From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
Yonghong Song <yhs@fb.com>, Andrii Nakryiko <andriin@fb.com>,
John Fastabend <john.fastabend@gmail.com>,
Jiri Olsa <jolsa@redhat.com>,
Eelco Chaudron <echaudro@redhat.com>,
KP Singh <kpsingh@chromium.org>,
Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>
Subject: Re: [PATCH bpf-next v7 01/10] bpf: disallow attaching modify_return tracing functions to other BPF programs
Date: Tue, 22 Sep 2020 11:52:16 +0200 [thread overview]
Message-ID: <87r1qup29b.fsf@toke.dk> (raw)
In-Reply-To: <CAEf4Bzbb5gt7KgmfXM6FiC750GjxL23XO4GPnVHFgCGaMTuDCg@mail.gmail.com>
Andrii Nakryiko <andrii.nakryiko@gmail.com> writes:
> On Sat, Sep 19, 2020 at 4:50 AM Toke Høiland-Jørgensen <toke@redhat.com> wrote:
>>
>> From: Toke Høiland-Jørgensen <toke@redhat.com>
>>
>> From the checks and commit messages for modify_return, it seems it was
>> never the intention that it should be possible to attach a tracing program
>> with expected_attach_type == BPF_MODIFY_RETURN to another BPF program.
>> However, check_attach_modify_return() will only look at the function name,
>> so if the target function starts with "security_", the attach will be
>> allowed even for bpf2bpf attachment.
>>
>> Fix this oversight by also blocking the modification if a target program is
>> supplied.
>>
>> Fixes: 18644cec714a ("bpf: Fix use-after-free in fmod_ret check")
>> Fixes: 6ba43b761c41 ("bpf: Attachment verification for BPF_MODIFY_RETURN")
>> Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
>> ---
>> kernel/bpf/verifier.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
>> index 4161b6c406bc..cb1b0f9fd770 100644
>> --- a/kernel/bpf/verifier.c
>> +++ b/kernel/bpf/verifier.c
>> @@ -11442,7 +11442,7 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
>> prog->aux->attach_func_name);
>> } else if (prog->expected_attach_type == BPF_MODIFY_RETURN) {
>> ret = check_attach_modify_return(prog, addr);
>> - if (ret)
>> + if (ret || tgt_prog)
>
> can you please do it as a separate check with a more appropriate and
> meaningful message?
Heh, okay, maybe I was being a bit too lazy here ;)
-Toke
next prev parent reply other threads:[~2020-09-22 9:52 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-19 11:49 [PATCH bpf-next v7 00/10] bpf: Support multi-attach for freplace programs Toke Høiland-Jørgensen
2020-09-19 11:49 ` [PATCH bpf-next v7 01/10] bpf: disallow attaching modify_return tracing functions to other BPF programs Toke Høiland-Jørgensen
2020-09-21 22:39 ` Andrii Nakryiko
2020-09-22 9:52 ` Toke Høiland-Jørgensen [this message]
2020-09-19 11:49 ` [PATCH bpf-next v7 02/10] bpf: change logging calls from verbose() to bpf_log() and use log pointer Toke Høiland-Jørgensen
2020-09-19 11:49 ` [PATCH bpf-next v7 03/10] bpf: verifier: refactor check_attach_btf_id() Toke Høiland-Jørgensen
2020-09-21 23:05 ` Andrii Nakryiko
2020-09-22 10:14 ` Toke Høiland-Jørgensen
2020-09-22 11:16 ` Toke Høiland-Jørgensen
2020-09-22 16:28 ` Andrii Nakryiko
2020-09-22 17:41 ` Toke Høiland-Jørgensen
2020-09-19 11:49 ` [PATCH bpf-next v7 04/10] bpf: move prog->aux->linked_prog and trampoline into bpf_link on attach Toke Høiland-Jørgensen
2020-09-21 23:05 ` Andrii Nakryiko
2020-09-22 10:17 ` Toke Høiland-Jørgensen
2020-09-22 16:45 ` Andrii Nakryiko
2020-09-22 17:48 ` Toke Høiland-Jørgensen
2020-09-19 11:49 ` [PATCH bpf-next v7 05/10] bpf: support attaching freplace programs to multiple attach points Toke Høiland-Jørgensen
2020-09-21 23:08 ` Andrii Nakryiko
2020-09-19 11:49 ` [PATCH bpf-next v7 06/10] bpf: Fix context type resolving for extension programs Toke Høiland-Jørgensen
2020-09-21 23:09 ` Andrii Nakryiko
2020-09-19 11:49 ` [PATCH bpf-next v7 07/10] libbpf: add support for freplace attachment in bpf_link_create Toke Høiland-Jørgensen
2020-09-21 23:18 ` Andrii Nakryiko
2020-09-19 11:49 ` [PATCH bpf-next v7 08/10] selftests: add test for multiple attachments of freplace program Toke Høiland-Jørgensen
2020-09-21 23:21 ` Andrii Nakryiko
2020-09-19 11:49 ` [PATCH bpf-next v7 09/10] selftests/bpf: Adding test for arg dereference in extension trace Toke Høiland-Jørgensen
2020-09-19 11:49 ` [PATCH bpf-next v7 10/10] selftests: Add selftest for disallowing modify_return attachment to freplace Toke Høiland-Jørgensen
2020-09-21 23:25 ` Andrii Nakryiko
2020-09-21 23:26 ` [PATCH bpf-next v7 00/10] bpf: Support multi-attach for freplace programs Andrii Nakryiko
2020-09-22 9:48 ` Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r1qup29b.fsf@toke.dk \
--to=toke@redhat.com \
--cc=andrii.nakryiko@gmail.com \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=echaudro@redhat.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@redhat.com \
--cc=kafai@fb.com \
--cc=kpsingh@chromium.org \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.