| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87tu9ob9lk.fsf@toke.dk>
Date: Tue, 17 May 2022 14:57:11 +0200
From: Toke Høiland-Jørgensen <toke@...nel.org>
To: Zhengchao Shao <shaozhengchao@...wei.com>, bpf@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
ast@...nel.org, daniel@...earbox.net, davem@...emloft.net,
kuba@...nel.org, hawk@...nel.org, john.fastabend@...il.com,
andrii@...nel.org, kafai@...com, songliubraving@...com, yhs@...com,
kpsingh@...nel.org
Cc: weiyongjun1@...wei.com, shaozhengchao@...wei.com,
yuehaibing@...wei.com
Subject: Re: [PATCH v2,bpf-next] samples/bpf: check detach prog exist or not
in xdp_fwd
Zhengchao Shao <shaozhengchao@...wei.com> writes:
> Before detach the prog, we should check detach prog exist or not.
>
> Signed-off-by: Zhengchao Shao <shaozhengchao@...wei.com>
> ---
> samples/bpf/xdp_fwd_user.c | 52 +++++++++++++++++++++++++++++++-------
> 1 file changed, 43 insertions(+), 9 deletions(-)
>
> diff --git a/samples/bpf/xdp_fwd_user.c b/samples/bpf/xdp_fwd_user.c
> index 1828487bae9a..2294486ef10a 100644
> --- a/samples/bpf/xdp_fwd_user.c
> +++ b/samples/bpf/xdp_fwd_user.c
> @@ -47,17 +47,51 @@ static int do_attach(int idx, int prog_fd, int map_fd, const char *name)
> return err;
> }
>
> -static int do_detach(int idx, const char *name)
> +static int do_detach(int idx, const char *name, const char *prog_name)
two 'name' arguments is a bit confusing; could we rename the parameters
to 'ifindex', 'ifname' and 'app_name', then use 'prog_name' for the
stack variable below instead of 'namepad'?
> {
> - int err;
> + int err = 1;
> + __u32 info_len, curr_prog_id;
> + struct bpf_prog_info prog_info = {};
> + int prog_fd;
> + char namepad[BPF_OBJ_NAME_LEN];
Reverse x-mas tree, please.
> +
> + if (bpf_xdp_query_id(idx, xdp_flags, &curr_prog_id)) {
> + printf("ERROR: bpf_xdp_query_id failed\n");
strerror(errno) might be nice to add to the error message, so users have
an inkling as to why the call is failing (same below).
> + return err;
> + }
> +
> + if (!curr_prog_id) {
> + printf("ERROR: flags(0x%x) xdp prog is not attached to %s\n",
> + xdp_flags, name);
> + return err;
> + }
>
> - err = bpf_xdp_detach(idx, xdp_flags, NULL);
> - if (err < 0)
> - printf("ERROR: failed to detach program from %s\n", name);
> + info_len = sizeof(prog_info);
> + prog_fd = bpf_prog_get_fd_by_id(curr_prog_id);
> + if (prog_fd < 0 && errno == ENOENT) {
Why the ENOENT check? This should error out regardless of the errno, no?
> + printf("ERROR: bpf_prog_get_fd_by_id failed\n");
strerror(errno)
> + return err;
> + }
> +
> + err = bpf_obj_get_info_by_fd(prog_fd, &prog_info, &info_len);
> + if (err) {
> + printf("ERROR: bpf_obj_get_info_by_fd failed\n");
strerror(errno)
> + return err;
> + }
> + snprintf(namepad, sizeof(namepad), "%s_prog", prog_name);
If the binary somehow gets renamed, this may overflow and you'll end up
without a NULL byte terminating the string. So either check the input
length first, or make sure to set the last byte to '\0' after this
call...
> +
> + if (strcmp(prog_info.name, namepad)) {
> + printf("ERROR: %s isn't attached to %s\n", prog_name, name);
> + } else {
> + err = bpf_xdp_detach(idx, xdp_flags, NULL);
This call should be including an opts struct with the fd obtained above
as the old_prog_fd (so make sure it wasn't swapped out since the check).
> + if (err < 0)
> + printf("ERROR: failed to detach program from %s\n",
> + name);
strerror(errno)
-Toke
Powered by blists - more mailing lists