lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <159163498340.1967373.5048584263152085317.stgit@firesoul>
Date:   Mon, 08 Jun 2020 18:51:12 +0200
From:   Jesper Dangaard Brouer <brouer@...hat.com>
To:     David Ahern <dsahern@...il.com>, bpf@...r.kernel.org,
        Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc:     Jesper Dangaard Brouer <brouer@...hat.com>, netdev@...r.kernel.org,
        Daniel Borkmann <borkmann@...earbox.net>,
        Andrii Nakryiko <andrii.nakryiko@...il.com>,
        Lorenzo Bianconi <lorenzo@...nel.org>
Subject: [PATCH bpf 0/3] bpf: avoid using/returning file descriptor value zero

Make it easier to handle UAPI/kABI extensions by avoid BPF using/returning
file descriptor value zero. Use this in recent devmap extension to keep
older applications compatible with newer kernels.

For special type maps (e.g. devmap and cpumap) the map-value data-layout is
a configuration interface. This is a kernel Application Binary Interface
(kABI) that can only be tail extended. Thus, new members (and thus features)
can only be added to the end of this structure, and the kernel uses the
map->value_size from userspace to determine feature set 'version'.

For this kind of kABI to be extensible and backward compatible, is it common
that new members/fields (that represent a new feature) in the struct are
initialised as zero, which indicate that the feature isn't used. This makes
it possible to write userspace applications that are unaware of new kernel
features, but just include latest uapi headers, zero-init struct and
populate features it knows about.

The recent extension of devmap with a bpf_prog.fd requires end-user to
supply the file-descriptor value minus-1 to communicate that the features
isn't used. This isn't compatible with the described kABI extension model.

---

Jesper Dangaard Brouer (3):
      bpf: syscall to start at file-descriptor 1
      bpf: devmap adjust uapi for attach bpf program
      bpf: selftests and tools use struct bpf_devmap_val from uapi


 fs/file.c                                          |    2 +
 include/linux/file.h                               |    1 +
 include/uapi/linux/bpf.h                           |   13 +++++++
 kernel/bpf/devmap.c                                |   17 ++-------
 kernel/bpf/syscall.c                               |   38 +++++++++++++++++---
 tools/include/uapi/linux/bpf.h                     |   13 +++++++
 .../selftests/bpf/prog_tests/xdp_devmap_attach.c   |    8 ----
 .../selftests/bpf/progs/test_xdp_devmap_helpers.c  |    2 +
 .../bpf/progs/test_xdp_with_devmap_helpers.c       |    3 +-
 9 files changed, 66 insertions(+), 31 deletions(-)

--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ