lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 29 May 2020 13:52:17 -0700
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Daniel Borkmann <daniel@...earbox.net>,
        Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
        Kernel Team <kernel-team@...com>
Subject: Re: [PATCH v2 bpf-next 2/4] bpf: Introduce sleepable BPF programs

On Fri, May 29, 2020 at 01:38:40PM -0700, Andrii Nakryiko wrote:
> > > >         if (prog->type == BPF_PROG_TYPE_STRUCT_OPS)
> > > >                 return check_struct_ops_btf_id(env);
> > > >
> > > > @@ -10762,8 +10801,29 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
> > > >                         if (ret)
> > > >                                 verbose(env, "%s() is not modifiable\n",
> > > >                                         prog->aux->attach_func_name);
> > > > +               } else if (prog->aux->sleepable) {
> > > > +                       switch (prog->type) {
> > > > +                       case BPF_PROG_TYPE_TRACING:
> > > > +                               /* fentry/fexit progs can be sleepable only if they are
> > > > +                                * attached to ALLOW_ERROR_INJECTION or security_*() funcs.
> > > > +                                */
> > > > +                               ret = check_attach_modify_return(prog, addr);
> > >
> > > I was so confused about this piece... check_attach_modify_return()
> > > should probably be renamed to something else, it's not for fmod_ret
> > > only anymore.
> >
> > why? I think the name is correct. The helper checks whether target
> > allows modifying its return value. It's a first while list.
> 
> check_attach_modify_return() name implies to me that it's strictly for
> fmod_ret-specific attachment checks, that's all. It's minor, if you
> feel like name is appropriate I'm fine with it.

ahh. i see the confusion. I've read check_attach_modify_return as
whether target kernel function allows tweaking it's return value.
whereas it sounds that you've read it as it's check whether target
func is ok for modify_return bpf program type.

> 
> > When that passes the black list applies via check_sleepable_blacklist() function.
> >
> > I was considering using whitelist for sleepable as well, but that's overkill.
> > Too much overlap with mod_ret.
> > Imo check whitelist + check blacklist for white list exceptions is clean enough.
> 
> I agree about whitelist+blacklist, my only point was that
> check_attach_modify_return() is not communicating that it's a
> whitelist. check_sleepable_blacklist() is clear as day,
> check_sleepable_whitelist() would be as clear, even if internally it
> (for now) just calls into check_attach_modify_return(). Eventually it
> might be evolved beyond what's in check_attach_modify_return(). Not a
> big deal and can be changed later, if necessary.

got it. I will wrap it into another helper.

Powered by blists - more mailing lists