lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 Mar 2021 15:29:57 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Martin KaFai Lau <kafai@...com>
Cc:     bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Kernel Team <kernel-team@...com>,
        Networking <netdev@...r.kernel.org>
Subject: Re: [PATCH bpf-next 02/15] bpf: btf: Support parsing extern func

On Fri, Mar 19, 2021 at 3:19 PM Martin KaFai Lau <kafai@...com> wrote:
>
> On Fri, Mar 19, 2021 at 02:27:13PM -0700, Andrii Nakryiko wrote:
> > On Thu, Mar 18, 2021 at 10:29 PM Martin KaFai Lau <kafai@...com> wrote:
> > >
> > > On Thu, Mar 18, 2021 at 09:13:56PM -0700, Andrii Nakryiko wrote:
> > > > On Thu, Mar 18, 2021 at 4:39 PM Martin KaFai Lau <kafai@...com> wrote:
> > > > >
> > > > > On Thu, Mar 18, 2021 at 03:53:38PM -0700, Andrii Nakryiko wrote:
> > > > > > On Tue, Mar 16, 2021 at 12:01 AM Martin KaFai Lau <kafai@...com> wrote:
> > > > > > >
> > > > > > > This patch makes BTF verifier to accept extern func. It is used for
> > > > > > > allowing bpf program to call a limited set of kernel functions
> > > > > > > in a later patch.
> > > > > > >
> > > > > > > When writing bpf prog, the extern kernel function needs
> > > > > > > to be declared under a ELF section (".ksyms") which is
> > > > > > > the same as the current extern kernel variables and that should
> > > > > > > keep its usage consistent without requiring to remember another
> > > > > > > section name.
> > > > > > >
> > > > > > > For example, in a bpf_prog.c:
> > > > > > >
> > > > > > > extern int foo(struct sock *) __attribute__((section(".ksyms")))
> > > > > > >
> > > > > > > [24] FUNC_PROTO '(anon)' ret_type_id=15 vlen=1
> > > > > > >         '(anon)' type_id=18
> > > > > > > [25] FUNC 'foo' type_id=24 linkage=extern
> > > > > > > [ ... ]
> > > > > > > [33] DATASEC '.ksyms' size=0 vlen=1
> > > > > > >         type_id=25 offset=0 size=0
> > > > > > >
> > > > > > > LLVM will put the "func" type into the BTF datasec ".ksyms".
> > > > > > > The current "btf_datasec_check_meta()" assumes everything under
> > > > > > > it is a "var" and ensures it has non-zero size ("!vsi->size" test).
> > > > > > > The non-zero size check is not true for "func".  This patch postpones the
> > > > > > > "!vsi-size" test from "btf_datasec_check_meta()" to
> > > > > > > "btf_datasec_resolve()" which has all types collected to decide
> > > > > > > if a vsi is a "var" or a "func" and then enforce the "vsi->size"
> > > > > > > differently.
> > > > > > >
> > > > > > > If the datasec only has "func", its "t->size" could be zero.
> > > > > > > Thus, the current "!t->size" test is no longer valid.  The
> > > > > > > invalid "t->size" will still be caught by the later
> > > > > > > "last_vsi_end_off > t->size" check.   This patch also takes this
> > > > > > > chance to consolidate other "t->size" tests ("vsi->offset >= t->size"
> > > > > > > "vsi->size > t->size", and "t->size < sum") into the existing
> > > > > > > "last_vsi_end_off > t->size" test.
> > > > > > >
> > > > > > > The LLVM will also put those extern kernel function as an extern
> > > > > > > linkage func in the BTF:
> > > > > > >
> > > > > > > [24] FUNC_PROTO '(anon)' ret_type_id=15 vlen=1
> > > > > > >         '(anon)' type_id=18
> > > > > > > [25] FUNC 'foo' type_id=24 linkage=extern
> > > > > > >
> > > > > > > This patch allows BTF_FUNC_EXTERN in btf_func_check_meta().
> > > > > > > Also extern kernel function declaration does not
> > > > > > > necessary have arg name. Another change in btf_func_check() is
> > > > > > > to allow extern function having no arg name.
> > > > > > >
> > > > > > > The btf selftest is adjusted accordingly.  New tests are also added.
> > > > > > >
> > > > > > > The required LLVM patch: https://reviews.llvm.org/D93563
> > > > > > >
> > > > > > > Signed-off-by: Martin KaFai Lau <kafai@...com>
> > > > > > > ---
> > > > > >
> > > > > > High-level question about EXTERN functions in DATASEC. Does kernel
> > > > > > need to see them under DATASEC? What if libbpf just removed all EXTERN
> > > > > > funcs from under DATASEC and leave them as "free-floating" EXTERN
> > > > > > FUNCs in BTF.
> > > > > >
> > > > > > We need to tag EXTERNs with DATASECs mainly for libbpf to know whether
> > > > > > it's .kconfig or .ksym or other type of externs. Does kernel need to
> > > > > > care?
> > > > > Although the kernel does not need to know, since the a legit llvm generates it,
> > > > > I go with a proper support in the kernel (e.g. bpftool btf dump can better
> > > > > reflect what was there).
> > > >
> > > > LLVM also generates extern VAR with BTF_VAR_EXTERN, yet libbpf is
> > > > replacing it with fake INTs.
> > > Yep. I noticed the loop in collect_extern() in libbpf.
> > > It replaces the var->type with INT.
> > >
> > > > We could do just that here as well.
> > > What to replace in the FUNC case?
> >
> > if we do that, I'd just replace them with same INTs. Or we can just
> > remove the entire DATASEC. Now it is easier to do with BTF write APIs.
> > Back then it was a major pain. I'd probably get rid of DATASEC
> > altogether instead of that INT replacement, if I had BTF write APIs.
> Do you mean vsi->type = INT?

yes, that's what existing logic does for EXTERN var

>
> >
> > >
> > > Regardless, supporting it properly in the kernel is a better way to go
> > > instead of asking the userspace to move around it.  It is not very
> > > complicated to support it in the kernel also.
> > >
> > > What is the concern of having the kernel to support it?
> >
> > Just more complicated BTF validation logic, which means that there are
> > higher chances of permitting invalid BTF. And then the question is
> > what can the kernel do with those EXTERNs in BTF? Probably nothing.
> > And that .ksyms section is special, and purely libbpf convention.
> > Ideally kernel should not allow EXTERN funcs in any other DATASEC. Are
> > you willing to hard-code ".ksyms" name in kernel for libbpf's sake?
> > Probably not. The general rule, so far, was that kernel shouldn't see
> > any unresolved EXTERN at all. Now it's neither here nor there. EXTERN
> > funcs are ok, EXTERN vars are not.
> Exactly, it is libbpf convention.  The kernel does not need to enforce it.
> The kernel only needs to be able to support the debug info generated by
> llvm and being able to display/dump it later.
>
> There are many other things in the BTF that the kernel does not need to

Curious, what are those many other things?

> know.  It is there for debug purpose which the BTF is used for.  Yes,
> the func call can be discovered by instruction dump.  It is also nice to
> see everything in one ksyms datasec also during btf dump.
>
> If there is a need to strip everything that the kernel does not need
> from the BTF, it can all be stripped in another "--strip-debug" like
> option.

Where does this "--strip-debug" option go? Clang, pahole, or bpftool?
Or am I misunderstanding what you are proposing?

>
> To support EXTERN var, the kernel part should be fine.  I am only not
> sure why it has to change the vs->size and vs->offset in libbpf?

vs->size and vs->offset are adjusted to match int type. Otherwise
kernel BTF validation will complain about DATASEC size mismatch.

>
>
> >
> > >
> > > > If anyone would want to know all the kernel functions that some BPF
> > > > program is using, they could do it from the instruction dump, with
> > > > proper addresses and kernel function names nicely displayed there.
> > > > That's way more useful, IMO.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ