* [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug
@ 2023-09-27 4:50 ruowenq2
2023-09-27 4:50 ` [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs ruowenq2
2023-09-28 16:40 ` [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug patchwork-bot+netdevbpf
0 siblings, 2 replies; 8+ messages in thread
From: ruowenq2 @ 2023-09-27 4:50 UTC (permalink / raw)
To: bpf; +Cc: ast, daniel, andrii, jinghao7, keescook, Ruowen Qin
From: Ruowen Qin <ruowenq2@illinois.edu>
Thanks to Alexei, patch 2/3 and 3/3 from v2 have been upstreamed. v3
primarily addresses scenarios where the compiler lacks ubsan support.
There are currently 6 BPF programs in syscall_tp_kern but the array to
hold the corresponding bpf_links in syscall_tp_user only has space for 4
programs, given the array size is hardcoded. This causes the sample
program to fail due to an out-of-bound access that corrupts other stack
variables:
# ./syscall_tp
prog #0: map ids 4 5
verify map:4 val: 5
map_lookup failed: Bad file descriptor
This patch series aims to solve this issue for now and for the future.
It first adds the -fsanitize=bounds flag to make similar bugs more
obvious at runtime. It then refactors syscall_tp_user to retrieve the
number of programs from the bpf_object and dynamically allocate the
array of bpf_links to avoid inconsistencies from hardcoding.
Changelog:
---
v2 -> v3
v2: https://lore.kernel.org/all/20230917214220.637721-1-jinghao7@illinois.edu/
* Address feddback from Alexei
* Make the makefile smarter to detect the presence of ubsan in the compiler.
v1 -> v2
v1: https://lore.kernel.org/all/20230818164643.97782-1-jinghao@linux.ibm.com/
* Address feedback from Daniel
* Add missing NULL check for calloc return value.
* Remove the extra operation that sets links pointer to NULL after free.
Ruowen Qin (1):
samples/bpf: Add -fsanitize=bounds to userspace programs
samples/bpf/Makefile | 3 +++
1 file changed, 3 insertions(+)
--
2.42.0
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs
2023-09-27 4:50 [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug ruowenq2
@ 2023-09-27 4:50 ` ruowenq2
2023-09-27 11:03 ` Jiri Olsa
2023-09-28 16:40 ` [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug patchwork-bot+netdevbpf
1 sibling, 1 reply; 8+ messages in thread
From: ruowenq2 @ 2023-09-27 4:50 UTC (permalink / raw)
To: bpf
Cc: ast, daniel, andrii, jinghao7, keescook, Ruowen Qin, Mimi Zohar,
Jinghao Jia
From: Ruowen Qin <ruowenq2@illinois.edu>
The sanitizer flag, which is supported by both clang and gcc, would make
it easier to debug array index out-of-bounds problems in these programs.
Make the Makfile smarter to detect ubsan support from the compiler and
add the '-fsanitize=bounds' accordingly.
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com>
Signed-off-by: Jinghao Jia <jinghao7@illinois.edu>
Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu>
---
samples/bpf/Makefile | 3 +++
1 file changed, 3 insertions(+)
diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
index 6c707ebcebb9..90af76fa9dd8 100644
--- a/samples/bpf/Makefile
+++ b/samples/bpf/Makefile
@@ -169,6 +169,9 @@ endif
TPROGS_CFLAGS += -Wall -O2
TPROGS_CFLAGS += -Wmissing-prototypes
TPROGS_CFLAGS += -Wstrict-prototypes
+TPROGS_CFLAGS += $(call try-run,\
+ printf "int main() { return 0; }" |\
+ $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,)
TPROGS_CFLAGS += -I$(objtree)/usr/include
TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/
--
2.42.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs
2023-09-27 4:50 ` [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs ruowenq2
@ 2023-09-27 11:03 ` Jiri Olsa
2023-09-27 23:19 ` ruowenq2
0 siblings, 1 reply; 8+ messages in thread
From: Jiri Olsa @ 2023-09-27 11:03 UTC (permalink / raw)
To: ruowenq2
Cc: bpf, ast, daniel, andrii, jinghao7, keescook, Mimi Zohar, Jinghao Jia
On Tue, Sep 26, 2023 at 11:50:30PM -0500, ruowenq2@illinois.edu wrote:
> From: Ruowen Qin <ruowenq2@illinois.edu>
>
> The sanitizer flag, which is supported by both clang and gcc, would make
> it easier to debug array index out-of-bounds problems in these programs.
>
> Make the Makfile smarter to detect ubsan support from the compiler and
> add the '-fsanitize=bounds' accordingly.
>
> Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
> Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com>
> Signed-off-by: Jinghao Jia <jinghao7@illinois.edu>
> Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu>
> ---
> samples/bpf/Makefile | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
> index 6c707ebcebb9..90af76fa9dd8 100644
> --- a/samples/bpf/Makefile
> +++ b/samples/bpf/Makefile
> @@ -169,6 +169,9 @@ endif
> TPROGS_CFLAGS += -Wall -O2
> TPROGS_CFLAGS += -Wmissing-prototypes
> TPROGS_CFLAGS += -Wstrict-prototypes
> +TPROGS_CFLAGS += $(call try-run,\
> + printf "int main() { return 0; }" |\
> + $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,)
I haven't checked deeply, but could we use just cc-option? looks simpler
TPROGS_CFLAGS += $(call cc-option, -fsanitize=bounds)
jirka
>
> TPROGS_CFLAGS += -I$(objtree)/usr/include
> TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/
> --
> 2.42.0
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs
2023-09-27 11:03 ` Jiri Olsa
@ 2023-09-27 23:19 ` ruowenq2
2023-09-28 8:15 ` Jiri Olsa
0 siblings, 1 reply; 8+ messages in thread
From: ruowenq2 @ 2023-09-27 23:19 UTC (permalink / raw)
To: Jiri Olsa, bpf, ast, daniel, andrii, jinghao7, keescook,
Mimi Zohar, Jinghao Jia
On 9/27/23 6:03 AM, Jiri Olsa <olsajiri@gmail.com> wrote:
> On Tue, Sep 26, 2023 at 11:50:30PM -0500, ruowenq2@illinois.edu wrote:
> > From: Ruowen Qin <ruowenq2@illinois.edu>
> >
> > The sanitizer flag, which is supported by both clang and gcc, would make
> > it easier to debug array index out-of-bounds problems in these programs.
> >
> > Make the Makfile smarter to detect ubsan support from the compiler and
> > add the '-fsanitize=bounds' accordingly.
> >
> > Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
> > Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com>
> > Signed-off-by: Jinghao Jia <jinghao7@illinois.edu>
> > Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu>
> > ---
> > samples/bpf/Makefile | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
> > index 6c707ebcebb9..90af76fa9dd8 100644
> > --- a/samples/bpf/Makefile
> > +++ b/samples/bpf/Makefile
> > @@ -169,6 +169,9 @@ endif
> > TPROGS_CFLAGS += -Wall -O2
> > TPROGS_CFLAGS += -Wmissing-prototypes
> > TPROGS_CFLAGS += -Wstrict-prototypes
> > +TPROGS_CFLAGS += $(call try-run,\
> > + printf "int main() { return 0; }" |\
> > + $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,)
>
> I haven't checked deeply, but could we use just cc-option? looks simpler
>
> TPROGS_CFLAGS += $(call cc-option, -fsanitize=bounds)
>
> jirka
Hi, thanks for your quick reply! When checking for flags, cc-option does not execute the linker, but on Fedora, an error appears and stating that "/usr/lib64/libubsan.so.1.0.0" cannot be found during linking. So I try this seemingly cumbersome way.
Ruowen
> >
> > TPROGS_CFLAGS += -I$(objtree)/usr/include
> > TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/
> > --
> > 2.42.0
> >
> >
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs
2023-09-27 23:19 ` ruowenq2
@ 2023-09-28 8:15 ` Jiri Olsa
2023-09-28 9:19 ` Jinghao Jia
0 siblings, 1 reply; 8+ messages in thread
From: Jiri Olsa @ 2023-09-28 8:15 UTC (permalink / raw)
To: ruowenq2
Cc: Jiri Olsa, bpf, ast, daniel, andrii, jinghao7, keescook,
Mimi Zohar, Jinghao Jia
On Wed, Sep 27, 2023 at 06:19:10PM -0500, ruowenq2@illinois.edu wrote:
>
>
> On 9/27/23 6:03 AM, Jiri Olsa <olsajiri@gmail.com> wrote:
> > On Tue, Sep 26, 2023 at 11:50:30PM -0500, ruowenq2@illinois.edu wrote:
> > > From: Ruowen Qin <ruowenq2@illinois.edu>
> > >
> > > The sanitizer flag, which is supported by both clang and gcc, would make
> > > it easier to debug array index out-of-bounds problems in these programs.
> > >
> > > Make the Makfile smarter to detect ubsan support from the compiler and
> > > add the '-fsanitize=bounds' accordingly.
> > >
> > > Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
> > > Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com>
> > > Signed-off-by: Jinghao Jia <jinghao7@illinois.edu>
> > > Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu>
> > > ---
> > > samples/bpf/Makefile | 3 +++
> > > 1 file changed, 3 insertions(+)
> > >
> > > diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
> > > index 6c707ebcebb9..90af76fa9dd8 100644
> > > --- a/samples/bpf/Makefile
> > > +++ b/samples/bpf/Makefile
> > > @@ -169,6 +169,9 @@ endif
> > > TPROGS_CFLAGS += -Wall -O2
> > > TPROGS_CFLAGS += -Wmissing-prototypes
> > > TPROGS_CFLAGS += -Wstrict-prototypes
> > > +TPROGS_CFLAGS += $(call try-run,\
> > > + printf "int main() { return 0; }" |\
> > > + $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,)
> >
> > I haven't checked deeply, but could we use just cc-option? looks simpler
> >
> > TPROGS_CFLAGS += $(call cc-option, -fsanitize=bounds)
> >
> > jirka
>
> Hi, thanks for your quick reply! When checking for flags, cc-option does not execute the linker, but on Fedora, an error appears and stating that "/usr/lib64/libubsan.so.1.0.0" cannot be found during linking. So I try this seemingly cumbersome way.
I see, there's also ld-option, would that work?
jirka
>
> Ruowen
>
> > > > TPROGS_CFLAGS += -I$(objtree)/usr/include
> > > TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/
> > > -- > 2.42.0
> > >
> > >
> >
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs
2023-09-28 8:15 ` Jiri Olsa
@ 2023-09-28 9:19 ` Jinghao Jia
2023-09-28 14:03 ` Jiri Olsa
0 siblings, 1 reply; 8+ messages in thread
From: Jinghao Jia @ 2023-09-28 9:19 UTC (permalink / raw)
To: Jiri Olsa, ruowenq2
Cc: bpf, ast, daniel, andrii, keescook, Mimi Zohar, Jinghao Jia
On 9/28/23 3:15 AM, Jiri Olsa wrote:
> On Wed, Sep 27, 2023 at 06:19:10PM -0500, ruowenq2@illinois.edu wrote:
>>
>>
>> On 9/27/23 6:03 AM, Jiri Olsa <olsajiri@gmail.com> wrote:
>>> On Tue, Sep 26, 2023 at 11:50:30PM -0500, ruowenq2@illinois.edu wrote:
>>>> From: Ruowen Qin <ruowenq2@illinois.edu>
>>>>
>>>> The sanitizer flag, which is supported by both clang and gcc, would make
>>>> it easier to debug array index out-of-bounds problems in these programs.
>>>>
>>>> Make the Makfile smarter to detect ubsan support from the compiler and
>>>> add the '-fsanitize=bounds' accordingly.
>>>>
>>>> Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
>>>> Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com>
>>>> Signed-off-by: Jinghao Jia <jinghao7@illinois.edu>
>>>> Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu>
>>>> ---
>>>> samples/bpf/Makefile | 3 +++
>>>> 1 file changed, 3 insertions(+)
>>>>
>>>> diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
>>>> index 6c707ebcebb9..90af76fa9dd8 100644
>>>> --- a/samples/bpf/Makefile
>>>> +++ b/samples/bpf/Makefile
>>>> @@ -169,6 +169,9 @@ endif
>>>> TPROGS_CFLAGS += -Wall -O2
>>>> TPROGS_CFLAGS += -Wmissing-prototypes
>>>> TPROGS_CFLAGS += -Wstrict-prototypes
>>>> +TPROGS_CFLAGS += $(call try-run,\
>>>> + printf "int main() { return 0; }" |\
>>>> + $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,)
>>>
>>> I haven't checked deeply, but could we use just cc-option? looks simpler
>>>
>>> TPROGS_CFLAGS += $(call cc-option, -fsanitize=bounds)
>>>
>>> jirka
>>
>> Hi, thanks for your quick reply! When checking for flags, cc-option does not execute the linker, but on Fedora, an error appears and stating that "/usr/lib64/libubsan.so.1.0.0" cannot be found during linking. So I try this seemingly cumbersome way.
>
> I see, there's also ld-option, would that work?
>
> jirka
>
IMHO I don't think ld-option would solve the problem. It directly sends the
flag to the linker but -fsanitize=bounds is a compiler flag, not a linker
flag.
Basically, what's special about this case is that the feature we want to
probe is behind a gcc/clang flag but we do not know whether it is supported
until link time (e.g. the sanitizer library is missing on Fedora so we get
a link error).
--Jinghao
>>
>> Ruowen
>>
>>>> > TPROGS_CFLAGS += -I$(objtree)/usr/include
>>>> TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/
>>>> -- > 2.42.0
>>>>
>>>>
>>>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs
2023-09-28 9:19 ` Jinghao Jia
@ 2023-09-28 14:03 ` Jiri Olsa
0 siblings, 0 replies; 8+ messages in thread
From: Jiri Olsa @ 2023-09-28 14:03 UTC (permalink / raw)
To: Jinghao Jia
Cc: Jiri Olsa, ruowenq2, bpf, ast, daniel, andrii, keescook,
Mimi Zohar, Jinghao Jia
On Thu, Sep 28, 2023 at 04:19:02AM -0500, Jinghao Jia wrote:
>
>
> On 9/28/23 3:15 AM, Jiri Olsa wrote:
> > On Wed, Sep 27, 2023 at 06:19:10PM -0500, ruowenq2@illinois.edu wrote:
> >>
> >>
> >> On 9/27/23 6:03 AM, Jiri Olsa <olsajiri@gmail.com> wrote:
> >>> On Tue, Sep 26, 2023 at 11:50:30PM -0500, ruowenq2@illinois.edu wrote:
> >>>> From: Ruowen Qin <ruowenq2@illinois.edu>
> >>>>
> >>>> The sanitizer flag, which is supported by both clang and gcc, would make
> >>>> it easier to debug array index out-of-bounds problems in these programs.
> >>>>
> >>>> Make the Makfile smarter to detect ubsan support from the compiler and
> >>>> add the '-fsanitize=bounds' accordingly.
> >>>>
> >>>> Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
> >>>> Signed-off-by: Jinghao Jia <jinghao@linux.ibm.com>
> >>>> Signed-off-by: Jinghao Jia <jinghao7@illinois.edu>
> >>>> Signed-off-by: Ruowen Qin <ruowenq2@illinois.edu>
> >>>> ---
> >>>> samples/bpf/Makefile | 3 +++
> >>>> 1 file changed, 3 insertions(+)
> >>>>
> >>>> diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
> >>>> index 6c707ebcebb9..90af76fa9dd8 100644
> >>>> --- a/samples/bpf/Makefile
> >>>> +++ b/samples/bpf/Makefile
> >>>> @@ -169,6 +169,9 @@ endif
> >>>> TPROGS_CFLAGS += -Wall -O2
> >>>> TPROGS_CFLAGS += -Wmissing-prototypes
> >>>> TPROGS_CFLAGS += -Wstrict-prototypes
> >>>> +TPROGS_CFLAGS += $(call try-run,\
> >>>> + printf "int main() { return 0; }" |\
> >>>> + $(CC) -Werror -fsanitize=bounds -x c - -o "$$TMP",-fsanitize=bounds,)
> >>>
> >>> I haven't checked deeply, but could we use just cc-option? looks simpler
> >>>
> >>> TPROGS_CFLAGS += $(call cc-option, -fsanitize=bounds)
> >>>
> >>> jirka
> >>
> >> Hi, thanks for your quick reply! When checking for flags, cc-option does not execute the linker, but on Fedora, an error appears and stating that "/usr/lib64/libubsan.so.1.0.0" cannot be found during linking. So I try this seemingly cumbersome way.
> >
> > I see, there's also ld-option, would that work?
> >
> > jirka
> >
>
> IMHO I don't think ld-option would solve the problem. It directly sends the
> flag to the linker but -fsanitize=bounds is a compiler flag, not a linker
> flag.
>
> Basically, what's special about this case is that the feature we want to
> probe is behind a gcc/clang flag but we do not know whether it is supported
> until link time (e.g. the sanitizer library is missing on Fedora so we get
> a link error).
ok, I tested on fedora, looks good
Acked-by: Jiri Olsa <jolsa@kernel.org>
Tested-by: Jiri Olsa <jolsa@kernel.org>
thanks,
jirka
>
> --Jinghao
>
> >>
> >> Ruowen
> >>
> >>>> > TPROGS_CFLAGS += -I$(objtree)/usr/include
> >>>> TPROGS_CFLAGS += -I$(srctree)/tools/testing/selftests/bpf/
> >>>> -- > 2.42.0
> >>>>
> >>>>
> >>>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug
2023-09-27 4:50 [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug ruowenq2
2023-09-27 4:50 ` [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs ruowenq2
@ 2023-09-28 16:40 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 8+ messages in thread
From: patchwork-bot+netdevbpf @ 2023-09-28 16:40 UTC (permalink / raw)
To: None; +Cc: bpf, ast, daniel, andrii, jinghao7, keescook
Hello:
This patch was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@kernel.org>:
On Tue, 26 Sep 2023 23:50:29 -0500 you wrote:
> From: Ruowen Qin <ruowenq2@illinois.edu>
>
> Thanks to Alexei, patch 2/3 and 3/3 from v2 have been upstreamed. v3
> primarily addresses scenarios where the compiler lacks ubsan support.
>
> There are currently 6 BPF programs in syscall_tp_kern but the array to
> hold the corresponding bpf_links in syscall_tp_user only has space for 4
> programs, given the array size is hardcoded. This causes the sample
> program to fail due to an out-of-bound access that corrupts other stack
> variables:
>
> [...]
Here is the summary with links:
- [bpf-next,v3,1/1] samples/bpf: Add -fsanitize=bounds to userspace programs
https://git.kernel.org/bpf/bpf-next/c/9e09b75079e2
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-09-28 16:40 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-27 4:50 [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug ruowenq2
2023-09-27 4:50 ` [PATCH bpf-next v3 1/1] samples/bpf: Add -fsanitize=bounds to userspace programs ruowenq2
2023-09-27 11:03 ` Jiri Olsa
2023-09-27 23:19 ` ruowenq2
2023-09-28 8:15 ` Jiri Olsa
2023-09-28 9:19 ` Jinghao Jia
2023-09-28 14:03 ` Jiri Olsa
2023-09-28 16:40 ` [PATCH bpf-next v3 0/1] samples/bpf: syscall_tp_user: Refactor and fix array index out-of-bounds bug patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).