From patchwork Thu Jul 13 02:56:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13311222 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A061B7C for ; Thu, 13 Jul 2023 02:56:53 +0000 (UTC) Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56547B4 for ; Wed, 12 Jul 2023 19:56:52 -0700 (PDT) Received: by mail-qt1-x832.google.com with SMTP id d75a77b69052e-403a85eb723so2630081cf.1 for ; Wed, 12 Jul 2023 19:56:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689217011; x=1691809011; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kdrhte9TgcchUS46wyHJ1J2Ig8Us27x5H/Mr6RX25kk=; b=YZXTKrvRJ4o3fv6ShC/H2wAjoKbm8DqxzCc7RHyUpHNKsDSzX+wH3WzRq0CKh8BIvt J3rym1pl6+OZsgI94cU3rlb8K6Q32oWChtqmWMcpvtQowgjPfo0iPm8vucCNruQOw6XL za9UR55lq+Gt28mHxsy08W9kT8T4nR9J0onqKxq5sXlnp8WT9BFrLHZ9+FWdohd0H8yv zfF1wnk1Ovg7Rf6o0oJl+I0DQYe6oOjANKA7iKjS/+1AosEypGNIfrMo8MOYyNaf10ui oCBoEyV/9oRnbVMpeZuRfs/IbFuWpLqLNhskQgiZCjcjoaT8UYKSskm0/wxtR3LLmHyI XM3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689217011; x=1691809011; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kdrhte9TgcchUS46wyHJ1J2Ig8Us27x5H/Mr6RX25kk=; b=fKhWavQA3eqy5RyyNMYZZ56lg0yOqvJXKuqwscENIIanoIYRANu63EBXM7i9kUsmL2 Rorh10vldfc2AtD7GA80OzyZubmCsMftGyPZbbmeYsqefj1hbbGWS/2xJ+OZhwM6MvHR ExK8cqPFv98iq8rAnj1i/wKbzu/nYKfXESGCe6BG+kPh4KHSoDjwBx8Bm3MUErNgQWox 4lUOpki+I5Xyn04BiO+1xwsn36geywREL9sdvVm9ARWivaI2tdpetUg9ALHKUmmzEgbY tnI/KM33dUTi00B9tGese6dij7jcdUoCESsVxjcYkBiL22cA1B5/DOK7oD9t+/plbPWz 7a6g== X-Gm-Message-State: ABy/qLaglCNEePr4hEXKlIyQwZGotaXDUABSM539Gw69beZt56TNurKL blJ1JH/rIp0HmFh6r2ADaEk= X-Google-Smtp-Source: APBJJlER370i1jYnooNBZoJUq7JlCBZvrs4NeYrjrCxB/iwIc6IzVsBzf9hAZNSJ/Q6rNllXpAEzrg== X-Received: by 2002:a05:622a:3cb:b0:403:996c:9fa7 with SMTP id k11-20020a05622a03cb00b00403996c9fa7mr519200qtx.60.1689217011340; Wed, 12 Jul 2023 19:56:51 -0700 (PDT) Received: from vultr.guest ([2001:19f0:ac02:a97:5400:4ff:fe81:66ad]) by smtp.gmail.com with ESMTPSA id lr3-20020a17090b4b8300b00260a5ecd273sm4416681pjb.1.2023.07.12.19.56.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 19:56:50 -0700 (PDT) From: Yafang Shao To: ast@kernel.org, daniel@iogearbox.net, john.fastabend@gmail.com, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org Cc: bpf@vger.kernel.org, Yafang Shao Subject: [PATCH v2 bpf-next 1/4] bpf: Fix an error around PTR_UNTRUSTED Date: Thu, 13 Jul 2023 02:56:39 +0000 Message-Id: <20230713025642.27477-2-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230713025642.27477-1-laoar.shao@gmail.com> References: <20230713025642.27477-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net Per discussion with Alexei, the PTR_UNTRUSTED flag should not been cleared when we start to walk a new struct, because the struct in question may be a struct nested in a union. We should also check and set this flag before we walk its each member, in case itself is a union. We will clear this flag if the field is BTF_TYPE_SAFE_RCU_OR_NULL. Fixes: 6fcd486b3a0a ("bpf: Refactor RCU enforcement in the verifier.") Signed-off-by: Yafang Shao --- kernel/bpf/btf.c | 20 +++++++++----------- kernel/bpf/verifier.c | 5 +++++ 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index 3dd47451f097..fae6fc24a845 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -6133,7 +6133,6 @@ static int btf_struct_walk(struct bpf_verifier_log *log, const struct btf *btf, const char *tname, *mname, *tag_value; u32 vlen, elem_id, mid; - *flag = 0; again: if (btf_type_is_modifier(t)) t = btf_type_skip_modifiers(btf, t->type, NULL); @@ -6144,6 +6143,14 @@ static int btf_struct_walk(struct bpf_verifier_log *log, const struct btf *btf, } vlen = btf_type_vlen(t); + if (BTF_INFO_KIND(t->info) == BTF_KIND_UNION && vlen != 1 && !(*flag & PTR_UNTRUSTED)) + /* + * walking unions yields untrusted pointers + * with exception of __bpf_md_ptr and other + * unions with a single member + */ + *flag |= PTR_UNTRUSTED; + if (off + size > t->size) { /* If the last element is a variable size array, we may * need to relax the rule. @@ -6304,15 +6311,6 @@ static int btf_struct_walk(struct bpf_verifier_log *log, const struct btf *btf, * of this field or inside of this struct */ if (btf_type_is_struct(mtype)) { - if (BTF_INFO_KIND(mtype->info) == BTF_KIND_UNION && - btf_type_vlen(mtype) != 1) - /* - * walking unions yields untrusted pointers - * with exception of __bpf_md_ptr and other - * unions with a single member - */ - *flag |= PTR_UNTRUSTED; - /* our field must be inside that union or struct */ t = mtype; @@ -6478,7 +6476,7 @@ bool btf_struct_ids_match(struct bpf_verifier_log *log, bool strict) { const struct btf_type *type; - enum bpf_type_flag flag; + enum bpf_type_flag flag = 0; int err; /* Are we already done? */ diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 81a93eeac7a0..584eb34dce8a 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -6067,6 +6067,11 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env, type_is_rcu_or_null(env, reg, field_name, btf_id)) { /* __rcu tagged pointers can be NULL */ flag |= MEM_RCU | PTR_MAYBE_NULL; + + /* We always trust them */ + if (type_is_rcu_or_null(env, reg, field_name, btf_id) && + flag & PTR_UNTRUSTED) + flag &= ~PTR_UNTRUSTED; } else if (flag & (MEM_PERCPU | MEM_USER)) { /* keep as-is */ } else { From patchwork Thu Jul 13 02:56:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13311223 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D749B7C for ; Thu, 13 Jul 2023 02:56:54 +0000 (UTC) Received: from mail-ot1-x335.google.com (mail-ot1-x335.google.com [IPv6:2607:f8b0:4864:20::335]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6ABB7172C for ; Wed, 12 Jul 2023 19:56:53 -0700 (PDT) Received: by mail-ot1-x335.google.com with SMTP id 46e09a7af769-6b74791c948so201042a34.3 for ; Wed, 12 Jul 2023 19:56:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689217012; x=1691809012; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=bxUPFBNzGA3RNGVhkEqCRbkqkt+roNxXy3BtCDDwq7Q=; b=fdKrC13fhDmV7gj1vYhuO1ySY4tOHTkqcDJNTwnRCnWKnLbqGhVnaTEhaH/utV24mU TPTrGsdWJAvpkDA40hKAhwNSv8ehMr8FcUe8UcEByVX5m/wQjkm5U1d9eHzk4yaaA/Ba aqNq4N0JzQ1z51AoiQQtu3erXq5C9pwZm5O746w/IVyIhhxk0IOY0m5S1F93tDBIPIcX TBg7zKzsX4XzhcJV25a7CHwjld+XcsofILFv10qyOA+zEHiS4E6UwH92CV8la5rB6/ID txcLv/cgL8eoHiLctYacN6I1Lckivo3lov67Z91kuKMX2bV1cjEpeeJrQ//X9IIwqaNj S0bQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689217012; x=1691809012; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bxUPFBNzGA3RNGVhkEqCRbkqkt+roNxXy3BtCDDwq7Q=; b=h2XyrJkt79WFPXMhNHUg13NsMcDfMYWXcAGhBXgBzWndjeG+F7iDDgdXRnRD8NKG9v b226KXeMfrQu9ONBTb4ZQGPt5qiHkmgMyor6RIpfwr0aU6Gyru60Atq1sj0/YtxMo+az dihXCI97SqbJuxdxWQMRXJp60hTGQPFrOfTCpGEQqftw4DxeUMtw+17wIPxrg8YVjXvx BWGR8LLtchSJ8fEMu36wh1L9qfjRmgb9P6/R90DesyzKOgNSQeq19lBW0V9B6N8W6z42 lqUU5WVU/gDuamJY51c5ZKJHRmm8qlUp2rKMlM45w/Y2ihYw0DN7SFLeH9IVgqWbxIQr 1+9g== X-Gm-Message-State: ABy/qLY7cXgCl9skK2rqHX8tD8YoErRzHlC07X/A5jq3pMpGqRYrmUoS e09TEVPh4ls9sx6XYHhE/1A= X-Google-Smtp-Source: APBJJlFLSFXK9q34M9UzCso4QIWUv8JkKN4vcTVyN5L7UpZq+VA5mP5u/boWrp9Gb96kRyzt7q9/Ew== X-Received: by 2002:a05:6870:d783:b0:1b7:2d92:58d6 with SMTP id bd3-20020a056870d78300b001b72d9258d6mr682755oab.32.1689217012687; Wed, 12 Jul 2023 19:56:52 -0700 (PDT) Received: from vultr.guest ([2001:19f0:ac02:a97:5400:4ff:fe81:66ad]) by smtp.gmail.com with ESMTPSA id lr3-20020a17090b4b8300b00260a5ecd273sm4416681pjb.1.2023.07.12.19.56.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 19:56:52 -0700 (PDT) From: Yafang Shao To: ast@kernel.org, daniel@iogearbox.net, john.fastabend@gmail.com, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org Cc: bpf@vger.kernel.org, Yafang Shao Subject: [PATCH v2 bpf-next 2/4] selftests/bpf: Add selftests for nested_trust Date: Thu, 13 Jul 2023 02:56:40 +0000 Message-Id: <20230713025642.27477-3-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230713025642.27477-1-laoar.shao@gmail.com> References: <20230713025642.27477-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net Add selftests for nested_strust to check whehter PTR_UNTRUSTED is cleared as expected, the result as follows: #141/1 nested_trust/test_read_cpumask:OK #141/2 nested_trust/test_skb_field:OK <<<< #141/3 nested_trust/test_invalid_nested_user_cpus:OK #141/4 nested_trust/test_invalid_nested_offset:OK #141/5 nested_trust/test_invalid_skb_field:OK <<<< #141 nested_trust:OK The #141/2 and #141/5 are newly added. Signed-off-by: Yafang Shao --- .../selftests/bpf/progs/nested_trust_failure.c | 16 ++++++++++++++++ .../selftests/bpf/progs/nested_trust_success.c | 15 +++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/tools/testing/selftests/bpf/progs/nested_trust_failure.c b/tools/testing/selftests/bpf/progs/nested_trust_failure.c index 0d1aa6bbace4..ea39497f11ed 100644 --- a/tools/testing/selftests/bpf/progs/nested_trust_failure.c +++ b/tools/testing/selftests/bpf/progs/nested_trust_failure.c @@ -10,6 +10,13 @@ char _license[] SEC("license") = "GPL"; +struct { + __uint(type, BPF_MAP_TYPE_SK_STORAGE); + __uint(map_flags, BPF_F_NO_PREALLOC); + __type(key, int); + __type(value, u64); +} sk_storage_map SEC(".maps"); + /* Prototype for all of the program trace events below: * * TRACE_EVENT(task_newtask, @@ -31,3 +38,12 @@ int BPF_PROG(test_invalid_nested_offset, struct task_struct *task, u64 clone_fla bpf_cpumask_first_zero(&task->cpus_mask); return 0; } + +/* Although R2 is of type sk_buff but sock_common is expected, we will hit untrusted ptr first. */ +SEC("tp_btf/tcp_probe") +__failure __msg("R2 type=untrusted_ptr_ expected=ptr_, trusted_ptr_, rcu_ptr_") +int BPF_PROG(test_invalid_skb_field, struct sock *sk, struct sk_buff *skb) +{ + bpf_sk_storage_get(&sk_storage_map, skb->next, 0, 0); + return 0; +} diff --git a/tools/testing/selftests/bpf/progs/nested_trust_success.c b/tools/testing/selftests/bpf/progs/nested_trust_success.c index 886ade4aa99d..833840bffd3b 100644 --- a/tools/testing/selftests/bpf/progs/nested_trust_success.c +++ b/tools/testing/selftests/bpf/progs/nested_trust_success.c @@ -10,6 +10,13 @@ char _license[] SEC("license") = "GPL"; +struct { + __uint(type, BPF_MAP_TYPE_SK_STORAGE); + __uint(map_flags, BPF_F_NO_PREALLOC); + __type(key, int); + __type(value, u64); +} sk_storage_map SEC(".maps"); + SEC("tp_btf/task_newtask") __success int BPF_PROG(test_read_cpumask, struct task_struct *task, u64 clone_flags) @@ -17,3 +24,11 @@ int BPF_PROG(test_read_cpumask, struct task_struct *task, u64 clone_flags) bpf_cpumask_test_cpu(0, task->cpus_ptr); return 0; } + +SEC("tp_btf/tcp_probe") +__success +int BPF_PROG(test_skb_field, struct sock *sk, struct sk_buff *skb) +{ + bpf_sk_storage_get(&sk_storage_map, skb->sk, 0, 0); + return 0; +} From patchwork Thu Jul 13 02:56:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13311224 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6BA97C for ; Thu, 13 Jul 2023 02:56:55 +0000 (UTC) Received: from mail-ot1-x334.google.com (mail-ot1-x334.google.com [IPv6:2607:f8b0:4864:20::334]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB459B4 for ; Wed, 12 Jul 2023 19:56:54 -0700 (PDT) Received: by mail-ot1-x334.google.com with SMTP id 46e09a7af769-6b9a2416b1cso202654a34.2 for ; Wed, 12 Jul 2023 19:56:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689217014; x=1691809014; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4xN4Dq8BIfwD04p6ucKevFBUMltnw+Io8HgTJftqWtQ=; b=YGbWycWqlbg/GEQCBUaJiG/ZK6W7VKOKJT80b94ePWVda3IbruYgkLrV9+u5D2d2Bx p5N6FwOd4t5jWMrbMuoyxnXWvaZ5WqSMGFFzlDpRw2EfRzCbDgirFVyeee3OCCBptHa8 OCdCm1+jBl9jjZkAh+Urwljk6qsbNd3TL0rRieK1H5hbj1IG0ijRmLBqK0ZVUKAVjTTw 8hoJiInXI1d5hM+UVfFGRc0iL+Nx1Iqjzi7lymlnbfQzilzmEVi4bxXgXf5DRkWNFtJM lEoV8CASD/q2Ddakif47knoHw3HWPP3eRZ6G6Og3iEURhLrna57YeDd0wfgXCmgrQaZJ llTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689217014; x=1691809014; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4xN4Dq8BIfwD04p6ucKevFBUMltnw+Io8HgTJftqWtQ=; b=IzTjJ59Z48HdjS5kHtDrnNmtihjlejZDQtlAldL0FiHFceBnx11Q2swA//1nb2MVS5 p4fC72Lyx95bfxCr6Rdrs1u2vTJI3Ri0HNEPyUtB7IBdneIboNA/YzX7PGxhNEI/ptz6 XkQiJZ/yOshrzZQYhPzXWpA+IoF3gimykbL01AYLtRiI5UqtCbZJL3VOOajhdkvI6g3A tomPdAMjZ8DVWnpObsBXJ2R+T1MOLIyNcMVnIdocG8jJSM78kUJy0cZ7JZRtEfOcsRLE uCkFskQpZbQKfAgQzdgzC82KLH2spwOvYomyoJb3TlzxmpGHyIGFCXJuSyBC4Fs7/1ef 0f1g== X-Gm-Message-State: ABy/qLbyxdcU9jahZf1OFcxLvALtrulZz7JWU2w2JRATtq8iqtPR9hk1 A9SEx0AjP0IK0dbNotytcVM= X-Google-Smtp-Source: APBJJlEaZsae7uGOPYs0WMMmi9qx0FzIFdWZ3pO6Sb2FZ25pRocW+WQcPKxzZnmlqlDYSxbxzTy58Q== X-Received: by 2002:a05:6870:5ba5:b0:1a3:1cb3:37e9 with SMTP id em37-20020a0568705ba500b001a31cb337e9mr832532oab.4.1689217014107; Wed, 12 Jul 2023 19:56:54 -0700 (PDT) Received: from vultr.guest ([2001:19f0:ac02:a97:5400:4ff:fe81:66ad]) by smtp.gmail.com with ESMTPSA id lr3-20020a17090b4b8300b00260a5ecd273sm4416681pjb.1.2023.07.12.19.56.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 19:56:53 -0700 (PDT) From: Yafang Shao To: ast@kernel.org, daniel@iogearbox.net, john.fastabend@gmail.com, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org Cc: bpf@vger.kernel.org, Yafang Shao Subject: [PATCH v2 bpf-next 3/4] bpf: Fix an error in verifying a field in a union Date: Thu, 13 Jul 2023 02:56:41 +0000 Message-Id: <20230713025642.27477-4-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230713025642.27477-1-laoar.shao@gmail.com> References: <20230713025642.27477-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net We are utilizing BPF LSM to monitor BPF operations within our container environment. When we add support for raw_tracepoint, it hits below error. ; (const void *)attr->raw_tracepoint.name); 27: (79) r3 = *(u64 *)(r2 +0) access beyond the end of member map_type (mend:4) in struct (anon) with off 0 size 8 It can be reproduced with below BPF prog. SEC("lsm/bpf") int BPF_PROG(bpf_audit, int cmd, union bpf_attr *attr, unsigned int size) { switch (cmd) { case BPF_RAW_TRACEPOINT_OPEN: bpf_printk("raw_tracepoint is %s", attr->raw_tracepoint.name); break; default: break; } return 0; } The reason is that when accessing a field in a union, such as bpf_attr, if the field is located within a nested struct that is not the first member of the union, it can result in incorrect field verification. union bpf_attr { struct { __u32 map_type; <<<< Actually it will find that field. __u32 key_size; __u32 value_size; ... }; ... struct { __u64 name; <<<< We want to verify this field. __u32 prog_fd; } raw_tracepoint; }; Considering the potential deep nesting levels, finding a perfect solution to address this issue has proven challenging. Therefore, I propose a solution where we simply skip the verification process if the field in question is located within a union. Fixes: 7e3617a72df3 ("bpf: Add array support to btf_struct_access") Signed-off-by: Yafang Shao --- kernel/bpf/btf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index fae6fc24a845..a542760c807a 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -6368,7 +6368,7 @@ static int btf_struct_walk(struct bpf_verifier_log *log, const struct btf *btf, * that also allows using an array of int as a scratch * space. e.g. skb->cb[]. */ - if (off + size > mtrue_end) { + if (off + size > mtrue_end && !(*flag & PTR_UNTRUSTED)) { bpf_log(log, "access beyond the end of member %s (mend:%u) in struct %s with off %u size %u\n", mname, mtrue_end, tname, off, size); From patchwork Thu Jul 13 02:56:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13311225 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7DA767C for ; Thu, 13 Jul 2023 02:56:57 +0000 (UTC) Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 61B19B4 for ; Wed, 12 Jul 2023 19:56:56 -0700 (PDT) Received: by mail-pg1-x52d.google.com with SMTP id 41be03b00d2f7-5440e98616cso1008367a12.0 for ; Wed, 12 Jul 2023 19:56:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689217016; x=1691809016; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LRG+txNOklikmj/6gt3nAaksj7+xieHkr1+Yn0dyVw4=; b=kQ8nqoF3g04EBfdnZa8xa1L5P0PYx/Ih2ISj2VkXCEuR6ca7kxrnKCKuxsS1yurB+R Gt2zHapcWj/9UMAgXNTDAtLFzmegEHbH4b6AtluIgV8CvZIdYexAL2WLOeVeRAdFi1xW /hv7CBPmYmwobtsKpsydduvcPil5hw/4ng6Zndlbet41hzzFWzDtVd4nSPQlaxvKnMef mCDDOqlko1V4vldlSX/ohJoTlUdqH4FF1JeNZ8mylJ+uAI2s29u6whkYfs9fM5s+YAxE V9adDSHc5DjEgPovKBCM2usrzeqRnePz9t96+T/rb9uIX19LRrIjQNXYsEat44k4K6iN yMlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689217016; x=1691809016; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LRG+txNOklikmj/6gt3nAaksj7+xieHkr1+Yn0dyVw4=; b=UqikRZpPgW1ixNU2I2Z3dE4E7DVoPg0dV/Vu9jNyjeyy0fbdmP6p+pKjaIZb29Ymmy JT1jl2py6R/3B4YFP9trufjsjxu0kLXI5xF+syNcM/daoDu6mQmM+q3gj+j4GZHnIwC0 akPJHvygCx2wEKTjFuFTS/4CziuoO0w38DmWow3idf2jQrll1//6eMFQk6RrFouPbMaz zyikWLT3VGziekAWHpRW1w8rXOCiPbZ/SQL02wYqfG3xplkZjzI+HTvPmMnhk0+B3l7v LGu3oq56JgQGVDrc8fB3m1vNKpo1oGIRlP8lltVIl9zYmXn/07Pvv4hiLrnkF6SvZ0Tt 2bbw== X-Gm-Message-State: ABy/qLa4VL6D149zkLJoLkjrYRk7Jsa8/YRuC5AYhqqHoscdVMZR2Fn1 g0SU3H+lo/oYyguJItEk60w= X-Google-Smtp-Source: APBJJlG4FBnnJCuQMF7URqWQgdNiqVdEKmP+m3kjgNT9PbuyMaJ+d/YAIxiTNlXzbx6qtjKFEOexjA== X-Received: by 2002:a17:90b:3a86:b0:256:675f:1d49 with SMTP id om6-20020a17090b3a8600b00256675f1d49mr938057pjb.0.1689217015675; Wed, 12 Jul 2023 19:56:55 -0700 (PDT) Received: from vultr.guest ([2001:19f0:ac02:a97:5400:4ff:fe81:66ad]) by smtp.gmail.com with ESMTPSA id lr3-20020a17090b4b8300b00260a5ecd273sm4416681pjb.1.2023.07.12.19.56.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 19:56:55 -0700 (PDT) From: Yafang Shao To: ast@kernel.org, daniel@iogearbox.net, john.fastabend@gmail.com, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org Cc: bpf@vger.kernel.org, Yafang Shao Subject: [PATCH v2 bpf-next 4/4] selftests/bpf: Add selftest for PTR_UNTRUSTED Date: Thu, 13 Jul 2023 02:56:42 +0000 Message-Id: <20230713025642.27477-5-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20230713025642.27477-1-laoar.shao@gmail.com> References: <20230713025642.27477-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net Add a new selftest to check the PTR_UNTRUSTED condition. Below is the result, #160 ptr_untrusted:OK Signed-off-by: Yafang Shao --- .../selftests/bpf/prog_tests/ptr_untrusted.c | 36 +++++++++++++++++++ .../selftests/bpf/progs/test_ptr_untrusted.c | 29 +++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/ptr_untrusted.c create mode 100644 tools/testing/selftests/bpf/progs/test_ptr_untrusted.c diff --git a/tools/testing/selftests/bpf/prog_tests/ptr_untrusted.c b/tools/testing/selftests/bpf/prog_tests/ptr_untrusted.c new file mode 100644 index 000000000000..8d077d150c56 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/ptr_untrusted.c @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include +#include +#include +#include "test_ptr_untrusted.skel.h" + +#define TP_NAME "sched_switch" + +void serial_test_ptr_untrusted(void) +{ + struct test_ptr_untrusted *skel; + int err; + + skel = test_ptr_untrusted__open_and_load(); + if (!ASSERT_OK_PTR(skel, "skel_open")) + goto cleanup; + + /* First, attach lsm prog */ + skel->links.lsm_run = bpf_program__attach_lsm(skel->progs.lsm_run); + if (!ASSERT_OK_PTR(skel->links.lsm_run, "lsm_attach")) + goto cleanup; + + /* Second, attach raw_tp prog. The lsm prog will be triggered. */ + skel->links.raw_tp_run = bpf_program__attach_raw_tracepoint(skel->progs.raw_tp_run, + TP_NAME); + if (!ASSERT_OK_PTR(skel->links.raw_tp_run, "raw_tp_attach")) + goto cleanup; + + err = strncmp(skel->bss->tp_name, TP_NAME, strlen(TP_NAME)); + ASSERT_EQ(err, 0, "cmp_tp_name"); + +cleanup: + test_ptr_untrusted__destroy(skel); +} diff --git a/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c new file mode 100644 index 000000000000..4bdd65b5aa2d --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_ptr_untrusted.c @@ -0,0 +1,29 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include "vmlinux.h" +#include + +char tp_name[128]; + +SEC("lsm/bpf") +int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size) +{ + switch (cmd) { + case BPF_RAW_TRACEPOINT_OPEN: + bpf_probe_read_user_str(tp_name, sizeof(tp_name) - 1, + (void *)attr->raw_tracepoint.name); + break; + default: + break; + } + return 0; +} + +SEC("raw_tracepoint") +int BPF_PROG(raw_tp_run) +{ + return 0; +} + +char _license[] SEC("license") = "GPL";