* [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug @ 2023-09-27 4:50 ruowenq2 2023-09-27 4:50 ` [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs ruowenq2 2023-09-28 16:40 ` [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug patchwork-bot+netdevbpf 0 siblings, 2 replies; 8+ messages in thread From: ruowenq2 @ 2023-09-27 4:50 UTC (permalink / raw) To: bpf; +Cc: ast, daniel, andrii, jinghao7, keescook, Ruowen Qin From: Ruowen Qin <ruowenq2@illinois.edu> Thanks to Alexei, patch 2/3 and 3/3 from v2 have been upstreamed. v3 primarily addresses scenarios where the compiler lacks ubsan support. There are currently 6 BPF programs in syscall_tp_kern but the array to hold the corresponding bpf_links in syscall_tp_user only has space for 4 programs, given the array size is hardcoded. This causes the sample program to fail due to an out-of-bound access that corrupts other stack variables: # ./syscall_tp prog #0: map ids 4 5 verify map:4 val: 5 map_lookup failed: Bad file descriptor This patch series aims to solve this issue for now and for the future. It first adds the -fsanitize=bounds flag to make similar bugs more obvious at runtime. It then refactors syscall_tp_user to retrieve the number of programs from the bpf_object and dynamically allocate the array of bpf_links to avoid inconsistencies from hardcoding. Changelog: --- v2 -> v3 v2: https://lore.kernel.org/all/20230917214220.637721-1-jinghao7@illinois.edu/ * Address feddback from Alexei * Make the makefile smarter to detect the presence of ubsan in the compiler. v1 -> v2 v1: https://lore.kernel.org/all/20230818164643.97782-1-jinghao@linux.ibm.com/ * Address feedback from Daniel * Add missing NULL check for calloc return value. * Remove the extra operation that sets links pointer to NULL after free. Ruowen Qin (1): samples/bpf: Add -fsanitize=bounds to userspace programs samples/bpf/Makefile | 3 +++ 1 file changed, 3 insertions(+) -- 2.42.0 ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs 2023-09-27 4:50 [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug ruowenq2 @ 2023-09-27 4:50 ` ruowenq2 2023-09-27 11:03 ` Jiri Olsa 2023-09-28 16:40 ` [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug patchwork-bot+netdevbpf 1 sibling, 1 reply; 8+ messages in thread From: ruowenq2 @ 2023-09-27 4:50 UTC (permalink / raw) To: bpf Cc: ast, daniel, andrii, jinghao7, keescook, Ruowen Qin, Mimi Zohar, Jinghao Jia From: Ruowen Qin <ruowenq2@illinois.edu> The sanitizer flag, which is supported by both clang and gcc, would make it easier to debug array index out-of-bounds problems in these programs. Make the Makfile smarter to detect ubsan support from the compiler and add the '-fsanitize=bounds' accordingly. Suggested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com> Signed-off-by: Jinghao Jia <jinghao7@illinois.edu> Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu> --- samples/bpf/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile index 6c707ebcebb9..90af76fa9dd8 100644 --- a/samples/bpf/Makefile +++ b/samples/bpf/Makefile @@ -169,6 +169,9 @@ endif TPROGS_CFLAGS += -Wall -O2 TPROGS_CFLAGS += -Wmissing-prototypes TPROGS_CFLAGS += -Wstrict-prototypes +TPROGS_CFLAGS += $(call try-run,\ + printf "int main() { return 0; }" |\ + $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,) TPROGS_CFLAGS += -I$(objtree)/usr/include TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/ -- 2.42.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs 2023-09-27 4:50 ` [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs ruowenq2 @ 2023-09-27 11:03 ` Jiri Olsa 2023-09-27 23:19 ` ruowenq2 0 siblings, 1 reply; 8+ messages in thread From: Jiri Olsa @ 2023-09-27 11:03 UTC (permalink / raw) To: ruowenq2 Cc: bpf, ast, daniel, andrii, jinghao7, keescook, Mimi Zohar, Jinghao Jia On Tue, Sep 26, 2023 at 11:50:30PM -0500, ruowenq2@illinois.edu wrote: > From: Ruowen Qin <ruowenq2@illinois.edu> > > The sanitizer flag, which is supported by both clang and gcc, would make > it easier to debug array index out-of-bounds problems in these programs. > > Make the Makfile smarter to detect ubsan support from the compiler and > add the '-fsanitize=bounds' accordingly. > > Suggested-by: Mimi Zohar <zohar@linux.ibm.com> > Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com> > Signed-off-by: Jinghao Jia <jinghao7@illinois.edu> > Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu> > --- > samples/bpf/Makefile | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile > index 6c707ebcebb9..90af76fa9dd8 100644 > --- a/samples/bpf/Makefile > +++ b/samples/bpf/Makefile > @@ -169,6 +169,9 @@ endif > TPROGS_CFLAGS += -Wall -O2 > TPROGS_CFLAGS += -Wmissing-prototypes > TPROGS_CFLAGS += -Wstrict-prototypes > +TPROGS_CFLAGS += $(call try-run,\ > + printf "int main() { return 0; }" |\ > + $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,) I haven't checked deeply, but could we use just cc-option? looks simpler TPROGS_CFLAGS += $(call cc-option, -fsanitize=bounds) jirka > > TPROGS_CFLAGS += -I$(objtree)/usr/include > TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/ > -- > 2.42.0 > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs 2023-09-27 11:03 ` Jiri Olsa @ 2023-09-27 23:19 ` ruowenq2 2023-09-28 8:15 ` Jiri Olsa 0 siblings, 1 reply; 8+ messages in thread From: ruowenq2 @ 2023-09-27 23:19 UTC (permalink / raw) To: Jiri Olsa, bpf, ast, daniel, andrii, jinghao7, keescook, Mimi Zohar, Jinghao Jia On 9/27/23 6:03 AM, Jiri Olsa <olsajiri@gmail.com> wrote: > On Tue, Sep 26, 2023 at 11:50:30PM -0500, ruowenq2@illinois.edu wrote: > > From: Ruowen Qin <ruowenq2@illinois.edu> > > > > The sanitizer flag, which is supported by both clang and gcc, would make > > it easier to debug array index out-of-bounds problems in these programs. > > > > Make the Makfile smarter to detect ubsan support from the compiler and > > add the '-fsanitize=bounds' accordingly. > > > > Suggested-by: Mimi Zohar <zohar@linux.ibm.com> > > Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com> > > Signed-off-by: Jinghao Jia <jinghao7@illinois.edu> > > Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu> > > --- > > samples/bpf/Makefile | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile > > index 6c707ebcebb9..90af76fa9dd8 100644 > > --- a/samples/bpf/Makefile > > +++ b/samples/bpf/Makefile > > @@ -169,6 +169,9 @@ endif > > TPROGS_CFLAGS += -Wall -O2 > > TPROGS_CFLAGS += -Wmissing-prototypes > > TPROGS_CFLAGS += -Wstrict-prototypes > > +TPROGS_CFLAGS += $(call try-run,\ > > + printf "int main() { return 0; }" |\ > > + $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,) > > I haven't checked deeply, but could we use just cc-option? looks simpler > > TPROGS_CFLAGS += $(call cc-option, -fsanitize=bounds) > > jirka Hi, thanks for your quick reply! When checking for flags, cc-option does not execute the linker, but on Fedora, an error appears and stating that "/usr/lib64/libubsan.so.1.0.0" cannot be found during linking. So I try this seemingly cumbersome way. Ruowen > > > > TPROGS_CFLAGS += -I$(objtree)/usr/include > > TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/ > > -- > > 2.42.0 > > > > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs 2023-09-27 23:19 ` ruowenq2 @ 2023-09-28 8:15 ` Jiri Olsa 2023-09-28 9:19 ` Jinghao Jia 0 siblings, 1 reply; 8+ messages in thread From: Jiri Olsa @ 2023-09-28 8:15 UTC (permalink / raw) To: ruowenq2 Cc: Jiri Olsa, bpf, ast, daniel, andrii, jinghao7, keescook, Mimi Zohar, Jinghao Jia On Wed, Sep 27, 2023 at 06:19:10PM -0500, ruowenq2@illinois.edu wrote: > > > On 9/27/23 6:03 AM, Jiri Olsa <olsajiri@gmail.com> wrote: > > On Tue, Sep 26, 2023 at 11:50:30PM -0500, ruowenq2@illinois.edu wrote: > > > From: Ruowen Qin <ruowenq2@illinois.edu> > > > > > > The sanitizer flag, which is supported by both clang and gcc, would make > > > it easier to debug array index out-of-bounds problems in these programs. > > > > > > Make the Makfile smarter to detect ubsan support from the compiler and > > > add the '-fsanitize=bounds' accordingly. > > > > > > Suggested-by: Mimi Zohar <zohar@linux.ibm.com> > > > Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com> > > > Signed-off-by: Jinghao Jia <jinghao7@illinois.edu> > > > Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu> > > > --- > > > samples/bpf/Makefile | 3 +++ > > > 1 file changed, 3 insertions(+) > > > > > > diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile > > > index 6c707ebcebb9..90af76fa9dd8 100644 > > > --- a/samples/bpf/Makefile > > > +++ b/samples/bpf/Makefile > > > @@ -169,6 +169,9 @@ endif > > > TPROGS_CFLAGS += -Wall -O2 > > > TPROGS_CFLAGS += -Wmissing-prototypes > > > TPROGS_CFLAGS += -Wstrict-prototypes > > > +TPROGS_CFLAGS += $(call try-run,\ > > > + printf "int main() { return 0; }" |\ > > > + $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,) > > > > I haven't checked deeply, but could we use just cc-option? looks simpler > > > > TPROGS_CFLAGS += $(call cc-option, -fsanitize=bounds) > > > > jirka > > Hi, thanks for your quick reply! When checking for flags, cc-option does not execute the linker, but on Fedora, an error appears and stating that "/usr/lib64/libubsan.so.1.0.0" cannot be found during linking. So I try this seemingly cumbersome way. I see, there's also ld-option, would that work? jirka > > Ruowen > > > > > TPROGS_CFLAGS += -I$(objtree)/usr/include > > > TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/ > > > -- > 2.42.0 > > > > > > > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs 2023-09-28 8:15 ` Jiri Olsa @ 2023-09-28 9:19 ` Jinghao Jia 2023-09-28 14:03 ` Jiri Olsa 0 siblings, 1 reply; 8+ messages in thread From: Jinghao Jia @ 2023-09-28 9:19 UTC (permalink / raw) To: Jiri Olsa, ruowenq2 Cc: bpf, ast, daniel, andrii, keescook, Mimi Zohar, Jinghao Jia On 9/28/23 3:15 AM, Jiri Olsa wrote: > On Wed, Sep 27, 2023 at 06:19:10PM -0500, ruowenq2@illinois.edu wrote: >> >> >> On 9/27/23 6:03 AM, Jiri Olsa <olsajiri@gmail.com> wrote: >>> On Tue, Sep 26, 2023 at 11:50:30PM -0500, ruowenq2@illinois.edu wrote: >>>> From: Ruowen Qin <ruowenq2@illinois.edu> >>>> >>>> The sanitizer flag, which is supported by both clang and gcc, would make >>>> it easier to debug array index out-of-bounds problems in these programs. >>>> >>>> Make the Makfile smarter to detect ubsan support from the compiler and >>>> add the '-fsanitize=bounds' accordingly. >>>> >>>> Suggested-by: Mimi Zohar <zohar@linux.ibm.com> >>>> Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com> >>>> Signed-off-by: Jinghao Jia <jinghao7@illinois.edu> >>>> Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu> >>>> --- >>>> samples/bpf/Makefile | 3 +++ >>>> 1 file changed, 3 insertions(+) >>>> >>>> diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile >>>> index 6c707ebcebb9..90af76fa9dd8 100644 >>>> --- a/samples/bpf/Makefile >>>> +++ b/samples/bpf/Makefile >>>> @@ -169,6 +169,9 @@ endif >>>> TPROGS_CFLAGS += -Wall -O2 >>>> TPROGS_CFLAGS += -Wmissing-prototypes >>>> TPROGS_CFLAGS += -Wstrict-prototypes >>>> +TPROGS_CFLAGS += $(call try-run,\ >>>> + printf "int main() { return 0; }" |\ >>>> + $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,) >>> >>> I haven't checked deeply, but could we use just cc-option? looks simpler >>> >>> TPROGS_CFLAGS += $(call cc-option, -fsanitize=bounds) >>> >>> jirka >> >> Hi, thanks for your quick reply! When checking for flags, cc-option does not execute the linker, but on Fedora, an error appears and stating that "/usr/lib64/libubsan.so.1.0.0" cannot be found during linking. So I try this seemingly cumbersome way. > > I see, there's also ld-option, would that work? > > jirka > IMHO I don't think ld-option would solve the problem. It directly sends the flag to the linker but -fsanitize=bounds is a compiler flag, not a linker flag. Basically, what's special about this case is that the feature we want to probe is behind a gcc/clang flag but we do not know whether it is supported until link time (e.g. the sanitizer library is missing on Fedora so we get a link error). --Jinghao >> >> Ruowen >> >>>> > TPROGS_CFLAGS += -I$(objtree)/usr/include >>>> TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/ >>>> -- > 2.42.0 >>>> >>>> >>> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs 2023-09-28 9:19 ` Jinghao Jia @ 2023-09-28 14:03 ` Jiri Olsa 0 siblings, 0 replies; 8+ messages in thread From: Jiri Olsa @ 2023-09-28 14:03 UTC (permalink / raw) To: Jinghao Jia Cc: Jiri Olsa, ruowenq2, bpf, ast, daniel, andrii, keescook, Mimi Zohar, Jinghao Jia On Thu, Sep 28, 2023 at 04:19:02AM -0500, Jinghao Jia wrote: > > > On 9/28/23 3:15 AM, Jiri Olsa wrote: > > On Wed, Sep 27, 2023 at 06:19:10PM -0500, ruowenq2@illinois.edu wrote: > >> > >> > >> On 9/27/23 6:03 AM, Jiri Olsa <olsajiri@gmail.com> wrote: > >>> On Tue, Sep 26, 2023 at 11:50:30PM -0500, ruowenq2@illinois.edu wrote: > >>>> From: Ruowen Qin <ruowenq2@illinois.edu> > >>>> > >>>> The sanitizer flag, which is supported by both clang and gcc, would make > >>>> it easier to debug array index out-of-bounds problems in these programs. > >>>> > >>>> Make the Makfile smarter to detect ubsan support from the compiler and > >>>> add the '-fsanitize=bounds' accordingly. > >>>> > >>>> Suggested-by: Mimi Zohar <zohar@linux.ibm.com> > >>>> Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com> > >>>> Signed-off-by: Jinghao Jia <jinghao7@illinois.edu> > >>>> Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu> > >>>> --- > >>>> samples/bpf/Makefile | 3 +++ > >>>> 1 file changed, 3 insertions(+) > >>>> > >>>> diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile > >>>> index 6c707ebcebb9..90af76fa9dd8 100644 > >>>> --- a/samples/bpf/Makefile > >>>> +++ b/samples/bpf/Makefile > >>>> @@ -169,6 +169,9 @@ endif > >>>> TPROGS_CFLAGS += -Wall -O2 > >>>> TPROGS_CFLAGS += -Wmissing-prototypes > >>>> TPROGS_CFLAGS += -Wstrict-prototypes > >>>> +TPROGS_CFLAGS += $(call try-run,\ > >>>> + printf "int main() { return 0; }" |\ > >>>> + $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,) > >>> > >>> I haven't checked deeply, but could we use just cc-option? looks simpler > >>> > >>> TPROGS_CFLAGS += $(call cc-option, -fsanitize=bounds) > >>> > >>> jirka > >> > >> Hi, thanks for your quick reply! When checking for flags, cc-option does not execute the linker, but on Fedora, an error appears and stating that "/usr/lib64/libubsan.so.1.0.0" cannot be found during linking. So I try this seemingly cumbersome way. > > > > I see, there's also ld-option, would that work? > > > > jirka > > > > IMHO I don't think ld-option would solve the problem. It directly sends the > flag to the linker but -fsanitize=bounds is a compiler flag, not a linker > flag. > > Basically, what's special about this case is that the feature we want to > probe is behind a gcc/clang flag but we do not know whether it is supported > until link time (e.g. the sanitizer library is missing on Fedora so we get > a link error). ok, I tested on fedora, looks good Acked-by: Jiri Olsa <jolsa@kernel.org> Tested-by: Jiri Olsa <jolsa@kernel.org> thanks, jirka > > --Jinghao > > >> > >> Ruowen > >> > >>>> > TPROGS_CFLAGS += -I$(objtree)/usr/include > >>>> TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/ > >>>> -- > 2.42.0 > >>>> > >>>> > >>> ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug 2023-09-27 4:50 [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug ruowenq2 2023-09-27 4:50 ` [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs ruowenq2 @ 2023-09-28 16:40 ` patchwork-bot+netdevbpf 1 sibling, 0 replies; 8+ messages in thread From: patchwork-bot+netdevbpf @ 2023-09-28 16:40 UTC (permalink / raw) To: None; +Cc: bpf, ast, daniel, andrii, jinghao7, keescook Hello: This patch was applied to bpf/bpf-next.git (master) by Andrii Nakryiko <andrii@kernel.org>: On Tue, 26 Sep 2023 23:50:29 -0500 you wrote: > From: Ruowen Qin <ruowenq2@illinois.edu> > > Thanks to Alexei, patch 2/3 and 3/3 from v2 have been upstreamed. v3 > primarily addresses scenarios where the compiler lacks ubsan support. > > There are currently 6 BPF programs in syscall_tp_kern but the array to > hold the corresponding bpf_links in syscall_tp_user only has space for 4 > programs, given the array size is hardcoded. This causes the sample > program to fail due to an out-of-bound access that corrupts other stack > variables: > > [...] Here is the summary with links: - [bpf-next,v3,1/1] samples/bpf: Add -fsanitize=bounds to userspace programs https://git.kernel.org/bpf/bpf-next/c/9e09b75079e2 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-09-28 16:40 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-09-27 4:50 [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug ruowenq2 2023-09-27 4:50 ` [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs ruowenq2 2023-09-27 11:03 ` Jiri Olsa 2023-09-27 23:19 ` ruowenq2 2023-09-28 8:15 ` Jiri Olsa 2023-09-28 9:19 ` Jinghao Jia 2023-09-28 14:03 ` Jiri Olsa 2023-09-28 16:40 ` [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox