/d_path             |   8 +++
 kernel/bpf/verifier.c                           |  37 ++++++++++----
 kernel/trace/bpf_trace.c                        |  54 ++++++++++++++++++++
 scripts/bpf_helpers_doc.py                      |   2 +
 scripts/link-vmlinux.sh                         |  20 ++++++--
 tools/Makefile                                  |   3 ++
 tools/bpf/Makefile                              |   5 +-
 tools/bpf/bpfwl/Build                           |  11 ++++
 tools/bpf/bpfwl/Makefile                        |  60 ++++++++++++++++++++++
 tools/bpf/bpfwl/bpfwl.c                         | 285 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 tools/include/uapi/linux/bpf.h                  |  14 +++++-
 tools/testing/selftests/bpf/prog_tests/d_path.c | 196 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 tools/testing/selftests/bpf/progs/test_d_path.c |  71 ++++++++++++++++++++++++++
 tools/testing/selftests/bpf/test_verifier.c     |  13 ++++-
 tools/testing/selftests/bpf/verifier/d_path.c   |  37 ++++++++++++++
 20 files changed, 908 insertions(+), 24 deletions(-)
 create mode 100644 kernel/bpf/helpers-whitelist/d_path
 create mode 100644 tools/bpf/bpfwl/Build
 create mode 100644 tools/bpf/bpfwl/Makefile
 create mode 100644 tools/bpf/bpfwl/bpfwl.c
 create mode 100644 tools/testing/selftests/bpf/prog_tests/d_path.c
 create mode 100644 tools/testing/selftests/bpf/progs/test_d_path.c
 create mode 100644 tools/testing/selftests/bpf/verifier/d_path.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ