lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 15 Aug 2022 14:59:50 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Quentin Monnet <quentin@...valent.com>
Cc:     Hangbin Liu <liuhangbin@...il.com>, netdev@...r.kernel.org,
        Andrii Nakryiko <andrii@...nel.org>,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <martin.lau@...ux.dev>,
        Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Stanislav Fomichev <sdf@...gle.com>,
        Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
        bpf@...r.kernel.org
Subject: Re: [PATCHv2 bpf-next] libbpf: making bpf_prog_load() ignore name if
 kernel doesn't support

On Mon, Aug 15, 2022 at 8:36 AM Quentin Monnet <quentin@...valent.com> wrote:
>
> On 13/08/2022 01:09, Hangbin Liu wrote:
> > Similar with commit 10b62d6a38f7 ("libbpf: Add names for auxiliary maps"),
> > let's make bpf_prog_load() also ignore name if kernel doesn't support
> > program name.
> >
> > To achieve this, we need to call sys_bpf_prog_load() directly in
> > probe_kern_prog_name() to avoid circular dependency. sys_bpf_prog_load()
> > also need to be exported in the libbpf_internal.h file.
> >
> > Signed-off-by: Hangbin Liu <liuhangbin@...il.com>
> > ---
> > v2: move sys_bpf_prog_load definition to libbpf_internal.h. memset attr
> >     to 0 specifically to aviod padding.
> > ---
> >  tools/lib/bpf/bpf.c             |  6 ++----
> >  tools/lib/bpf/libbpf.c          | 12 ++++++++++--
> >  tools/lib/bpf/libbpf_internal.h |  3 +++
> >  3 files changed, 15 insertions(+), 6 deletions(-)
> >
> > diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c
> > index 6a96e665dc5d..575867d69496 100644
> > --- a/tools/lib/bpf/bpf.c
> > +++ b/tools/lib/bpf/bpf.c
> > @@ -84,9 +84,7 @@ static inline int sys_bpf_fd(enum bpf_cmd cmd, union bpf_attr *attr,
> >       return ensure_good_fd(fd);
> >  }
> >
> > -#define PROG_LOAD_ATTEMPTS 5
> > -
> > -static inline int sys_bpf_prog_load(union bpf_attr *attr, unsigned int size, int attempts)
> > +int sys_bpf_prog_load(union bpf_attr *attr, unsigned int size, int attempts)
> >  {
> >       int fd;
> >
> > @@ -263,7 +261,7 @@ int bpf_prog_load(enum bpf_prog_type prog_type,
> >       attr.prog_ifindex = OPTS_GET(opts, prog_ifindex, 0);
> >       attr.kern_version = OPTS_GET(opts, kern_version, 0);
> >
> > -     if (prog_name)
> > +     if (prog_name && kernel_supports(NULL, FEAT_PROG_NAME))
> >               libbpf_strlcpy(attr.prog_name, prog_name, sizeof(attr.prog_name));
> >       attr.license = ptr_to_u64(license);
> >
> > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> > index 3f01f5cd8a4c..4a351897bdcc 100644
> > --- a/tools/lib/bpf/libbpf.c
> > +++ b/tools/lib/bpf/libbpf.c
> > @@ -4419,10 +4419,18 @@ static int probe_kern_prog_name(void)
> >               BPF_MOV64_IMM(BPF_REG_0, 0),
> >               BPF_EXIT_INSN(),
> >       };
> > -     int ret, insn_cnt = ARRAY_SIZE(insns);
> > +     union bpf_attr attr;
> > +     int ret;
> > +
> > +     memset(&attr, 0, sizeof(attr));
> > +     attr.prog_type = BPF_PROG_TYPE_SOCKET_FILTER;
> > +     attr.license = ptr_to_u64("GPL");
> > +     attr.insns = ptr_to_u64(insns);
> > +     attr.insn_cnt = (__u32)ARRAY_SIZE(insns);
> > +     libbpf_strlcpy(attr.prog_name, "test", sizeof(attr.prog_name));
> >
> >       /* make sure loading with name works */
> > -     ret = bpf_prog_load(BPF_PROG_TYPE_SOCKET_FILTER, "test", "GPL", insns, insn_cnt, NULL);
> > +     ret = sys_bpf_prog_load(&attr, sizeof(attr), PROG_LOAD_ATTEMPTS);
> >       return probe_fd(ret);
> >  }
> >
> > diff --git a/tools/lib/bpf/libbpf_internal.h b/tools/lib/bpf/libbpf_internal.h
> > index 4135ae0a2bc3..377642ff51fc 100644
> > --- a/tools/lib/bpf/libbpf_internal.h
> > +++ b/tools/lib/bpf/libbpf_internal.h
> > @@ -573,4 +573,7 @@ static inline bool is_pow_of_2(size_t x)
> >       return x && (x & (x - 1)) == 0;
> >  }
> >
> > +#define PROG_LOAD_ATTEMPTS 5
> > +int sys_bpf_prog_load(union bpf_attr *attr, unsigned int size, int attempts);
> > +
> >  #endif /* __LIBBPF_LIBBPF_INTERNAL_H */
>
> Looks good to me, thanks!
>
> Acked-by: Quentin Monnet <quentin@...valent.com>

I did a small adjustment to not fill out entire big bpf_attr union
completely (and added a bit more meaningful "libbpf_nametest" prog
name):

$ git diff --staged
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 4a351897bdcc..f05dd61a8a7f 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -4415,6 +4415,7 @@ static int probe_fd(int fd)

 static int probe_kern_prog_name(void)
 {
+       const size_t attr_sz = offsetofend(union bpf_attr, prog_name);
        struct bpf_insn insns[] = {
                BPF_MOV64_IMM(BPF_REG_0, 0),
                BPF_EXIT_INSN(),
@@ -4422,12 +4423,12 @@ static int probe_kern_prog_name(void)
        union bpf_attr attr;
        int ret;

-       memset(&attr, 0, sizeof(attr));
+       memset(&attr, 0, attr_sz);
        attr.prog_type = BPF_PROG_TYPE_SOCKET_FILTER;
        attr.license = ptr_to_u64("GPL");
        attr.insns = ptr_to_u64(insns);
        attr.insn_cnt = (__u32)ARRAY_SIZE(insns);
-       libbpf_strlcpy(attr.prog_name, "test", sizeof(attr.prog_name));
+       libbpf_strlcpy(attr.prog_name, "libbpf_nametest",
sizeof(attr.prog_name));

Pushed to bpf-next, thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ