| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <878s6bdl5a.fsf@toke.dk>
Date: Thu, 25 Mar 2021 21:38:09 +0100
From: Toke Høiland-Jørgensen <toke@...hat.com>
To: Martin KaFai Lau <kafai@...com>
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...gle.com>,
"David S. Miller" <davem@...emloft.net>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Clark Williams <williams@...hat.com>, bpf@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH bpf 2/2] bpf/selftests: test that kernel rejects a TCP
CC with an invalid license
Martin KaFai Lau <kafai@...com> writes:
> On Thu, Mar 25, 2021 at 04:40:34PM +0100, Toke Høiland-Jørgensen wrote:
>> This adds a selftest to check that the verifier rejects a TCP CC struct_ops
>> with a non-GPL license. To save having to add a whole new BPF object just
>> for this, reuse the dctcp CC, but rewrite the license field before loading.
>>
>> Signed-off-by: Toke Høiland-Jørgensen <toke@...hat.com>
>> ---
>> .../selftests/bpf/prog_tests/bpf_tcp_ca.c | 31 +++++++++++++++++++
>> 1 file changed, 31 insertions(+)
>>
>> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c b/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
>> index 37c5494a0381..613cf8a00b22 100644
>> --- a/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
>> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_tcp_ca.c
>> @@ -227,10 +227,41 @@ static void test_dctcp(void)
>> bpf_dctcp__destroy(dctcp_skel);
>> }
>>
>> +static void test_invalid_license(void)
>> +{
>> + /* We want to check that the verifier refuses to load a non-GPL TCP CC.
>> + * Rather than create a whole new file+skeleton, just reuse an existing
>> + * object and rewrite the license in memory after loading. Sine libbpf
>> + * doesn't expose this, we define a struct that includes the first couple
>> + * of internal fields for struct bpf_object so we can overwrite the right
>> + * bits. Yes, this is a bit of a hack, but it makes the test a lot simpler.
>> + */
>> + struct bpf_object_fragment {
>> + char name[BPF_OBJ_NAME_LEN];
>> + char license[64];
>> + } *obj;
> It is fragile. A new bpf_nogpltcp.c should be created and it does
> not have to be a full tcp-cc. A very minimal implementation with
> only .init. Something like this (uncompiled code):
>
> char _license[] SEC("license") = "X";
>
> void BPF_STRUCT_OPS(nogpltcp_init, struct sock *sk)
> {
> }
>
> SEC(".struct_ops")
> struct tcp_congestion_ops bpf_nogpltcp = {
> .init = (void *)nogpltcp_init,
> .name = "bpf_nogpltcp",
> };
>
> libbpf_set_print() can also be used to look for the
> the verifier log "struct ops programs must have a GPL compatible license".
Ah, thanks for the pointers! Will fix this up as well...
-Toke
Powered by blists - more mailing lists