lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 30 Jun 2020 23:45:23 -0700
From:   Andrii Nakryiko <andriin@...com>
To:     <bpf@...r.kernel.org>, <netdev@...r.kernel.org>, <ast@...com>,
        <daniel@...earbox.net>
CC:     <andrii.nakryiko@...il.com>, <kernel-team@...com>,
        Andrii Nakryiko <andriin@...com>,
        Anton Protopopov <a.s.protopopov@...il.com>,
        Daniel Xu <dlxu@...com>
Subject: [PATCH bpf-next 1/3] libbpf: support stripping modifiers for btf_dump

One important use case when emitting const/volatile/restrict is undesirable is
BPF skeleton generation of DATASEC layout. These are further memory-mapped and
can be written/read from user-space directly.

For important case of .rodata variables, bpftool strips away first-level
modifiers, to make their use on user-space side simple and not requiring extra
type casts to override compiler complaining about writing to const variables.

This logic works mostly fine, but breaks in some more complicated cases. E.g.:

    const volatile int params[10];

Because in BTF it's a chain of ARRAY -> CONST -> VOLATILE -> INT, bpftool
stops at ARRAY and doesn't strip CONST and VOLATILE. In skeleton this variable
will be emitted as is. So when used from user-space, compiler will complain
about writing to const array. This is problematic, as also mentioned in [0].

To solve this for arrays and other non-trivial cases (e.g., inner
const/volatile fields inside the struct), teach btf_dump to strip away any
modifier, when requested.

This patch converts existing struct btf_dump_opts to modern opts "framework"
with size field and easily extensible in the future with backwards/forward
compatibility. While this is a breaking change, there are only two known
clients of this API: bpftool and bpftrace. bpftool hasn't used opts and just
passed NULL, so is not affected and subsequent patch makes it use using
DECLARE_LIBBPF_OPTS() macro. bpftrace does use opts and I'll work with
bpftrace maintainers to adopt to a new opts style. While a bit painful, it
seems like a better strategy long-term, instead of maintaining two sets of
btf_dump opts and constructors.

  [0] https://github.com/iovisor/bcc/pull/2994#issuecomment-650588533

Cc: Daniel Xu <dlxu@...com>
Reported-by: Anton Protopopov <a.s.protopopov@...il.com>
Signed-off-by: Andrii Nakryiko <andriin@...com>
---
 tools/lib/bpf/btf.h      |  6 ++++++
 tools/lib/bpf/btf_dump.c | 18 +++++++++++++-----
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/tools/lib/bpf/btf.h b/tools/lib/bpf/btf.h
index 06cd1731c154..5c2acca8d7f4 100644
--- a/tools/lib/bpf/btf.h
+++ b/tools/lib/bpf/btf.h
@@ -115,8 +115,14 @@ LIBBPF_API int btf__dedup(struct btf *btf, struct btf_ext *btf_ext,
 struct btf_dump;
 
 struct btf_dump_opts {
+	/* size of this struct, for backward/forward compatibility */
+	size_t sz;
+	/* extra context passed to print callback */
 	void *ctx;
+	/* strip all the const/volatile/restrict mods */
+	bool strip_mods;
 };
+#define btf_dump_opts__last_field strip_mods
 
 typedef void (*btf_dump_printf_fn_t)(void *ctx, const char *fmt, va_list args);
 
diff --git a/tools/lib/bpf/btf_dump.c b/tools/lib/bpf/btf_dump.c
index bbb430317260..4b843bbd8657 100644
--- a/tools/lib/bpf/btf_dump.c
+++ b/tools/lib/bpf/btf_dump.c
@@ -59,7 +59,8 @@ struct btf_dump {
 	const struct btf *btf;
 	const struct btf_ext *btf_ext;
 	btf_dump_printf_fn_t printf_fn;
-	struct btf_dump_opts opts;
+	void *print_ctx;
+	bool strip_mods;
 
 	/* per-type auxiliary state */
 	struct btf_dump_type_aux_state *type_states;
@@ -115,7 +116,7 @@ static void btf_dump_printf(const struct btf_dump *d, const char *fmt, ...)
 	va_list args;
 
 	va_start(args, fmt);
-	d->printf_fn(d->opts.ctx, fmt, args);
+	d->printf_fn(d->print_ctx, fmt, args);
 	va_end(args);
 }
 
@@ -129,6 +130,9 @@ struct btf_dump *btf_dump__new(const struct btf *btf,
 	struct btf_dump *d;
 	int err;
 
+	if (!OPTS_VALID(opts, btf_dump_opts))
+		return ERR_PTR(-EINVAL);
+
 	d = calloc(1, sizeof(struct btf_dump));
 	if (!d)
 		return ERR_PTR(-ENOMEM);
@@ -136,7 +140,8 @@ struct btf_dump *btf_dump__new(const struct btf *btf,
 	d->btf = btf;
 	d->btf_ext = btf_ext;
 	d->printf_fn = printf_fn;
-	d->opts.ctx = opts ? opts->ctx : NULL;
+	d->print_ctx = OPTS_GET(opts, ctx, NULL);
+	d->strip_mods = OPTS_GET(opts, strip_mods, false);
 
 	d->type_names = hashmap__new(str_hash_fn, str_equal_fn, NULL);
 	if (IS_ERR(d->type_names)) {
@@ -1045,6 +1050,10 @@ static void btf_dump_emit_type_decl(struct btf_dump *d, __u32 id,
 
 	stack_start = d->decl_stack_cnt;
 	for (;;) {
+		t = btf__type_by_id(d->btf, id);
+		if (d->strip_mods && btf_is_mod(t))
+			goto skip_mod;
+
 		err = btf_dump_push_decl_stack_id(d, id);
 		if (err < 0) {
 			/*
@@ -1056,12 +1065,11 @@ static void btf_dump_emit_type_decl(struct btf_dump *d, __u32 id,
 			d->decl_stack_cnt = stack_start;
 			return;
 		}
-
+skip_mod:
 		/* VOID */
 		if (id == 0)
 			break;
 
-		t = btf__type_by_id(d->btf, id);
 		switch (btf_kind(t)) {
 		case BTF_KIND_PTR:
 		case BTF_KIND_VOLATILE:
-- 
2.24.1

Powered by blists - more mailing lists