lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20220223012814.1898677-1-connoro@google.com>
Date:   Wed, 23 Feb 2022 01:28:14 +0000
From:   "Connor O'Brien" <connoro@...gle.com>
To:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>
Cc:     Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>,
        Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Shung-Hsi Yu <shung-hsi.yu@...e.com>, netdev@...r.kernel.org,
        bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
        "Connor O'Brien" <connoro@...gle.com>,
        "Michal Suchánek" <msuchanek@...e.de>
Subject: [PATCH bpf-next] bpf: add config to allow loading modules with BTF mismatches

BTF mismatch can occur for a separately-built module even when the ABI
is otherwise compatible and nothing else would prevent successfully
loading. Add a new config to control how mismatches are handled. By
default, preserve the current behavior of refusing to load the
module. If MODULE_ALLOW_BTF_MISMATCH is enabled, load the module but
ignore its BTF information.

Suggested-by: Yonghong Song <yhs@...com>
Suggested-by: Michal Suchánek <msuchanek@...e.de>
Signed-off-by: Connor O'Brien <connoro@...gle.com>
---
Hello,

In the discussion regarding BTF compatibility & modules, there seemed
to be broad agreement that an option to ignore mismatches would be
reasonable. Currently the only option for handling this problem seems
to be to disable BTF entirely, so this would at least be an
incremental improvement.

Thanks,
Connor

 kernel/bpf/btf.c  |  3 ++-
 lib/Kconfig.debug | 10 ++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 11740b300de9..1a21f24105b3 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -6397,7 +6397,8 @@ static int btf_module_notify(struct notifier_block *nb, unsigned long op,
 			pr_warn("failed to validate module [%s] BTF: %ld\n",
 				mod->name, PTR_ERR(btf));
 			kfree(btf_mod);
-			err = PTR_ERR(btf);
+			if (!IS_ENABLED(CONFIG_MODULE_ALLOW_BTF_MISMATCH))
+				err = PTR_ERR(btf);
 			goto out;
 		}
 		err = btf_alloc_id(btf);
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 1555da672275..ff857bb7d633 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -339,6 +339,16 @@ config DEBUG_INFO_BTF_MODULES
 	help
 	  Generate compact split BTF type information for kernel modules.
 
+config MODULE_ALLOW_BTF_MISMATCH
+	bool "Allow loading modules with non-matching BTF type info"
+	depends on DEBUG_INFO_BTF_MODULES
+	help
+	  For modules whose split BTF does not match vmlinux, load without
+	  BTF rather than refusing to load. The default behavior with
+	  module BTF enabled is to reject modules with such mismatches;
+	  this option will still load module BTF where possible but ignore
+	  it when a mismatch is found.
+
 config GDB_SCRIPTS
 	bool "Provide GDB scripts for kernel debugging"
 	help
-- 
2.35.1.473.g83b2b277ed-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ