All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andrii Nakryiko <andrii.nakryiko@gmail.com>
To: Tony Ambardar <tony.ambardar@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
	linux-arch@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>
Subject: Re: [PATCH bpf v1 1/3] bpf: fix sysfs export of empty BTF section
Date: Mon, 21 Sep 2020 12:21:20 -0700	[thread overview]
Message-ID: <CAEf4BzYzVzWEePW6H=2NXY1egeYn4VFVWpnP9EZgqKd+ckZLeg@mail.gmail.com> (raw)
In-Reply-To: <b38db205a66238f70823039a8c531535864eaac5.1600417359.git.Tony.Ambardar@gmail.com>

On Sat, Sep 19, 2020 at 10:05 PM Tony Ambardar <tony.ambardar@gmail.com> wrote:
>
> If BTF data is missing or removed from the ELF section it is still exported
> via sysfs as a zero-length file:
>
>   root@OpenWrt:/# ls -l /sys/kernel/btf/vmlinux
>   -r--r--r--    1 root    root    0 Jul 18 02:59 /sys/kernel/btf/vmlinux
>
> Moreover, reads from this file succeed and leak kernel data:
>
>   root@OpenWrt:/# hexdump -C /sys/kernel/btf/vmlinux|head -10
>   000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
>   *
>   000cc0 00 00 00 00 00 00 00 00 00 00 00 00 80 83 b0 80 |................|
>   000cd0 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
>   000ce0 00 00 00 00 00 00 00 00 00 00 00 00 57 ac 6e 9d |............W.n.|
>   000cf0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
>   *
>   002650 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 01 |................|
>   002660 80 82 9a c4 80 85 97 80 81 a9 51 68 00 00 00 02 |..........Qh....|
>   002670 80 25 44 dc 80 85 97 80 81 a9 50 24 81 ab c4 60 |.%D.......P$...`|
>
> This situation was first observed with kernel 5.4.x, cross-compiled for a
> MIPS target system. Fix by adding a sanity-check for export of zero-length
> data sections.
>
> Fixes: 341dfcf8d78e ("btf: expose BTF info through sysfs")
>
> Signed-off-by: Tony Ambardar <Tony.Ambardar@gmail.com>
> ---

Apparently sysfs infrastructure doesn't validate read position and
size when bin_attribute's size is 0, and just expects read callback to
handle such situation explicitly. Preventing sysfs entry from
registering seems like a good solution. Thanks!

Acked-by: Andrii Nakryiko <andriin@fb.com>

>  kernel/bpf/sysfs_btf.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/kernel/bpf/sysfs_btf.c b/kernel/bpf/sysfs_btf.c
> index 3b495773de5a..11b3380887fa 100644
> --- a/kernel/bpf/sysfs_btf.c
> +++ b/kernel/bpf/sysfs_btf.c
> @@ -30,15 +30,15 @@ static struct kobject *btf_kobj;
>
>  static int __init btf_vmlinux_init(void)
>  {
> -       if (!__start_BTF)
> +       bin_attr_btf_vmlinux.size = __stop_BTF - __start_BTF;
> +
> +       if (!__start_BTF || bin_attr_btf_vmlinux.size == 0)
>                 return 0;
>
>         btf_kobj = kobject_create_and_add("btf", kernel_kobj);
>         if (!btf_kobj)
>                 return -ENOMEM;
>
> -       bin_attr_btf_vmlinux.size = __stop_BTF - __start_BTF;
> -
>         return sysfs_create_bin_file(btf_kobj, &bin_attr_btf_vmlinux);
>  }
>
> --
> 2.25.1
>

  parent reply	other threads:[~2020-09-21 19:21 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-20  5:01 [PATCH bpf v1 0/3] fix BTF usage on embedded systems Tony Ambardar
2020-09-20  5:01 ` [PATCH bpf v1 1/3] bpf: fix sysfs export of empty BTF section Tony Ambardar
2020-09-21 15:44   ` John Fastabend
2020-09-21 19:21   ` Andrii Nakryiko [this message]
2020-09-20  5:01 ` [PATCH bpf v1 2/3] bpf: prevent .BTF section elimination Tony Ambardar
2020-09-21 15:45   ` John Fastabend
2020-09-20  5:01 ` [PATCH bpf v1 3/3] libbpf: fix native endian assumption when parsing BTF Tony Ambardar
2020-09-21 15:46   ` John Fastabend
2020-09-21 19:24 ` [PATCH bpf v1 0/3] fix BTF usage on embedded systems Andrii Nakryiko
2020-09-21 20:52 ` Daniel Borkmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAEf4BzYzVzWEePW6H=2NXY1egeYn4VFVWpnP9EZgqKd+ckZLeg@mail.gmail.com' \
    --to=andrii.nakryiko@gmail.com \
    --cc=arnd@arndb.de \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=linux-arch@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=tony.ambardar@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.