From: "Toke Høiland-Jørgensen" <toke@redhat•com>
To: Andrii Nakryiko <andrii.nakryiko@gmail•com>
Cc: Alexei Starovoitov <ast@kernel•org>,
Daniel Borkmann <daniel@iogearbox•net>,
Martin KaFai Lau <kafai@fb•com>, Song Liu <songliubraving@fb•com>,
Yonghong Song <yhs@fb•com>, Andrii Nakryiko <andriin@fb•com>,
John Fastabend <john.fastabend@gmail•com>,
Jiri Olsa <jolsa@redhat•com>,
Eelco Chaudron <echaudro@redhat•com>,
KP Singh <kpsingh@chromium•org>,
Networking <netdev@vger•kernel.org>, bpf <bpf@vger•kernel.org>
Subject: Re: [PATCH bpf-next v7 01/10] bpf: disallow attaching modify_return tracing functions to other BPF programs
Date: Tue, 22 Sep 2020 11:52:16 +0200 [thread overview]
Message-ID: <87r1qup29b.fsf@toke.dk> (raw)
In-Reply-To: <CAEf4Bzbb5gt7KgmfXM6FiC750GjxL23XO4GPnVHFgCGaMTuDCg@mail.gmail.com>
Andrii Nakryiko <andrii.nakryiko@gmail•com> writes:
> On Sat, Sep 19, 2020 at 4:50 AM Toke Høiland-Jørgensen <toke@redhat•com> wrote:
>>
>> From: Toke Høiland-Jørgensen <toke@redhat•com>
>>
>> From the checks and commit messages for modify_return, it seems it was
>> never the intention that it should be possible to attach a tracing program
>> with expected_attach_type == BPF_MODIFY_RETURN to another BPF program.
>> However, check_attach_modify_return() will only look at the function name,
>> so if the target function starts with "security_", the attach will be
>> allowed even for bpf2bpf attachment.
>>
>> Fix this oversight by also blocking the modification if a target program is
>> supplied.
>>
>> Fixes: 18644cec714a ("bpf: Fix use-after-free in fmod_ret check")
>> Fixes: 6ba43b761c41 ("bpf: Attachment verification for BPF_MODIFY_RETURN")
>> Signed-off-by: Toke Høiland-Jørgensen <toke@redhat•com>
>> ---
>> kernel/bpf/verifier.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
>> index 4161b6c406bc..cb1b0f9fd770 100644
>> --- a/kernel/bpf/verifier.c
>> +++ b/kernel/bpf/verifier.c
>> @@ -11442,7 +11442,7 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
>> prog->aux->attach_func_name);
>> } else if (prog->expected_attach_type == BPF_MODIFY_RETURN) {
>> ret = check_attach_modify_return(prog, addr);
>> - if (ret)
>> + if (ret || tgt_prog)
>
> can you please do it as a separate check with a more appropriate and
> meaningful message?
Heh, okay, maybe I was being a bit too lazy here ;)
-Toke
next prev parent reply other threads:[~2020-09-22 9:52 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-19 11:49 [PATCH bpf-next v7 00/10] bpf: Support multi-attach for freplace programs Toke Høiland-Jørgensen
2020-09-19 11:49 ` [PATCH bpf-next v7 01/10] bpf: disallow attaching modify_return tracing functions to other BPF programs Toke Høiland-Jørgensen
2020-09-21 22:39 ` Andrii Nakryiko
2020-09-22 9:52 ` Toke Høiland-Jørgensen [this message]
2020-09-19 11:49 ` [PATCH bpf-next v7 02/10] bpf: change logging calls from verbose() to bpf_log() and use log pointer Toke Høiland-Jørgensen
2020-09-19 11:49 ` [PATCH bpf-next v7 03/10] bpf: verifier: refactor check_attach_btf_id() Toke Høiland-Jørgensen
2020-09-21 23:05 ` Andrii Nakryiko
2020-09-22 10:14 ` Toke Høiland-Jørgensen
2020-09-22 11:16 ` Toke Høiland-Jørgensen
2020-09-22 16:28 ` Andrii Nakryiko
2020-09-22 17:41 ` Toke Høiland-Jørgensen
2020-09-19 11:49 ` [PATCH bpf-next v7 04/10] bpf: move prog->aux->linked_prog and trampoline into bpf_link on attach Toke Høiland-Jørgensen
2020-09-21 23:05 ` Andrii Nakryiko
2020-09-22 10:17 ` Toke Høiland-Jørgensen
2020-09-22 16:45 ` Andrii Nakryiko
2020-09-22 17:48 ` Toke Høiland-Jørgensen
2020-09-19 11:49 ` [PATCH bpf-next v7 05/10] bpf: support attaching freplace programs to multiple attach points Toke Høiland-Jørgensen
2020-09-21 23:08 ` Andrii Nakryiko
2020-09-19 11:49 ` [PATCH bpf-next v7 06/10] bpf: Fix context type resolving for extension programs Toke Høiland-Jørgensen
2020-09-21 23:09 ` Andrii Nakryiko
2020-09-19 11:49 ` [PATCH bpf-next v7 07/10] libbpf: add support for freplace attachment in bpf_link_create Toke Høiland-Jørgensen
2020-09-21 23:18 ` Andrii Nakryiko
2020-09-19 11:49 ` [PATCH bpf-next v7 08/10] selftests: add test for multiple attachments of freplace program Toke Høiland-Jørgensen
2020-09-21 23:21 ` Andrii Nakryiko
2020-09-19 11:49 ` [PATCH bpf-next v7 09/10] selftests/bpf: Adding test for arg dereference in extension trace Toke Høiland-Jørgensen
2020-09-19 11:49 ` [PATCH bpf-next v7 10/10] selftests: Add selftest for disallowing modify_return attachment to freplace Toke Høiland-Jørgensen
2020-09-21 23:25 ` Andrii Nakryiko
2020-09-21 23:26 ` [PATCH bpf-next v7 00/10] bpf: Support multi-attach for freplace programs Andrii Nakryiko
2020-09-22 9:48 ` Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r1qup29b.fsf@toke.dk \
--to=toke@redhat$(echo .)com \
--cc=andrii.nakryiko@gmail$(echo .)com \
--cc=andriin@fb$(echo .)com \
--cc=ast@kernel$(echo .)org \
--cc=bpf@vger$(echo .)kernel.org \
--cc=daniel@iogearbox$(echo .)net \
--cc=echaudro@redhat$(echo .)com \
--cc=john.fastabend@gmail$(echo .)com \
--cc=jolsa@redhat$(echo .)com \
--cc=kafai@fb$(echo .)com \
--cc=kpsingh@chromium$(echo .)org \
--cc=netdev@vger$(echo .)kernel.org \
--cc=songliubraving@fb$(echo .)com \
--cc=yhs@fb$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox