lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 15 Sep 2021 09:04:21 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Kumar Kartikeya Dwivedi <memxor@...il.com>
Cc:     bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        Jesper Dangaard Brouer <brouer@...hat.com>,
        Toke Høiland-Jørgensen <toke@...hat.com>,
        Networking <netdev@...r.kernel.org>
Subject: Re: [PATCH bpf-next v3 00/10] Support kernel module function calls
 from eBPF

On Tue, Sep 14, 2021 at 10:09 PM Kumar Kartikeya Dwivedi
<memxor@...il.com> wrote:
>
> This set enables kernel module function calls, and also modifies verifier logic
> to permit invalid kernel function calls as long as they are pruned as part of
> dead code elimination. This is done to provide better runtime portability for
> BPF objects, which can conditionally disable parts of code that are pruned later
> by the verifier (e.g. const volatile vars, kconfig options). libbpf
> modifications are made along with kernel changes to support module function
> calls. The set includes gen_loader support for emitting kfunc relocations.
>
> It also converts TCP congestion control objects to use the module kfunc support
> instead of relying on IS_BUILTIN ifdef.
>
> Changelog:
> ----------
> v2 -> v3:
> v2: https://lore.kernel.org/bpf/20210914123750.460750-1-memxor@gmail.com
>
>  * Fix issues pointed out by Kernel Test Robot
>  * Fix find_kfunc_desc to also take offset into consideration when comparing

See [0]:


  [  444.075332] mod kfunc i=42
  [  444.075383] mod kfunc i=42
  [  444.075522] mod kfunc i=42
  [  444.075578] mod kfunc i=42
  [  444.075631] mod kfunc i=42
  [  444.075683] mod kfunc i=42
  [  444.075735] mod kfunc i=42
  [  444.0
This step has been truncated due to its large size. Download the full
logs from the
menu once the workflow run has completed.

  [0] https://github.com/kernel-patches/bpf/runs/3606513281?check_suite_focus=true

>
> RFC v1 -> v2
> v1: https://lore.kernel.org/bpf/20210830173424.1385796-1-memxor@gmail.com
>
>  * Address comments from Alexei
>    * Reuse fd_array instead of introducing kfunc_btf_fds array
>    * Take btf and module reference as needed, instead of preloading
>    * Add BTF_KIND_FUNC relocation support to gen_loader infrastructure
>  * Address comments from Andrii
>    * Drop hashmap in libbpf for finding index of existing BTF in fd_array
>    * Preserve invalid kfunc calls only when the symbol is weak
>  * Adjust verifier selftests
>
> Kumar Kartikeya Dwivedi (10):
>   bpf: Introduce BPF support for kernel module function calls
>   bpf: Be conservative while processing invalid kfunc calls
>   bpf: btf: Introduce helpers for dynamic BTF set registration
>   tools: Allow specifying base BTF file in resolve_btfids
>   bpf: Enable TCP congestion control kfunc from modules
>   bpf: Bump MAX_BPF_STACK size to 768 bytes
>   libbpf: Support kernel module function calls
>   libbpf: Resolve invalid weak kfunc calls with imm = 0, off = 0
>   libbpf: Update gen_loader to emit BTF_KIND_FUNC relocations
>   bpf, selftests: Add basic test for module kfunc call
>
>  include/linux/bpf.h                           |   8 +-
>  include/linux/bpf_verifier.h                  |   2 +
>  include/linux/bpfptr.h                        |   1 +
>  include/linux/btf.h                           |  38 +++
>  include/linux/filter.h                        |   4 +-
>  kernel/bpf/btf.c                              |  56 +++++
>  kernel/bpf/core.c                             |   4 +
>  kernel/bpf/verifier.c                         | 217 +++++++++++++++---
>  kernel/trace/bpf_trace.c                      |   1 +
>  net/bpf/test_run.c                            |   2 +-
>  net/ipv4/bpf_tcp_ca.c                         |  36 +--
>  net/ipv4/tcp_bbr.c                            |  28 ++-
>  net/ipv4/tcp_cubic.c                          |  26 ++-
>  net/ipv4/tcp_dctcp.c                          |  26 ++-
>  scripts/Makefile.modfinal                     |   1 +
>  tools/bpf/resolve_btfids/main.c               |  19 +-
>  tools/lib/bpf/bpf.c                           |   1 +
>  tools/lib/bpf/bpf_gen_internal.h              |  12 +-
>  tools/lib/bpf/gen_loader.c                    |  93 +++++++-
>  tools/lib/bpf/libbpf.c                        |  81 +++++--
>  tools/lib/bpf/libbpf_internal.h               |   1 +
>  tools/testing/selftests/bpf/Makefile          |   1 +
>  .../selftests/bpf/bpf_testmod/bpf_testmod.c   |  23 +-
>  .../selftests/bpf/prog_tests/ksyms_module.c   |  13 +-
>  .../bpf/prog_tests/ksyms_module_libbpf.c      |  18 ++
>  .../selftests/bpf/progs/test_ksyms_module.c   |   9 +
>  .../bpf/progs/test_ksyms_module_libbpf.c      |  35 +++
>  tools/testing/selftests/bpf/verifier/calls.c  |  22 +-
>  .../selftests/bpf/verifier/raw_stack.c        |   4 +-
>  .../selftests/bpf/verifier/stack_ptr.c        |   6 +-
>  .../testing/selftests/bpf/verifier/var_off.c  |   4 +-
>  31 files changed, 673 insertions(+), 119 deletions(-)
>  create mode 100644 tools/testing/selftests/bpf/prog_tests/ksyms_module_libbpf.c
>  create mode 100644 tools/testing/selftests/bpf/progs/test_ksyms_module_libbpf.c
>
> --
> 2.33.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ