From patchwork Sun Sep 17 21:42:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jinghao Jia X-Patchwork-Id: 13388687 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 01235EAFB for ; Sun, 17 Sep 2023 21:43:05 +0000 (UTC) Received: from mx0b-00007101.pphosted.com (mx0b-00007101.pphosted.com [148.163.139.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A34BAA8 for ; Sun, 17 Sep 2023 14:43:04 -0700 (PDT) Received: from pps.filterd (m0166258.ppops.net [127.0.0.1]) by mx0b-00007101.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 38HAeZZA011217; Sun, 17 Sep 2023 21:42:43 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=illinois.edu; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=campusrelays; bh=qOmkD/3E0lYHuxf5m0DEPc2l2u/is83e69G9PscbsFo=; b=FFSdgRY/8NTdlnprCY535GIMavBJccEQtmxbo5E3E01D8Ed0so0cvWIt/T5F5OBkHb9s pUi/pwYI9wa4ZrhD62fepv4G1S7k60332JeMs2xe0wI4n8cDsIu26/dvW8++luwlw5Vk Lm6lKQKD4x1nL1LTzx6w0kgxWjWYgl7yHuRDG+m/Fa1gwblcctWKJtEG3vQJ7eKut484 RwjS7c7n3U9gFSeYe+B3j056gt6+YDNTuBKXKUMB9iHWe61eGiXzZ1mE/3HgkeyaeqPj CgGJja6A9xVddXJg6WC4+a1/tzx9HL0JTOG6EL3HZ5zD33L/DdhsxXcFRpTkhgQkIaDw Og== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-00007101.pphosted.com (PPS) with ESMTPS id 3t52qqrd2e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 17 Sep 2023 21:42:42 +0000 Received: from m0166258.ppops.net (m0166258.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 38HLgcsu002067; Sun, 17 Sep 2023 21:42:42 GMT Received: from localhost.localdomain (oasis.cs.illinois.edu [130.126.137.13]) by mx0b-00007101.pphosted.com (PPS) with ESMTP id 3t52qqrd22-2; Sun, 17 Sep 2023 21:42:42 +0000 From: Jinghao Jia To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, jinghao@linux.ibm.com, Mimi Zohar , Ruowen Qin , Jinghao Jia Subject: [PATCH bpf v2 1/3] samples/bpf: Add -fsanitize=bounds to userspace programs Date: Sun, 17 Sep 2023 16:42:18 -0500 Message-ID: <20230917214220.637721-2-jinghao7@illinois.edu> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20230917214220.637721-1-jinghao7@illinois.edu> References: <20230917214220.637721-1-jinghao7@illinois.edu> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: eObNq71F796rNYy9NGPdLwvmCfJVky_5 X-Proofpoint-GUID: Ywoic6CA8cpkYmSd3ohH8d_Td4FCZOqg X-Spam-Details: rule=cautious_plus_nq_notspam policy=cautious_plus_nq score=0 spamscore=0 bulkscore=0 adultscore=0 clxscore=1011 impostorscore=0 phishscore=0 mlxlogscore=835 malwarescore=0 lowpriorityscore=0 priorityscore=1501 mlxscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2308100000 definitions=main-2309170201 X-Spam-Score: 0 X-Spam-OrigSender: jinghao7@illinois.edu X-Spam-Bar: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net From: Jinghao Jia The sanitizer flag, which is supported by both clang and gcc, would make it easier to debug array index out-of-bounds problems in these programs. Suggested-by: Mimi Zohar Signed-off-by: Jinghao Jia Signed-off-by: Ruowen Qin Signed-off-by: Jinghao Jia --- samples/bpf/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile index 4ccf4236031c..21d2edffce3c 100644 --- a/samples/bpf/Makefile +++ b/samples/bpf/Makefile @@ -169,6 +169,7 @@ endif TPROGS_CFLAGS += -Wall -O2 TPROGS_CFLAGS += -Wmissing-prototypes TPROGS_CFLAGS += -Wstrict-prototypes +TPROGS_CFLAGS += -fsanitize=bounds TPROGS_CFLAGS += -I$(objtree)/usr/include TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/ From patchwork Sun Sep 17 21:42:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jinghao Jia X-Patchwork-Id: 13388688 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D7572EAFB for ; Sun, 17 Sep 2023 21:43:07 +0000 (UTC) Received: from mx0b-00007101.pphosted.com (mx0b-00007101.pphosted.com [148.163.139.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59CA310A for ; Sun, 17 Sep 2023 14:43:06 -0700 (PDT) Received: from pps.filterd (m0166258.ppops.net [127.0.0.1]) by mx0b-00007101.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 38H8TiKO014159; Sun, 17 Sep 2023 21:42:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=illinois.edu; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=campusrelays; bh=4lkbXD0WDHBs/FO5VuW2SGXsjRsm0uVWor8ySlCY7vg=; b=HkwwOK7vpqhc/KyBQSpW5/UNjuL4XmzijmVy1l2ZBd5/564Puxbo3nIK2a8RNdMxFKPd Kc5xqVqWP4kR4Kp5H/0UXz1ev0lW9iDWD3/NCFMOvLnfzlpJGgO+3S3B/loYsPs+L1UP S7MaFMijJpPYHxU8aJQZqDsDJsV78G2RjoaeliCQiyDU4L/JWKwU9X6Ld8BlICgkYwQY vwDwMyJUazYslsfHtTXCJ9EsF9beLFlZTqEoxGs2rVIxrgbsQoNJ3Unh8oN32ivDBZA2 0PW9Arzzij14orTV1J9kvwsnCzoHWFRQgzx4HYexDTKx8HXjDbeNnBx3i5FdSyv6+ESf oQ== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-00007101.pphosted.com (PPS) with ESMTPS id 3t52qqrd2m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 17 Sep 2023 21:42:45 +0000 Received: from m0166258.ppops.net (m0166258.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 38HLgcsw002067; Sun, 17 Sep 2023 21:42:45 GMT Received: from localhost.localdomain (oasis.cs.illinois.edu [130.126.137.13]) by mx0b-00007101.pphosted.com (PPS) with ESMTP id 3t52qqrd22-3; Sun, 17 Sep 2023 21:42:45 +0000 From: Jinghao Jia To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, jinghao@linux.ibm.com, Ruowen Qin , Jinghao Jia Subject: [PATCH bpf v2 2/3] samples/bpf: syscall_tp_user: Rename num_progs into nr_tests Date: Sun, 17 Sep 2023 16:42:19 -0500 Message-ID: <20230917214220.637721-3-jinghao7@illinois.edu> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20230917214220.637721-1-jinghao7@illinois.edu> References: <20230917214220.637721-1-jinghao7@illinois.edu> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: h95SPvi11eWCg5JmsyLp6tyutZClB78i X-Proofpoint-GUID: 7WA_zGNqeo_shlegpylNgXNWGMMKEj4U X-Spam-Details: rule=cautious_plus_nq_notspam policy=cautious_plus_nq score=0 spamscore=0 bulkscore=0 adultscore=0 clxscore=1015 impostorscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 lowpriorityscore=0 priorityscore=1501 mlxscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2308100000 definitions=main-2309170201 X-Spam-Score: 0 X-Spam-OrigSender: jinghao7@illinois.edu X-Spam-Bar: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net From: Jinghao Jia The variable name num_progs causes confusion because that variable really controls the number of rounds the test should be executed. Rename num_progs into nr_tests for the sake of clarity. Signed-off-by: Jinghao Jia Signed-off-by: Ruowen Qin Signed-off-by: Jinghao Jia --- samples/bpf/syscall_tp_user.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/samples/bpf/syscall_tp_user.c b/samples/bpf/syscall_tp_user.c index 7a788bb837fc..18c94c7e8a40 100644 --- a/samples/bpf/syscall_tp_user.c +++ b/samples/bpf/syscall_tp_user.c @@ -17,9 +17,9 @@ static void usage(const char *cmd) { - printf("USAGE: %s [-i num_progs] [-h]\n", cmd); - printf(" -i num_progs # number of progs of the test\n"); - printf(" -h # help\n"); + printf("USAGE: %s [-i nr_tests] [-h]\n", cmd); + printf(" -i nr_tests # rounds of test to run\n"); + printf(" -h # help\n"); } static void verify_map(int map_id) @@ -45,14 +45,14 @@ static void verify_map(int map_id) } } -static int test(char *filename, int num_progs) +static int test(char *filename, int nr_tests) { - int map0_fds[num_progs], map1_fds[num_progs], fd, i, j = 0; - struct bpf_link *links[num_progs * 4]; - struct bpf_object *objs[num_progs]; + int map0_fds[nr_tests], map1_fds[nr_tests], fd, i, j = 0; + struct bpf_link *links[nr_tests * 4]; + struct bpf_object *objs[nr_tests]; struct bpf_program *prog; - for (i = 0; i < num_progs; i++) { + for (i = 0; i < nr_tests; i++) { objs[i] = bpf_object__open_file(filename, NULL); if (libbpf_get_error(objs[i])) { fprintf(stderr, "opening BPF object file failed\n"); @@ -101,7 +101,7 @@ static int test(char *filename, int num_progs) close(fd); /* verify the map */ - for (i = 0; i < num_progs; i++) { + for (i = 0; i < nr_tests; i++) { verify_map(map0_fds[i]); verify_map(map1_fds[i]); } @@ -117,13 +117,13 @@ static int test(char *filename, int num_progs) int main(int argc, char **argv) { - int opt, num_progs = 1; + int opt, nr_tests = 1; char filename[256]; while ((opt = getopt(argc, argv, "i:h")) != -1) { switch (opt) { case 'i': - num_progs = atoi(optarg); + nr_tests = atoi(optarg); break; case 'h': default: @@ -134,5 +134,5 @@ int main(int argc, char **argv) snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); - return test(filename, num_progs); + return test(filename, nr_tests); } From patchwork Sun Sep 17 21:42:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jinghao Jia X-Patchwork-Id: 13388686 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F283EAFB for ; Sun, 17 Sep 2023 21:43:04 +0000 (UTC) Received: from mx0b-00007101.pphosted.com (mx0b-00007101.pphosted.com [148.163.139.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C135310A for ; Sun, 17 Sep 2023 14:43:02 -0700 (PDT) Received: from pps.filterd (m0166258.ppops.net [127.0.0.1]) by mx0b-00007101.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 38HESr36000814; Sun, 17 Sep 2023 21:42:47 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=illinois.edu; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=campusrelays; bh=PXCVGyP0Ztb8oS79oITcF91c83+UAIYW+yz9e3eTv00=; b=Jzl+ezZa4/lmB8pMn3aDN7whGpUAgIdMtoXKp4WCVgzFvDCjbfY8UVD9wWI1116PRuRa pU/ERgv3rlCN8s1um++a211hDHzy+TqsWpo74OOXOUx+Tqh+lxHWtROQ+aNnOhbFwPsH 97B0JEV76vzQdCcHzeLhECDrH5sEGig3/GUDsVgue42DtIJ/Q/l/3iQOUMU4WoaX2Yje JP8xRxtYGwcl/+4PsjtvsY3dhQqBai6Aq0sQI7l5NQBXg+bM3wix/Yfu5iCpMLCtKL+q V4sBjy1TapzEJZIPaURoZ30X7ROhTDzSnCCr7rO5ocAtoO8pja6SeMJJ1brPtgBT5qQB Ig== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-00007101.pphosted.com (PPS) with ESMTPS id 3t52qqrd2s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 17 Sep 2023 21:42:47 +0000 Received: from m0166258.ppops.net (m0166258.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 38HLgct0002067; Sun, 17 Sep 2023 21:42:47 GMT Received: from localhost.localdomain (oasis.cs.illinois.edu [130.126.137.13]) by mx0b-00007101.pphosted.com (PPS) with ESMTP id 3t52qqrd22-4; Sun, 17 Sep 2023 21:42:47 +0000 From: Jinghao Jia To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, jinghao@linux.ibm.com, Ruowen Qin , Jinghao Jia Subject: [PATCH bpf v2 3/3] samples/bpf: syscall_tp_user: Fix array out-of-bound access Date: Sun, 17 Sep 2023 16:42:20 -0500 Message-ID: <20230917214220.637721-4-jinghao7@illinois.edu> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20230917214220.637721-1-jinghao7@illinois.edu> References: <20230917214220.637721-1-jinghao7@illinois.edu> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: gVKuNAXqD_0umpPgPqQo0VOgaIJndmF2 X-Proofpoint-GUID: ACdqV-wfCkZuxylyxzDN8VyU53BBLYLQ X-Spam-Details: rule=cautious_plus_nq_notspam policy=cautious_plus_nq score=0 spamscore=0 bulkscore=0 adultscore=0 clxscore=1015 impostorscore=0 phishscore=0 mlxlogscore=672 malwarescore=0 lowpriorityscore=0 priorityscore=1501 mlxscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2308100000 definitions=main-2309170201 X-Spam-Score: 0 X-Spam-OrigSender: jinghao7@illinois.edu X-Spam-Bar: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net From: Jinghao Jia Commit 06744f24696e ("samples/bpf: Add openat2() enter/exit tracepoint to syscall_tp sample") added two more eBPF programs to support the openat2() syscall. However, it did not increase the size of the array that holds the corresponding bpf_links. This leads to an out-of-bound access on that array in the bpf_object__for_each_program loop and could corrupt other variables on the stack. On our testing QEMU, it corrupts the map1_fds array and causes the sample to fail: # ./syscall_tp prog #0: map ids 4 5 verify map:4 val: 5 map_lookup failed: Bad file descriptor Dynamically allocate the array based on the number of programs reported by libbpf to prevent similar inconsistencies in the future Fixes: 06744f24696e ("samples/bpf: Add openat2() enter/exit tracepoint to syscall_tp sample") Signed-off-by: Jinghao Jia Signed-off-by: Ruowen Qin Signed-off-by: Jinghao Jia --- samples/bpf/syscall_tp_user.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/samples/bpf/syscall_tp_user.c b/samples/bpf/syscall_tp_user.c index 18c94c7e8a40..7a09ac74fac0 100644 --- a/samples/bpf/syscall_tp_user.c +++ b/samples/bpf/syscall_tp_user.c @@ -48,7 +48,7 @@ static void verify_map(int map_id) static int test(char *filename, int nr_tests) { int map0_fds[nr_tests], map1_fds[nr_tests], fd, i, j = 0; - struct bpf_link *links[nr_tests * 4]; + struct bpf_link **links = NULL; struct bpf_object *objs[nr_tests]; struct bpf_program *prog; @@ -60,6 +60,19 @@ static int test(char *filename, int nr_tests) goto cleanup; } + /* One-time initialization */ + if (!links) { + int nr_progs = 0; + + bpf_object__for_each_program(prog, objs[i]) + nr_progs += 1; + + links = calloc(nr_progs * nr_tests, sizeof(struct bpf_link *)); + + if (!links) + goto cleanup; + } + /* load BPF program */ if (bpf_object__load(objs[i])) { fprintf(stderr, "loading BPF object file failed\n"); @@ -107,8 +120,12 @@ static int test(char *filename, int nr_tests) } cleanup: - for (j--; j >= 0; j--) - bpf_link__destroy(links[j]); + if (links) { + for (j--; j >= 0; j--) + bpf_link__destroy(links[j]); + + free(links); + } for (i--; i >= 0; i--) bpf_object__close(objs[i]);