lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 23 Jun 2020 11:33:35 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     John Fastabend <john.fastabend@...il.com>
Cc:     Jiri Olsa <jolsa@...nel.org>, Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>
Subject: Re: [bpf PATCH] bpf: do not allow btf_ctx_access with __int128 types

On Tue, Jun 23, 2020 at 10:14 AM John Fastabend
<john.fastabend@...il.com> wrote:
>
> To ensure btf_ctx_access() is safe the verifier checks that the BTF
> arg type is an int, enum, or pointer. When the function does the
> BTF arg lookup it uses the calculation 'arg = off / 8'  using the
> fact that registers are 8B. This requires that the first arg is
> in the first reg, the second in the second, and so on. However,
> for __int128 the arg will consume two registers by default LLVM
> implementation. So this will cause the arg layout assumed by the
> 'arg = off / 8' calculation to be incorrect.
>
> Because __int128 is uncommon this patch applies the easiest fix and
> will force int types to be sizeof(u64) or smaller so that they will
> fit in a single register.
>
> Fixes: 9e15db66136a1 ("bpf: Implement accurate raw_tp context access via BTF")
> Signed-off-by: John Fastabend <john.fastabend@...il.com>
> ---

"small int" for u64 looks funny, but naming is hard :)

Acked-by: Andrii Nakryiko <andriin@...com>

>  include/linux/btf.h |    5 +++++
>  kernel/bpf/btf.c    |    4 ++--
>  2 files changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/btf.h b/include/linux/btf.h
> index 5c1ea99..35642f6 100644
> --- a/include/linux/btf.h
> +++ b/include/linux/btf.h
> @@ -82,6 +82,11 @@ static inline bool btf_type_is_int(const struct btf_type *t)
>         return BTF_INFO_KIND(t->info) == BTF_KIND_INT;
>  }
>
> +static inline bool btf_type_is_small_int(const struct btf_type *t)
> +{
> +       return btf_type_is_int(t) && (t->size <= sizeof(u64));

nit: unnecessary (), () are usually used to disambiguate | and &  vs
|| and &&; this is not the case, though.

> +}
> +
>  static inline bool btf_type_is_enum(const struct btf_type *t)
>  {
>         return BTF_INFO_KIND(t->info) == BTF_KIND_ENUM;
> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> index 58c9af1..9a1a98d 100644
> --- a/kernel/bpf/btf.c
> +++ b/kernel/bpf/btf.c
> @@ -3746,7 +3746,7 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
>                                 return false;
>
>                         t = btf_type_skip_modifiers(btf, t->type, NULL);
> -                       if (!btf_type_is_int(t)) {
> +                       if (!btf_type_is_small_int(t)) {
>                                 bpf_log(log,
>                                         "ret type %s not allowed for fmod_ret\n",
>                                         btf_kind_str[BTF_INFO_KIND(t->info)]);
> @@ -3768,7 +3768,7 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
>         /* skip modifiers */
>         while (btf_type_is_modifier(t))
>                 t = btf_type_by_id(btf, t->type);
> -       if (btf_type_is_int(t) || btf_type_is_enum(t))
> +       if (btf_type_is_small_int(t) || btf_type_is_enum(t))
>                 /* accessing a scalar */
>                 return true;
>         if (!btf_type_is_ptr(t)) {
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ