| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Sep 2020 18:26:11 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Alan Maguire <alan.maguire@...cle.com>
Cc: ast@...nel.org, daniel@...earbox.net, andriin@...com, yhs@...com,
linux@...musvillemoes.dk, andriy.shevchenko@...ux.intel.com,
pmladek@...e.com, kafai@...com, songliubraving@...com,
john.fastabend@...il.com, kpsingh@...omium.org, shuah@...nel.org,
rdna@...com, scott.branden@...adcom.com, quentin@...valent.com,
cneirabustos@...il.com, jakub@...udflare.com, mingo@...hat.com,
rostedt@...dmis.org, bpf@...r.kernel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
acme@...nel.org
Subject: Re: [PATCH v6 bpf-next 6/6] selftests/bpf: add test for
bpf_seq_printf_btf helper
On Wed, Sep 23, 2020 at 06:46:28PM +0100, Alan Maguire wrote:
> Add a test verifying iterating over tasks and displaying BTF
> representation of data succeeds. Note here that we do not display
> the task_struct itself, as it will overflow the PAGE_SIZE limit on seq
> data; instead we write task->fs (a struct fs_struct).
Yeah. I've tried to print task_struct before reading above comment and
it took me long time to figure out what 'read failed: Argument list too long' means.
How can we improve usability of this helper?
We can bump:
--- a/kernel/bpf/bpf_iter.c
+++ b/kernel/bpf/bpf_iter.c
@@ -88,8 +88,8 @@ static ssize_t bpf_seq_read(struct file *file, char __user *buf, size_t size,
mutex_lock(&seq->lock);
if (!seq->buf) {
- seq->size = PAGE_SIZE;
+ seq->size = PAGE_SIZE * 32;
to whatever number, but printing single task_struct needs ~800 lines and
~18kbytes. Humans can scroll through that much spam, but can we make it less
verbose by default somehow?
May be not in this patch set, but in the follow up?
> +SEC("iter/task")
> +int dump_task_fs_struct(struct bpf_iter__task *ctx)
> +{
> + static const char fs_type[] = "struct fs_struct";
> + struct seq_file *seq = ctx->meta->seq;
> + struct task_struct *task = ctx->task;
> + struct fs_struct *fs = (void *)0;
> + static struct btf_ptr ptr = { };
> + long ret;
> +
> + if (task)
> + fs = task->fs;
> +
> + ptr.type = fs_type;
> + ptr.ptr = fs;
imo the following is better:
ptr.type_id = __builtin_btf_type_id(*fs, 1);
ptr.ptr = fs;
> +
> + if (ctx->meta->seq_num == 0)
> + BPF_SEQ_PRINTF(seq, "Raw BTF fs_struct per task\n");
> +
> + ret = bpf_seq_printf_btf(seq, &ptr, sizeof(ptr), 0);
> + switch (ret) {
> + case 0:
> + tasks++;
> + break;
> + case -ERANGE:
> + /* NULL task or task->fs, don't count it as an error. */
> + break;
> + default:
> + seq_err = ret;
> + break;
> + }
Please add handling of E2BIG to this switch. Otherwise
printing large amount of tiny structs will overflow PAGE_SIZE and E2BIG
will be send to user space.
Like this:
@@ -40,6 +40,8 @@ int dump_task_fs_struct(struct bpf_iter__task *ctx)
case -ERANGE:
/* NULL task or task->fs, don't count it as an error. */
break;
+ case -E2BIG:
+ return 1;
Also please change bpf_seq_read() like this:
diff --git a/kernel/bpf/bpf_iter.c b/kernel/bpf/bpf_iter.c
index 30833bbf3019..8f10e30ea0b0 100644
--- a/kernel/bpf/bpf_iter.c
+++ b/kernel/bpf/bpf_iter.c
@@ -88,8 +88,8 @@ static ssize_t bpf_seq_read(struct file *file, char __user *buf, size_t size,
mutex_lock(&seq->lock);
if (!seq->buf) {
- seq->size = PAGE_SIZE;
- seq->buf = kmalloc(seq->size, GFP_KERNEL);
+ seq->size = PAGE_SIZE << 3;
+ seq->buf = kvmalloc(seq->size, GFP_KERNEL);
So users can print task_struct by default.
Hopefully we will figure out how to deal with spam later.
Powered by blists - more mailing lists