lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAADnVQJpCe9e2Qrnsaj4+ab47z00-bEYyHhN_mmpCh4+9i17vQ@mail.gmail.com>
Date: Fri, 29 Sep 2023 14:06:10 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Matt Bobrowski <mattbobrowski@...gle.com>
Cc: Toke Høiland-Jørgensen <toke@...hat.com>, 
	Daniel Borkmann <daniel@...earbox.net>, Alexei Starovoitov <ast@...nel.org>, Martin KaFai Lau <kafai@...com>, 
	Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>, 
	Marek Majkowski <marek@...udflare.com>, Lorenz Bauer <lmb@...udflare.com>, 
	Alan Maguire <alan.maguire@...cle.com>, Jesper Dangaard Brouer <brouer@...hat.com>, 
	David Miller <davem@...emloft.net>, Network Development <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>
Subject: Re: bpf indirect calls

On Wed, Sep 27, 2023 at 6:27 AM Matt Bobrowski <mattbobrowski@...gle.com> wrote:
>
>
> static void testing(void) {
>   bpf_printk("testing");
> }
>
> struct iter_ctx {
>   void (*f) (void);
> };
> static u64 iter_callback(struct bpf_map *map, u32 *key,
>                          u64 *value, struct iter_ctx *ctx) {
>   if (ctx->f) {
>     ctx->f();
>   }
>   return 0;
> }
>
> SEC("lsm.s/file_open")
> int BPF_PROG(file_open, struct file *file)
> {
>   struct iter_ctx iter_ctx = {
>     .f = testing,
>   };
>   bpf_for_each_map_elem(&map, iter_callback, &iter_ctx, 0);
>   return 0;
> }
> ```
...
> The fundamental difference between the two call instructions if I'm
> not mistaken is that one attempts to perform a call using an immediate
> value as its source operand, whereas the other attempts to perform a
> call using a source register as its source operand. AFAIU, the latter
> is not currently permitted by the BPF verifier. Is that right?

Correct. Indirect calls via 'callx' instruction are not supported yet.
Please use bpf_tail_call() as a workaround for now.

Over the years the verifier became progressively smarter and maybe
now is a good time to support true indirect calls.
For certain cases like your example above it's relatively easy
to add such support, but before we do that please describe
the full use case that you wanted to implement with indirect calls.

Powered by blists - more mailing lists