From patchwork Mon May 27 11:20:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 13675058 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1891013C674 for ; Mon, 27 May 2024 11:20:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716808830; cv=none; b=iMngqG0sOFJDCtmHsgYGElhJzWgtPvQYYEcIuxdb7Jwx+23opWswPDeUY5uncNkn06JZK4NYnLf/9mOIvXOFPxyi60pFaJV1flQICmUzysOx462k5Iw7oQZj00Qt8QQg9r+oQ11AkGERILlBZP+2berqUgqtphsrNh0VGmlftUc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716808830; c=relaxed/simple; bh=ZAz8Xzht5hDNbrRRXCMcK6jRlHDCF3bhCks5yV5Ywd0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=YH6p5y7a4SjuQeG9SmY7MDp3Rl+zZHG1hEexutWSgwtobNOAvrejdQ4E3zuy4/ioHBuFYgaf8A3t6Gs32Q+CDvL6XgsCvKH8mI3oIvRPRPaDQqu0KuZNdHqQelLsDd82hr88pcBkb6khSXdnDZvdA3I19hNQblKznMr2jutzWoc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com; spf=pass smtp.mailfrom=cloudflare.com; dkim=pass (2048-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b=cbEkQzJ3; arc=none smtp.client-ip=209.85.218.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cloudflare.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="cbEkQzJ3" Received: by mail-ej1-f53.google.com with SMTP id a640c23a62f3a-a62ef52e837so104050466b.3 for ; Mon, 27 May 2024 04:20:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1716808827; x=1717413627; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=haqA4BDbUh78nKLz6G3Lqps7yfTL5kwdneKxDg06pHI=; b=cbEkQzJ3r7kVCHxO8xTe/WY6xoaszrwHM34tFfgfN57daTsvjZLlFTFSUc8wMSLWKc JudwokOiPmTJWjEVZhjDSh3GS6sSYidJKT6Q49zKGoHckBnP83Lwg/PDaz6i+kWpZCK8 t1zV08CCAh6MwzP1+kK7VRyZHCfVJRgrGc/UXKBvygCPOQpFJJIHu/JUEN18+04Boy6Y O2XCrwJUZTCwbeyXWRees/+RShiyHRhFCE+uDAb89QbPzIjGlez5HhWJOvxKy71PAfAZ prO1e0YJBD1M5vBIiDpE0IGUsip8NcaW+wanWIKTdgBLj0vsU41pM8Wgn0Hu31qBg7VX gTmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716808827; x=1717413627; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=haqA4BDbUh78nKLz6G3Lqps7yfTL5kwdneKxDg06pHI=; b=wC7dbvGHWJYkverzPNwbSVqruE6NIeYZ9RKKpc4BWSGFFqNBFZdi8ajHmmFK0V7XvB ukHdP8JvkJtIlUGJdtT3WLt92KUMNODv7KAjQrfMGveLJ1xnfdB4KzPHiw0kluZD9JT3 X9ptc+U1H9tTxoKYB9H/Lvw9XFLzc96mFu4i6LFBHgnacYz+nDezKzbVo1Rz7aYk+RY7 nA5uzVRKJweB/6MY5h7izmKtzPHBVHGMHXf22ludkzkOMqw3G5rkib4qzYhv1Ea7bfRg DRlBV1uYvCy9RC2TgBo3nlNwIN8qR88Kr6x6wJPFY9rd6h3IgV2ch38FoH+9bj2aXsHV q3fA== X-Gm-Message-State: AOJu0YyTTPlPVOTe/LoNFrNqerpQd7pKm0f1bBHDsgSRfdxOAt4BH2/H B/yYv7EWS2/8yXUA7rWdPzjWNslmZdHI3C4C+NpI8m8UCelK7kMPvBXsWG3sVp8= X-Google-Smtp-Source: AGHT+IGzw2VXE2q9cnla69mrgpi/FsdbcwF1ehlQSx0x6IwqLKPoKf2yGxudU46hmIbbSOYye1gOxQ== X-Received: by 2002:a17:906:cb8b:b0:a59:c3d0:550c with SMTP id a640c23a62f3a-a62643e4d86mr480346166b.43.1716808827374; Mon, 27 May 2024 04:20:27 -0700 (PDT) Received: from cloudflare.com ([2a09:bac5:5063:2387::38a:20]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a626cd87281sm480214366b.157.2024.05.27.04.20.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 May 2024 04:20:26 -0700 (PDT) From: Jakub Sitnicki Date: Mon, 27 May 2024 13:20:07 +0200 Subject: [PATCH bpf 1/3] bpf: Allow delete from sockmap/sockhash only if update is allowed Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240527-sockmap-verify-deletes-v1-1-944b372f2101@cloudflare.com> References: <20240527-sockmap-verify-deletes-v1-0-944b372f2101@cloudflare.com> In-Reply-To: <20240527-sockmap-verify-deletes-v1-0-944b372f2101@cloudflare.com> To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Hillf Danton , Tetsuo Handa , kernel-team@cloudflare.com, syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com X-Mailer: b4 0.13.0 X-Patchwork-Delegate: bpf@iogearbox.net We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don't intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types. Reported-by: Tetsuo Handa Reported-and-tested-by: syzbot+ec941d6e24f633a59172@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=ec941d6e24f633a59172 Signed-off-by: Jakub Sitnicki Acked-by: John Fastabend --- kernel/bpf/verifier.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 77da1f438bec..48f3a9acdef3 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -8882,7 +8882,8 @@ static bool may_update_sockmap(struct bpf_verifier_env *env, int func_id) enum bpf_attach_type eatype = env->prog->expected_attach_type; enum bpf_prog_type type = resolve_prog_type(env->prog); - if (func_id != BPF_FUNC_map_update_elem) + if (func_id != BPF_FUNC_map_update_elem && + func_id != BPF_FUNC_map_delete_elem) return false; /* It's not possible to get access to a locked struct sock in these @@ -8893,6 +8894,11 @@ static bool may_update_sockmap(struct bpf_verifier_env *env, int func_id) if (eatype == BPF_TRACE_ITER) return true; break; + case BPF_PROG_TYPE_SOCK_OPS: + /* map_update allowed only via dedicated helpers with event type checks */ + if (func_id == BPF_FUNC_map_delete_elem) + return true; + break; case BPF_PROG_TYPE_SOCKET_FILTER: case BPF_PROG_TYPE_SCHED_CLS: case BPF_PROG_TYPE_SCHED_ACT: @@ -8988,7 +8994,6 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, case BPF_MAP_TYPE_SOCKMAP: if (func_id != BPF_FUNC_sk_redirect_map && func_id != BPF_FUNC_sock_map_update && - func_id != BPF_FUNC_map_delete_elem && func_id != BPF_FUNC_msg_redirect_map && func_id != BPF_FUNC_sk_select_reuseport && func_id != BPF_FUNC_map_lookup_elem && @@ -8998,7 +9003,6 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, case BPF_MAP_TYPE_SOCKHASH: if (func_id != BPF_FUNC_sk_redirect_hash && func_id != BPF_FUNC_sock_hash_update && - func_id != BPF_FUNC_map_delete_elem && func_id != BPF_FUNC_msg_redirect_hash && func_id != BPF_FUNC_sk_select_reuseport && func_id != BPF_FUNC_map_lookup_elem && From patchwork Mon May 27 11:20:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 13675059 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C685613C812 for ; Mon, 27 May 2024 11:20:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716808832; cv=none; b=UHlztvuH7oAPAPtwuVGy1bWPV52bRgwd+vdKb9BD2s+695tUVbJNkTbozmN8H8bKumXi/z3MbQilAhgra4Fe+w9LC5i70WZrGvNgjTcTXprlXj77p+7l27kI0/YzSDqqhEo/XNrpUgS6Q0n8AixBAy+rCIBT/GXQLtoyI+7w3OQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716808832; c=relaxed/simple; bh=/pUlgplupYCOqK1duqkRbcNAf5YH4JpBn1oxEDeAaAs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=M6PSIy6rFBvdELvq/0M/sidSDA2p1AFNPoNod5RiQF47USHbMGLU1/QZNW5xermVHC76f7HQ3sE6MWr2ouGK8zLE/QsTPsP7z1OcSpbHXDgGemAwbApZiWsGQuC1Rs8f0yzSDl5Ydmuwv50tJXPdHY1h8yhIq6z72zV5q7Qalnw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com; spf=pass smtp.mailfrom=cloudflare.com; dkim=pass (2048-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b=DDnSdCty; arc=none smtp.client-ip=209.85.208.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cloudflare.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="DDnSdCty" Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-578517c8b49so3598234a12.3 for ; Mon, 27 May 2024 04:20:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1716808829; x=1717413629; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=23ydGa8yIzcGu+r2oGEhHlYDDTdCA1ncbXSuOWhVYp4=; b=DDnSdCtyMO6b2TRxJLXiZVv0dgWZw4drthuuJB5Mt0p1sDWEvlU05p+5Iav9OV1F/j AFrUn7IjJZjm6wqCcjmJop+S9TMdcac4/ri3LestQYukGCadlnxsZ7ZC5rkXnHNuAELA eO0uuBM2t71jjvbHAElNJQpJrNKUAOt46Yp7WmVX5+nr7RrxAOM+JXzBf3yesn+buytl q67QIOIoFq0GjUao8iI1jEnP9IL215PXeMb5pJU56pUG/m2jNco3fYIC8u2P1lxmv34G jO9AeVRjuTSZzcQRXGs1vDPMqz8HtllU6K1/cXusJq/cJVWSdkb7o6UlDaknBFcuH5lc 835g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716808829; x=1717413629; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=23ydGa8yIzcGu+r2oGEhHlYDDTdCA1ncbXSuOWhVYp4=; b=obDMsmqsaK5b/jbxYFXxm+v77OBvfYExafO4TfVM/CyRzEi5rr1EtJjDFeB61nkOe+ a6MITUJ01S3stf9l1CNV9/dlGT6I/UvHqdJja2MC6rx4wy4y7p/4e6KrD907mgFlKsZO izpyKJKKjt3dN9VPo5drKy/VMAqblljioEBviQukz8oemLMkHXiyMLdI2BpOMIirKxI5 CuQaPDYgfR7v8lfeWjpIU7K3WTzK9ztwe/9hmaDF9GBTqr1VFHw9AVVgL8poOOALK6rj TxtO96wI7VEVEcLqf+bMX5gIVD8j2WtQBK2lqu+aBZczRzpPGQMGFjKOTGGxyv7kd2k2 ktbA== X-Gm-Message-State: AOJu0YyfvRB18x7YKQ8oMgNfmIXSB1VolAiiftMYYB8IHEM/d14DGoUW oqm1NaLg6G7ztKbSwgUoM/TkjgElBKLYR9lcspTAk0HEkZdM0LSyEfFnrFKIV9s= X-Google-Smtp-Source: AGHT+IFvvW2lCjoGdGPrafpT7u5NIuceCRbFGyD2XheJvPNRdpJVua1qetJRkoBXERnEWuzaSX3vOQ== X-Received: by 2002:a17:906:1c8e:b0:a62:15b7:c45 with SMTP id a640c23a62f3a-a6264f15d6fmr616516366b.55.1716808829145; Mon, 27 May 2024 04:20:29 -0700 (PDT) Received: from cloudflare.com ([2a09:bac5:5063:2387::38a:20]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a62b67f0bbesm280204666b.211.2024.05.27.04.20.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 May 2024 04:20:28 -0700 (PDT) From: Jakub Sitnicki Date: Mon, 27 May 2024 13:20:08 +0200 Subject: [PATCH bpf 2/3] Revert "bpf, sockmap: Prevent lock inversion deadlock in map delete elem" Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240527-sockmap-verify-deletes-v1-2-944b372f2101@cloudflare.com> References: <20240527-sockmap-verify-deletes-v1-0-944b372f2101@cloudflare.com> In-Reply-To: <20240527-sockmap-verify-deletes-v1-0-944b372f2101@cloudflare.com> To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Hillf Danton , Tetsuo Handa , kernel-team@cloudflare.com X-Mailer: b4 0.13.0 X-Patchwork-Delegate: bpf@iogearbox.net This reverts commit ff91059932401894e6c86341915615c5eb0eca48. This check is no longer needed. BPF programs attached to tracepoints are now rejected by the verifier when they attempt to delete from a sockmap/sockhash maps. Signed-off-by: Jakub Sitnicki Acked-by: John Fastabend --- net/core/sock_map.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 9402889840bf..63c016b4c169 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -423,9 +423,6 @@ static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test, struct sock *sk; int err = 0; - if (irqs_disabled()) - return -EOPNOTSUPP; /* locks here are hardirq-unsafe */ - spin_lock_bh(&stab->lock); sk = *psk; if (!sk_test || sk_test == sk) @@ -948,9 +945,6 @@ static long sock_hash_delete_elem(struct bpf_map *map, void *key) struct bpf_shtab_elem *elem; int ret = -ENOENT; - if (irqs_disabled()) - return -EOPNOTSUPP; /* locks here are hardirq-unsafe */ - hash = sock_hash_bucket_hash(key, key_size); bucket = sock_hash_select_bucket(htab, hash); From patchwork Mon May 27 11:20:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 13675060 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B511C13C831 for ; Mon, 27 May 2024 11:20:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.51 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716808834; cv=none; b=PxDLBdPPBPDFwXzrXo+hJ2TTp5xIX9ofyPxd3ppPYhGmJIaLRZnqz21Hyh936LpZ1lZnA1kIScrZKh+4Lv8LPYwqMkMwwTnoIwgctojkS92p6lznPnjT/sln8RjWbhciU07ZPj+M5RZavV++C/Cn/UjMbVtpnEzfDK4aLkjaYkU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716808834; c=relaxed/simple; bh=ZVzNevtLO4r/oZu986oCuz7Tf7nkZt7CBBz5HeLDS8g=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=AmFUJo93dWV7B07ea3yyemQtDzbHX3RxU7qTqTFcoZkWBy1nQ9yCkwan70/aB+MDamAOQzFgErbsYpzpPABgYEwCb5i4lsYZX5jO6Q6iR6a0wg7zkoNxRbJDzyc72SQqEwqQ+ysQ5VJn9WzlvX6LX/0+fNxQYBgfKWgmd3drGng= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com; spf=pass smtp.mailfrom=cloudflare.com; dkim=pass (2048-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b=UR5KkQua; arc=none smtp.client-ip=209.85.218.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cloudflare.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="UR5KkQua" Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-a6269ad9a6fso353095266b.2 for ; Mon, 27 May 2024 04:20:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google09082023; t=1716808831; x=1717413631; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=/BoYAK6dmFx09JhEtXnjE9H2U5t2605tLty0EV9Pv50=; b=UR5KkQuavLgaxZuzLB08mmUoFc/4RnHHhDeR1VthA4j22kY1/vFwhF2EXzac33epqe Lf+Rx2/n32cvhzuzCaF7YDpsOfOh4KO9MniLsxs9ivjBIKkojjJSFh7/bCa0nDYBXKkm f4AXehF3c26od0x2a00tYa/ieldQvEDtK6pRGY4ZvcssKpZla0Z9cCiVHJEFi+2b/29c qYo4nVgk3TquaoBAWlUlUrQLTrPToVBEb/TU3EeqdaLoM+KcNHgJo4J2xJ3avyZaBK7O iZ/tBRcNpHAUSQ2cwkLfVSoSkLNaQZHrFys0gYj+1OVOlQmdwSho58+3cmO82m1Nx3yJ SFbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716808831; x=1717413631; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/BoYAK6dmFx09JhEtXnjE9H2U5t2605tLty0EV9Pv50=; b=YmaSIqNsS0wcbX6SabtNP/8BIXR2zz8+VeiYSExqR76k5enxBQbVTbvczo2A9ub0em SdAEFlPOcipWV9JbK/HSFfL/7tHd3MAoJjOXrB1cX/cq/Wb3qjhTog0ED+yU82CRBUj9 cXyM8oI0Bnjv2pWpbahGu1+WI/89AYlFvjKuYuDMAvfiZub4jad2CVlQ23xakfZyk8c3 jggoCghbIT+yasxx1t955tVAYSccaiy/o0Ib7GK+PxghuHEORTW/u2yMFz6XDNulMu6W 2DkLeo/Sz0QuLowKSlEW8MI5B+Ya/cxF7ypKqsAvQXPZ3uHODnRq36SDg/nZbiAa+w70 pXlQ== X-Gm-Message-State: AOJu0YyS8MkDU65I/BTMzeMMwLNxfPKjy3tHrMxsT5P9Ocnokjy6NBsA r0yLAUUDCvyrjO5WHEtYx9wAPurGRQpOPsbeQp6RGxmUJkiFcO+nLYA89eXtav/U3qCoqEzKf6G o X-Google-Smtp-Source: AGHT+IFuFXEfFBSPzyFG4ntczWMr7vkgIu0DW961doLD3ZevjrolFf+UJkELlHvxvWskhe1IJxOkwQ== X-Received: by 2002:a17:906:2dcd:b0:a59:9a68:7283 with SMTP id a640c23a62f3a-a62641a572dmr480390266b.12.1716808831185; Mon, 27 May 2024 04:20:31 -0700 (PDT) Received: from cloudflare.com ([2a09:bac5:5063:2387::38a:20]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a630f25943dsm46285166b.41.2024.05.27.04.20.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 May 2024 04:20:30 -0700 (PDT) From: Jakub Sitnicki Date: Mon, 27 May 2024 13:20:09 +0200 Subject: [PATCH bpf 3/3] selftests/bpf: Cover verifier checks for mutating sockmap/sockhash Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-Id: <20240527-sockmap-verify-deletes-v1-3-944b372f2101@cloudflare.com> References: <20240527-sockmap-verify-deletes-v1-0-944b372f2101@cloudflare.com> In-Reply-To: <20240527-sockmap-verify-deletes-v1-0-944b372f2101@cloudflare.com> To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Hillf Danton , Tetsuo Handa , kernel-team@cloudflare.com X-Mailer: b4 0.13.0 X-Patchwork-Delegate: bpf@iogearbox.net Verifier enforces that only certain program types can mutate sock{map,hash} maps, that is update it or delete from it. Add test coverage for these checks so we don't regress. Signed-off-by: Jakub Sitnicki Acked-by: John Fastabend --- tools/testing/selftests/bpf/prog_tests/verifier.c | 2 + .../selftests/bpf/progs/verifier_sockmap_mutate.c | 187 +++++++++++++++++++++ 2 files changed, 189 insertions(+) diff --git a/tools/testing/selftests/bpf/prog_tests/verifier.c b/tools/testing/selftests/bpf/prog_tests/verifier.c index c60db8beeb73..1c9c4ec1be11 100644 --- a/tools/testing/selftests/bpf/prog_tests/verifier.c +++ b/tools/testing/selftests/bpf/prog_tests/verifier.c @@ -67,6 +67,7 @@ #include "verifier_search_pruning.skel.h" #include "verifier_sock.skel.h" #include "verifier_sock_addr.skel.h" +#include "verifier_sockmap_mutate.skel.h" #include "verifier_spill_fill.skel.h" #include "verifier_spin_lock.skel.h" #include "verifier_stack_ptr.skel.h" @@ -183,6 +184,7 @@ void test_verifier_sdiv(void) { RUN(verifier_sdiv); } void test_verifier_search_pruning(void) { RUN(verifier_search_pruning); } void test_verifier_sock(void) { RUN(verifier_sock); } void test_verifier_sock_addr(void) { RUN(verifier_sock_addr); } +void test_verifier_sockmap_mutate(void) { RUN(verifier_sockmap_mutate); } void test_verifier_spill_fill(void) { RUN(verifier_spill_fill); } void test_verifier_spin_lock(void) { RUN(verifier_spin_lock); } void test_verifier_stack_ptr(void) { RUN(verifier_stack_ptr); } diff --git a/tools/testing/selftests/bpf/progs/verifier_sockmap_mutate.c b/tools/testing/selftests/bpf/progs/verifier_sockmap_mutate.c new file mode 100644 index 000000000000..fe4b123187b8 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/verifier_sockmap_mutate.c @@ -0,0 +1,187 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include +#include + +#include "bpf_misc.h" + +#define __always_unused __attribute__((unused)) + +char _license[] SEC("license") = "GPL"; + +struct sock { +} __attribute__((preserve_access_index)); + +struct bpf_iter__sockmap { + union { + struct sock *sk; + }; +} __attribute__((preserve_access_index)); + +struct { + __uint(type, BPF_MAP_TYPE_SOCKHASH); + __uint(max_entries, 1); + __type(key, int); + __type(value, int); +} sockhash SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_SOCKMAP); + __uint(max_entries, 1); + __type(key, int); + __type(value, int); +} sockmap SEC(".maps"); + +enum { CG_OK = 1 }; + +int zero = 0; + +static __always_inline void test_sockmap_delete(void) +{ + bpf_map_delete_elem(&sockmap, &zero); + bpf_map_delete_elem(&sockhash, &zero); +} + +static __always_inline void test_sockmap_update(void *sk) +{ + if (sk) { + bpf_map_update_elem(&sockmap, &zero, sk, BPF_ANY); + bpf_map_update_elem(&sockhash, &zero, sk, BPF_ANY); + } +} + +static __always_inline void test_sockmap_lookup_and_update(void) +{ + struct bpf_sock *sk = bpf_map_lookup_elem(&sockmap, &zero); + + if (sk) { + test_sockmap_update(sk); + bpf_sk_release(sk); + } +} + +static __always_inline void test_sockmap_mutate(void *sk) +{ + test_sockmap_delete(); + test_sockmap_update(sk); +} + +static __always_inline void test_sockmap_lookup_and_mutate(void) +{ + test_sockmap_delete(); + test_sockmap_lookup_and_update(); +} + +SEC("action") +__success +int test_sched_act(struct __sk_buff *skb) +{ + test_sockmap_mutate(skb->sk); + return 0; +} + +SEC("classifier") +__success +int test_sched_cls(struct __sk_buff *skb) +{ + test_sockmap_mutate(skb->sk); + return 0; +} + +SEC("flow_dissector") +__success +int test_flow_dissector_delete(struct __sk_buff *skb __always_unused) +{ + test_sockmap_delete(); + return 0; +} + +SEC("flow_dissector") +__failure __msg("program of this type cannot use helper bpf_sk_release") +int test_flow_dissector_update(struct __sk_buff *skb __always_unused) +{ + test_sockmap_lookup_and_update(); /* no access to skb->sk */ + return 0; +} + +SEC("iter/sockmap") +__success +int test_trace_iter(struct bpf_iter__sockmap *ctx) +{ + test_sockmap_mutate(ctx->sk); + return 0; +} + +SEC("raw_tp/kfree") +__failure __msg("cannot update sockmap in this context") +int test_raw_tp_delete(const void *ctx __always_unused) +{ + test_sockmap_delete(); + return 0; +} + +SEC("raw_tp/kfree") +__failure __msg("cannot update sockmap in this context") +int test_raw_tp_update(const void *ctx __always_unused) +{ + test_sockmap_lookup_and_update(); + return 0; +} + +SEC("sk_lookup") +__success +int test_sk_lookup(struct bpf_sk_lookup *ctx) +{ + test_sockmap_mutate(ctx->sk); + return 0; +} + +SEC("sk_reuseport") +__success +int test_sk_reuseport(struct sk_reuseport_md *ctx) +{ + test_sockmap_mutate(ctx->sk); + return 0; +} + +SEC("socket") +__success +int test_socket_filter(struct __sk_buff *skb) +{ + test_sockmap_mutate(skb->sk); + return 0; +} + +SEC("sockops") +__success +int test_sockops_delete(struct bpf_sock_ops *ctx __always_unused) +{ + test_sockmap_delete(); + return CG_OK; +} + +SEC("sockops") +__failure __msg("cannot update sockmap in this context") +int test_sockops_update(struct bpf_sock_ops *ctx) +{ + test_sockmap_update(ctx->sk); + return CG_OK; +} + +SEC("sockops") +__success +int test_sockops_update_dedicated(struct bpf_sock_ops *ctx) +{ + bpf_sock_map_update(ctx, &sockmap, &zero, BPF_ANY); + bpf_sock_hash_update(ctx, &sockhash, &zero, BPF_ANY); + return CG_OK; +} + +SEC("xdp") +__success +int test_xdp(struct xdp_md *ctx __always_unused) +{ + test_sockmap_lookup_and_mutate(); + return XDP_PASS; +}