lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 18 Sep 2020 11:47:56 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Toke Høiland-Jørgensen <toke@...hat.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Andrii Nakryiko <andriin@...com>,
        John Fastabend <john.fastabend@...il.com>,
        Jiri Olsa <jolsa@...hat.com>,
        Eelco Chaudron <echaudro@...hat.com>,
        KP Singh <kpsingh@...omium.org>,
        Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH bpf-next v6 05/10] bpf: support attaching freplace
 programs to multiple attach points

On Thu, Sep 17, 2020 at 1:21 PM Toke Høiland-Jørgensen <toke@...hat.com> wrote:
>
> From: Toke Høiland-Jørgensen <toke@...hat.com>
>
> This enables support for attaching freplace programs to multiple attach
> points. It does this by amending the UAPI for bpf_link_Create with a target
> btf ID that can be used to supply the new attachment point along with the
> target program fd. The target must be compatible with the target that was
> supplied at program load time.
>
> The implementation reuses the checks that were factored out of
> check_attach_btf_id() to ensure compatibility between the BTF types of the
> old and new attachment. If these match, a new bpf_tracing_link will be
> created for the new attach target, allowing multiple attachments to
> co-exist simultaneously.
>
> The code could theoretically support multiple-attach of other types of
> tracing programs as well, but since I don't have a use case for any of
> those, there is no API support for doing so.
>
> Signed-off-by: Toke Høiland-Jørgensen <toke@...hat.com>
> ---

You patch set breaks at least bpf_iter tests:

$ sudo ./test_progs -t bpf_iter
...
#4 bpf_iter:FAIL
Summary: 0/19 PASSED, 0 SKIPPED, 6 FAILED

Please check and fix.

>  include/linux/bpf.h            |    2 +
>  include/uapi/linux/bpf.h       |    9 +++-
>  kernel/bpf/syscall.c           |  101 ++++++++++++++++++++++++++++++++++------
>  kernel/bpf/verifier.c          |    9 ++++
>  tools/include/uapi/linux/bpf.h |    9 +++-
>  5 files changed, 110 insertions(+), 20 deletions(-)
>

[...]

> -static int bpf_tracing_prog_attach(struct bpf_prog *prog)
> +static int bpf_tracing_prog_attach(struct bpf_prog *prog,
> +                                  int tgt_prog_fd,
> +                                  u32 btf_id)
>  {
>         struct bpf_link_primer link_primer;
>         struct bpf_prog *tgt_prog = NULL;
> +       struct bpf_trampoline *tr = NULL;
>         struct bpf_tracing_link *link;
> -       struct bpf_trampoline *tr;
> +       struct btf_func_model fmodel;
> +       u64 key = 0;
> +       long addr;
>         int err;
>
>         switch (prog->type) {
> @@ -2589,6 +2595,28 @@ static int bpf_tracing_prog_attach(struct bpf_prog *prog)

bpf_tracing_prog_attach logic looks correct to me now, thanks.

>                 goto out_put_prog;
>         }
>

[...]

> @@ -3934,6 +3986,16 @@ static int tracing_bpf_link_attach(const union bpf_attr *attr, struct bpf_prog *
>         return -EINVAL;
>  }
>
> +static int freplace_bpf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog)

Any reason to have this separate from tracing_bpf_link_attach? I'd
merge them and do a simple switch inside, based on prog->type. It
would also be easier to follow the flow if this expected_attach_type
check was first and returned -EINVAL immediately at the top.


> +{
> +       if (attr->link_create.attach_type == prog->expected_attach_type)
> +               return bpf_tracing_prog_attach(prog,
> +                                              attr->link_create.target_fd,
> +                                              attr->link_create.target_btf_id);
> +       return -EINVAL;
> +

nit: unnecessary empty line?

> +}
> +
>  #define BPF_LINK_CREATE_LAST_FIELD link_create.iter_info_len
>  static int link_create(union bpf_attr *attr)
>  {
> @@ -3944,18 +4006,25 @@ static int link_create(union bpf_attr *attr)
>         if (CHECK_ATTR(BPF_LINK_CREATE))
>                 return -EINVAL;
>
> -       ptype = attach_type_to_prog_type(attr->link_create.attach_type);
> -       if (ptype == BPF_PROG_TYPE_UNSPEC)
> -               return -EINVAL;
> -
> -       prog = bpf_prog_get_type(attr->link_create.prog_fd, ptype);
> +       prog = bpf_prog_get(attr->link_create.prog_fd);
>         if (IS_ERR(prog))
>                 return PTR_ERR(prog);
>
>         ret = bpf_prog_attach_check_attach_type(prog,
>                                                 attr->link_create.attach_type);
>         if (ret)
> -               goto err_out;
> +               goto out;
> +
> +       if (prog->type == BPF_PROG_TYPE_EXT) {
> +               ret = freplace_bpf_link_attach(attr, prog);
> +               goto out;
> +       }
> +
> +       ptype = attach_type_to_prog_type(attr->link_create.attach_type);
> +       if (ptype == BPF_PROG_TYPE_UNSPEC) {
> +               ret = -EINVAL;
> +               goto out;
> +       }

you seem to be missing a check that prog->type matches ptype,
previously implicitly performed by bpf_prog_get_type(), no?

>
>         switch (ptype) {
>         case BPF_PROG_TYPE_CGROUP_SKB:
> @@ -3983,7 +4052,7 @@ static int link_create(union bpf_attr *attr)
>                 ret = -EINVAL;
>         }
>
> -err_out:
> +out:
>         if (ret < 0)
>                 bpf_prog_put(prog);
>         return ret;

[...]

Powered by blists - more mailing lists