| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Dec 2020 16:38:16 +0000 (GMT)
From: Alan Maguire <alan.maguire@...cle.com>
To: Andrii Nakryiko <andrii@...nel.org>
cc: bpf@...r.kernel.org, netdev@...r.kernel.org, ast@...com,
daniel@...earbox.net, kernel-team@...com,
Alan Maguire <alan.maguire@...cle.com>
Subject: Re: [PATCH bpf-next] libbpf: support module BTF for BPF_TYPE_ID_TARGET
CO-RE relocation
On Fri, 4 Dec 2020, Andrii Nakryiko wrote:
> When Clang emits ldimm64 instruction for BPF_TYPE_ID_TARGET CO-RE relocation,
> put module BTF FD, containing target type, into upper 32 bits of imm64.
>
> Because this FD is internal to libbpf, it's very cumbersome to test this in
> selftests. Manual testing was performed with debug log messages sprinkled
> across selftests and libbpf, confirming expected values are substituted.
> Better testing will be performed as part of the work adding module BTF types
> support to bpf_snprintf_btf() helpers.
>
> Cc: Alan Maguire <alan.maguire@...cle.com>
> Signed-off-by: Andrii Nakryiko <andrii@...nel.org>
> ---
> tools/lib/bpf/libbpf.c | 19 ++++++++++++++++---
> 1 file changed, 16 insertions(+), 3 deletions(-)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 9be88a90a4aa..539956f7920a 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -4795,6 +4795,7 @@ static int load_module_btfs(struct bpf_object *obj)
>
> mod_btf = &obj->btf_modules[obj->btf_module_cnt++];
>
> + btf__set_fd(btf, fd);
> mod_btf->btf = btf;
> mod_btf->id = id;
> mod_btf->fd = fd;
> @@ -5445,6 +5446,10 @@ struct bpf_core_relo_res
> __u32 orig_type_id;
> __u32 new_sz;
> __u32 new_type_id;
> + /* FD of the module BTF containing the target candidate, or 0 for
> + * vmlinux BTF
> + */
> + int btf_obj_fd;
> };
>
> /* Calculate original and target relocation values, given local and target
> @@ -5469,6 +5474,7 @@ static int bpf_core_calc_relo(const struct bpf_program *prog,
> res->fail_memsz_adjust = false;
> res->orig_sz = res->new_sz = 0;
> res->orig_type_id = res->new_type_id = 0;
> + res->btf_obj_fd = 0;
>
> if (core_relo_is_field_based(relo->kind)) {
> err = bpf_core_calc_field_relo(prog, relo, local_spec,
> @@ -5519,6 +5525,9 @@ static int bpf_core_calc_relo(const struct bpf_program *prog,
> } else if (core_relo_is_type_based(relo->kind)) {
> err = bpf_core_calc_type_relo(relo, local_spec, &res->orig_val);
> err = err ?: bpf_core_calc_type_relo(relo, targ_spec, &res->new_val);
> + if (!err && relo->kind == BPF_TYPE_ID_TARGET &&
> + targ_spec->btf != prog->obj->btf_vmlinux)
> + res->btf_obj_fd = btf__fd(targ_spec->btf);
Sorry about this Andrii, but I'm a bit stuck here.
I'm struggling to get tests working where the obj fd is used to designate
the module BTF. Unless I'm missing something there are a few problems:
- the fd association is removed by libbpf when the BPF program has loaded;
the module fds are closed and the module BTF is discarded. However even if
that isn't done (and as you mentioned, we could hold onto BTF that is in
use, and I commented out the code that does that to test) - there's
another problem:
- I can't see a way to use the object fd value we set here later in BPF
program context; btf_get_by_fd() returns -EBADF as the fd is associated
with the module BTF in the test's process context, not necessarily in
the context that the BPF program is running. Would it be possible in this
case to use object id? Or is there another way to handle the fd->module
BTF association that we need to make in BPF program context that I'm
missing?
- A more long-term issue; if we use fds to specify module BTFs and write
the object fd into the program, we can pin the BPF program such that it
outlives fds that refer to its associated BTF. So unless we pinned the
BTF too, any code that assumed the BTF fd-> module mapping was valid would
start to break once the user-space side went away and the pinned program
persisted.
Maybe there are solutions to these problems that I'm missing of course,
but for now I'm not sure how to get things working.
Thanks again for your help with this!
Alan
Powered by blists - more mailing lists