lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 May 2020 09:29:05 -0700 From: Yonghong Song <yhs@...com> To: Alexei Starovoitov <alexei.starovoitov@...il.com> CC: Andrii Nakryiko <andriin@...com>, <bpf@...r.kernel.org>, Martin KaFai Lau <kafai@...com>, <netdev@...r.kernel.org>, Alexei Starovoitov <ast@...com>, Daniel Borkmann <daniel@...earbox.net>, <kernel-team@...com> Subject: Re: [PATCH bpf-next v4 02/21] bpf: allow loading of a bpf_iter program On 5/12/20 9:25 AM, Alexei Starovoitov wrote: > On Tue, May 12, 2020 at 08:41:19AM -0700, Yonghong Song wrote: >> >> >> On 5/9/20 5:41 PM, Alexei Starovoitov wrote: >>> On Sat, May 09, 2020 at 10:59:00AM -0700, Yonghong Song wrote: >>>> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c >>>> index 70ad009577f8..d725ff7d11db 100644 >>>> --- a/kernel/bpf/verifier.c >>>> +++ b/kernel/bpf/verifier.c >>>> @@ -7101,6 +7101,10 @@ static int check_return_code(struct bpf_verifier_env *env) >>>> return 0; >>>> range = tnum_const(0); >>>> break; >>>> + case BPF_PROG_TYPE_TRACING: >>>> + if (env->prog->expected_attach_type != BPF_TRACE_ITER) >>>> + return 0; >>>> + break; >>> >>> Not related to this set, but I just noticed that I managed to forget to >>> add this check for fentry/fexit/freplace. >>> While it's not too late let's enforce return 0 for them ? >>> Could you follow up with a patch for bpf tree? >> >> Just want to double check. In selftests, we have >> >> SEC("fentry/__set_task_comm") >> int BPF_PROG(prog4, struct task_struct *tsk, const char *buf, bool exec) >> { >> return !tsk; >> } >> >> SEC("fexit/__set_task_comm") >> int BPF_PROG(prog5, struct task_struct *tsk, const char *buf, bool exec) >> { >> return !tsk; >> } >> >> fentry/fexit may returrn 1. What is the intention here? Does this mean >> we should allow [0, 1] instead of [0, 0]? > > Argh. I missed that bit when commit ac065870d9282 tweaked the return > value. For fentry/exit the return value is ignored by trampoline. > imo it's misleading to users and should be rejected by the verifier. > so [0,0] for fentry/fexit Sounds good. Will craft patch to enforce fentry/fexit with [0,0] then. Thanks! > >> For freplace, we have >> >> __u64 test_get_skb_len = 0; >> SEC("freplace/get_skb_len") >> int new_get_skb_len(struct __sk_buff *skb) >> { >> int len = skb->len; >> >> if (len != 74) >> return 0; >> test_get_skb_len = 1; >> return 74; /* original get_skb_len() returns skb->len */ >> } >> >> That means freplace may return arbitrary values depending on what >> to replace? > > yes. freplace and fmod_ret can return anything. >
Powered by blists - more mailing lists