lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 Mar 2021 16:02:27 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Martin KaFai Lau <kafai@...com>
Cc:     bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Kernel Team <kernel-team@...com>,
        Networking <netdev@...r.kernel.org>
Subject: Re: [PATCH bpf-next 02/15] bpf: btf: Support parsing extern func

On Fri, Mar 19, 2021 at 3:45 PM Martin KaFai Lau <kafai@...com> wrote:
>
> On Fri, Mar 19, 2021 at 03:29:57PM -0700, Andrii Nakryiko wrote:
> > On Fri, Mar 19, 2021 at 3:19 PM Martin KaFai Lau <kafai@...com> wrote:
> > >
> > > On Fri, Mar 19, 2021 at 02:27:13PM -0700, Andrii Nakryiko wrote:
> > > > On Thu, Mar 18, 2021 at 10:29 PM Martin KaFai Lau <kafai@...com> wrote:
> > > > >
> > > > > On Thu, Mar 18, 2021 at 09:13:56PM -0700, Andrii Nakryiko wrote:
> > > > > > On Thu, Mar 18, 2021 at 4:39 PM Martin KaFai Lau <kafai@...com> wrote:
> > > > > > >
> > > > > > > On Thu, Mar 18, 2021 at 03:53:38PM -0700, Andrii Nakryiko wrote:
> > > > > > > > On Tue, Mar 16, 2021 at 12:01 AM Martin KaFai Lau <kafai@...com> wrote:
> > > > > > > > >
> > > > > > > > > This patch makes BTF verifier to accept extern func. It is used for
> > > > > > > > > allowing bpf program to call a limited set of kernel functions
> > > > > > > > > in a later patch.
> > > > > > > > >
> > > > > > > > > When writing bpf prog, the extern kernel function needs
> > > > > > > > > to be declared under a ELF section (".ksyms") which is
> > > > > > > > > the same as the current extern kernel variables and that should
> > > > > > > > > keep its usage consistent without requiring to remember another
> > > > > > > > > section name.
> > > > > > > > >
> > > > > > > > > For example, in a bpf_prog.c:
> > > > > > > > >
> > > > > > > > > extern int foo(struct sock *) __attribute__((section(".ksyms")))
> > > > > > > > >
> > > > > > > > > [24] FUNC_PROTO '(anon)' ret_type_id=15 vlen=1
> > > > > > > > >         '(anon)' type_id=18
> > > > > > > > > [25] FUNC 'foo' type_id=24 linkage=extern
> > > > > > > > > [ ... ]
> > > > > > > > > [33] DATASEC '.ksyms' size=0 vlen=1
> > > > > > > > >         type_id=25 offset=0 size=0
> > > > > > > > >
> > > > > > > > > LLVM will put the "func" type into the BTF datasec ".ksyms".
> > > > > > > > > The current "btf_datasec_check_meta()" assumes everything under
> > > > > > > > > it is a "var" and ensures it has non-zero size ("!vsi->size" test).
> > > > > > > > > The non-zero size check is not true for "func".  This patch postpones the
> > > > > > > > > "!vsi-size" test from "btf_datasec_check_meta()" to
> > > > > > > > > "btf_datasec_resolve()" which has all types collected to decide
> > > > > > > > > if a vsi is a "var" or a "func" and then enforce the "vsi->size"
> > > > > > > > > differently.
> > > > > > > > >
> > > > > > > > > If the datasec only has "func", its "t->size" could be zero.
> > > > > > > > > Thus, the current "!t->size" test is no longer valid.  The
> > > > > > > > > invalid "t->size" will still be caught by the later
> > > > > > > > > "last_vsi_end_off > t->size" check.   This patch also takes this
> > > > > > > > > chance to consolidate other "t->size" tests ("vsi->offset >= t->size"
> > > > > > > > > "vsi->size > t->size", and "t->size < sum") into the existing
> > > > > > > > > "last_vsi_end_off > t->size" test.
> > > > > > > > >
> > > > > > > > > The LLVM will also put those extern kernel function as an extern
> > > > > > > > > linkage func in the BTF:
> > > > > > > > >
> > > > > > > > > [24] FUNC_PROTO '(anon)' ret_type_id=15 vlen=1
> > > > > > > > >         '(anon)' type_id=18
> > > > > > > > > [25] FUNC 'foo' type_id=24 linkage=extern
> > > > > > > > >
> > > > > > > > > This patch allows BTF_FUNC_EXTERN in btf_func_check_meta().
> > > > > > > > > Also extern kernel function declaration does not
> > > > > > > > > necessary have arg name. Another change in btf_func_check() is
> > > > > > > > > to allow extern function having no arg name.
> > > > > > > > >
> > > > > > > > > The btf selftest is adjusted accordingly.  New tests are also added.
> > > > > > > > >
> > > > > > > > > The required LLVM patch: https://reviews.llvm.org/D93563
> > > > > > > > >
> > > > > > > > > Signed-off-by: Martin KaFai Lau <kafai@...com>
> > > > > > > > > ---
> > > > > > > >
> > > > > > > > High-level question about EXTERN functions in DATASEC. Does kernel
> > > > > > > > need to see them under DATASEC? What if libbpf just removed all EXTERN
> > > > > > > > funcs from under DATASEC and leave them as "free-floating" EXTERN
> > > > > > > > FUNCs in BTF.
> > > > > > > >
> > > > > > > > We need to tag EXTERNs with DATASECs mainly for libbpf to know whether
> > > > > > > > it's .kconfig or .ksym or other type of externs. Does kernel need to
> > > > > > > > care?
> > > > > > > Although the kernel does not need to know, since the a legit llvm generates it,
> > > > > > > I go with a proper support in the kernel (e.g. bpftool btf dump can better
> > > > > > > reflect what was there).
> > > > > >
> > > > > > LLVM also generates extern VAR with BTF_VAR_EXTERN, yet libbpf is
> > > > > > replacing it with fake INTs.
> > > > > Yep. I noticed the loop in collect_extern() in libbpf.
> > > > > It replaces the var->type with INT.
> > > > >
> > > > > > We could do just that here as well.
> > > > > What to replace in the FUNC case?
> > > >
> > > > if we do that, I'd just replace them with same INTs. Or we can just
> > > > remove the entire DATASEC. Now it is easier to do with BTF write APIs.
> > > > Back then it was a major pain. I'd probably get rid of DATASEC
> > > > altogether instead of that INT replacement, if I had BTF write APIs.
> > > Do you mean vsi->type = INT?
> >
> > yes, that's what existing logic does for EXTERN var
> There may be no var.
>

sure, but we have btf__add_var(), if we really want VAR ;)

> >
> > >
> > > >
> > > > >
> > > > > Regardless, supporting it properly in the kernel is a better way to go
> > > > > instead of asking the userspace to move around it.  It is not very
> > > > > complicated to support it in the kernel also.
> > > > >
> > > > > What is the concern of having the kernel to support it?
> > > >
> > > > Just more complicated BTF validation logic, which means that there are
> > > > higher chances of permitting invalid BTF. And then the question is
> > > > what can the kernel do with those EXTERNs in BTF? Probably nothing.
> > > > And that .ksyms section is special, and purely libbpf convention.
> > > > Ideally kernel should not allow EXTERN funcs in any other DATASEC. Are
> > > > you willing to hard-code ".ksyms" name in kernel for libbpf's sake?
> > > > Probably not. The general rule, so far, was that kernel shouldn't see
> > > > any unresolved EXTERN at all. Now it's neither here nor there. EXTERN
> > > > funcs are ok, EXTERN vars are not.
> > > Exactly, it is libbpf convention.  The kernel does not need to enforce it.
> > > The kernel only needs to be able to support the debug info generated by
> > > llvm and being able to display/dump it later.
> > >
> > > There are many other things in the BTF that the kernel does not need to
> >
> > Curious, what are those many other things?
> VAR '_license'.
> deeper things could be STRUCT 'tcp_congestion_ops' and the types under it.
>

kernel is aware of DATASEC in general, it validates variable sizes and
offsets, and datasec size itself. DATASEC can be assigned as
value_type_id for maps. So I guess technically you are correct that it
doesn't care about VAR _license specifically, but it has to care about
DATASEC/VARs in general. Same applies to STRUCT 'tcp_congestion_ops'.

I'm fine with extending the kernel with EXTERN funcs, btw. I just
don't think it's necessary. But then also let's support EXTERN vars
for consistency.

> >
> > > know.  It is there for debug purpose which the BTF is used for.  Yes,
> > > the func call can be discovered by instruction dump.  It is also nice to
> > > see everything in one ksyms datasec also during btf dump.
> > >
> > > If there is a need to strip everything that the kernel does not need
> > > from the BTF, it can all be stripped in another "--strip-debug" like
> > > option.
> >
> > Where does this "--strip-debug" option go? Clang, pahole, or bpftool?
> > Or am I misunderstanding what you are proposing?
> Could be a libbpf option during load? or it can be done during gen skel?

libbpf already sanitizes BTF removing and adjusting BTF information
(e.g., DATASEC sizes). So that's happening automatically. I wasn't
sure what that new stripping option would do, which is why I asked.

>
> >
> > >
> > > To support EXTERN var, the kernel part should be fine.  I am only not
> > > sure why it has to change the vs->size and vs->offset in libbpf?
> >
> > vs->size and vs->offset are adjusted to match int type. Otherwise
> > kernel BTF validation will complain about DATASEC size mismatch.
> make sense. so if there is no need to replace it with INT,
> they can be left as is?

If kernel start supporting EXTERN vars, yes, we won't need to touch
it. But of course to support older kernels libbpf will still have to
do this. EXTERN vars won't reduce the amount of libbpf logic.

>
> >
> > >
> > >
> > > >
> > > > >
> > > > > > If anyone would want to know all the kernel functions that some BPF
> > > > > > program is using, they could do it from the instruction dump, with
> > > > > > proper addresses and kernel function names nicely displayed there.
> > > > > > That's way more useful, IMO.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ