From: Richard Palethorpe <rpalethorpe@suse.de>
To: Joerg Vehlow <lkml@jv-coder.de>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v2 4/4] bpf_prog05: Drop CAP_BPF and check if ptr arithmetic is allowed
Date: Tue, 11 Jan 2022 14:36:29 +0000 [thread overview]
Message-ID: <875yqq1fo7.fsf@suse.de> (raw)
In-Reply-To: <7cf81226-52ca-5016-5041-ce12b93b534f@jv-coder.de>
Hello Joerg,
Joerg Vehlow <lkml@jv-coder.de> writes:
> Hi Richard,
>
> Am 8/31/2021 um 11:10 AM schrieb Richard Palethorpe via ltp:
>> On older kernels pointer arithmetic requires CAP_BPF. They also lack
>> the ability to call BPF subprogs. This makes it difficult to exploit
>> the div/mod behavior.
>> Older kernels leave div/mod by zero undefined. This causes the test
>> to
>> fail and backporting the new behavior is difficult. So when we find
>> that pointer arithmetic is not possible without CAP_BPF we can return
>> TCONF. Because in this case, we know the test will fail, the risk is
>> limited and there is little that can be done about it.
>
> What does older kernel mean here?
I'm refering to multiple different kernel versions (perhaps
confusingly). On much older kernels we don't have any issues because
pointer arithmetic was not possible in sensitive contexts.
Then it was made possible, but div/mod by zero was undefined. Then that
was fixed, but IIRC there were other issues. Depending on what commits
you have, any number of outcomes are possible.
>
>> +
>> + if (ret != -1)
>> + tst_brk(TBROK, "Invalid bpf() return value: %d", ret);
>> +
>> + if (log[0] != 0)
>> + tst_brk(TCONF | TERRNO, "No pointer arithmetic:\n %s", log);
> This check now fails for me with the following output, where the test
> was successful, before this patch. The kernel is a non-standard suse
> 5.3.18 with realtime patches.
>
> bpf_prog05.c:100: TCONF: No pointer arithmetic:
> 0: (bf) r2 = r10
> 1: (b7) r3 = -1
> 2: (0f) r2 += r3
> 3: (72) *(u8 *)(r2 +0) = 0
> 4: (b7) r0 = 0
> 5: (95) exit
>
> from 2 to 3 (speculative execution): R1=ctx(id=0,off=0,imm=0) R2_w=fp0
> R3_w=invP-1 R10=fp0
> 3: (72) *(u8 *)(r2 +0) = 0
> invalid stack off=0 size=1
> processed 7 insns (limit 1000000) max_states_per_insn 0 total_states 0
> peak_states 0 mark_read 0
> : EACCES (13)
>
>
> Is this too old? But then again, the test was successful before this
> patch and your commit message states, that it was not successful on
> "older kernels".
Are you testing on ARM? eBPF adopted the ARM behavior when dividing by
zero.
--
Thank you,
Richard.
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2022-01-11 15:00 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-27 5:13 [LTP] [PATCH 1/3] bpf: Print full verification log Richard Palethorpe
2021-08-27 5:13 ` [LTP] [PATCH 2/3] bpf: Mention CAP_BPF in required privs and add fallback definition Richard Palethorpe
2021-08-27 5:13 ` [LTP] [PATCH 3/3] bpf_prog05: Drop CAP_BPF and check if ptr arithmetic is allowed Richard Palethorpe
2021-08-30 15:23 ` [LTP] [PATCH 1/3] bpf: Print full verification log Cyril Hrubis
2021-08-31 9:10 ` [LTP] [PATCH v2 1/4] API: Add tst_printf to avoid specifying the output FD in tests Richard Palethorpe
2021-08-31 9:10 ` [LTP] [PATCH v2 2/4] bpf: Print full verification log Richard Palethorpe
2021-08-31 9:51 ` Cyril Hrubis
2021-08-31 9:10 ` [LTP] [PATCH v2 3/4] bpf: Mention CAP_BPF in required privs and add fallback definition Richard Palethorpe
2021-08-31 9:10 ` [LTP] [PATCH v2 4/4] bpf_prog05: Drop CAP_BPF and check if ptr arithmetic is allowed Richard Palethorpe
2022-01-11 10:42 ` Joerg Vehlow
2022-01-11 14:36 ` Richard Palethorpe [this message]
2022-01-12 6:55 ` Joerg Vehlow
2022-01-13 7:48 ` Richard Palethorpe
2022-01-14 6:51 ` Joerg Vehlow
2022-01-17 15:11 ` Richard Palethorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875yqq1fo7.fsf@suse.de \
--to=rpalethorpe@suse.de \
--cc=lkml@jv-coder.de \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox