From: Paul Moore <paul@paul-moore.com> To: Stanislav Fomichev <sdf@google.com> Cc: linux-audit@redhat.com, bpf@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>, Burn Alting <burn.alting@iinet.net.au> Subject: Re: [PATCH] bpf: restore the ebpf audit UNLOAD id field Date: Fri, 23 Dec 2022 10:30:08 -0500 [thread overview] Message-ID: <CAHC9VhTdRC8VqrnnHaM=jBtrgdb2KrqM7-4Z==qcQTosbXfJMg@mail.gmail.com> (raw) In-Reply-To: <CAKH8qBszD=PYO_nVjYUTnj7UXVcBvA95meULQGs53eyo9xfD+A@mail.gmail.com> On Thu, Dec 22, 2022 at 4:28 PM Stanislav Fomichev <sdf@google.com> wrote: > On Thu, Dec 22, 2022 at 12:07 PM Paul Moore <paul@paul-moore.com> wrote: > > On Thu, Dec 22, 2022 at 2:59 PM Paul Moore <paul@paul-moore.com> wrote: > > > On Thu, Dec 22, 2022 at 2:40 PM <sdf@google.com> wrote: > > > > On 12/22, Paul Moore wrote: > > > > > On Thu, Dec 22, 2022 at 12:19 PM <sdf@google.com> wrote: > > > > > > On 12/21, Paul Moore wrote: ... > > > FWIW, the currently-work-in-progress v2 patch adds a getter for the ID > > > with a WARN() check to flag callers who are trying to access a > > > bad/free'd bpf_prog. Unfortunately it touches a decent chunk of code, > > > but I think it might be a nice additional check at runtime. > > > > > > +u32 bpf_prog_get_id(const struct bpf_prog *prog) > > > +{ > > > + if (WARN(!prog->valid_id, "Attempting to use invalid eBPF program")) > > > + return 0; > > > + return prog->aux->__id; > > > +} > > > > I should add that the getter is currently a static inline in bpf.h. > > I don't see why we need to WARN on !valid_id, but I might be missing something. > There are no places currently where we report 'id == 0' to the > userspace, so we only need to take care of the offloaded case that > resets id to zero early (instead of resetting it during regular > __bpf_prog_put path). I put the WARN there, in place of a normal 'if (!prog->valid_id)', as an extra runtime check/debug-tool for those who have CONFIG_BUG enabled. I'm sure everything works properly now with respect to not using a bpf_prog reference after it has been free'd/released, but mistakes do happen - look at the regression/bug that started this thread :) If you really don't want the WARN() there, I can replace it with the simple '!prog->valid_id' check, let me know. It's your code, you should maintain it how you want; I just want to make sure we are generating audit records correctly. > > > > > I'm not seeing any other comments, so I'll go ahead with putting > > > > > together a v2 that sets an invalid flag/bit and I'll post that for > > > > > further discussion/review. -- paul-moore.com
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <paul@paul-moore.com> To: Stanislav Fomichev <sdf@google.com> Cc: bpf@vger.kernel.org, linux-audit@redhat.com, Burn Alting <burn.alting@iinet.net.au>, Alexei Starovoitov <ast@kernel.org> Subject: Re: [PATCH] bpf: restore the ebpf audit UNLOAD id field Date: Fri, 23 Dec 2022 10:30:08 -0500 [thread overview] Message-ID: <CAHC9VhTdRC8VqrnnHaM=jBtrgdb2KrqM7-4Z==qcQTosbXfJMg@mail.gmail.com> (raw) In-Reply-To: <CAKH8qBszD=PYO_nVjYUTnj7UXVcBvA95meULQGs53eyo9xfD+A@mail.gmail.com> On Thu, Dec 22, 2022 at 4:28 PM Stanislav Fomichev <sdf@google.com> wrote: > On Thu, Dec 22, 2022 at 12:07 PM Paul Moore <paul@paul-moore.com> wrote: > > On Thu, Dec 22, 2022 at 2:59 PM Paul Moore <paul@paul-moore.com> wrote: > > > On Thu, Dec 22, 2022 at 2:40 PM <sdf@google.com> wrote: > > > > On 12/22, Paul Moore wrote: > > > > > On Thu, Dec 22, 2022 at 12:19 PM <sdf@google.com> wrote: > > > > > > On 12/21, Paul Moore wrote: ... > > > FWIW, the currently-work-in-progress v2 patch adds a getter for the ID > > > with a WARN() check to flag callers who are trying to access a > > > bad/free'd bpf_prog. Unfortunately it touches a decent chunk of code, > > > but I think it might be a nice additional check at runtime. > > > > > > +u32 bpf_prog_get_id(const struct bpf_prog *prog) > > > +{ > > > + if (WARN(!prog->valid_id, "Attempting to use invalid eBPF program")) > > > + return 0; > > > + return prog->aux->__id; > > > +} > > > > I should add that the getter is currently a static inline in bpf.h. > > I don't see why we need to WARN on !valid_id, but I might be missing something. > There are no places currently where we report 'id == 0' to the > userspace, so we only need to take care of the offloaded case that > resets id to zero early (instead of resetting it during regular > __bpf_prog_put path). I put the WARN there, in place of a normal 'if (!prog->valid_id)', as an extra runtime check/debug-tool for those who have CONFIG_BUG enabled. I'm sure everything works properly now with respect to not using a bpf_prog reference after it has been free'd/released, but mistakes do happen - look at the regression/bug that started this thread :) If you really don't want the WARN() there, I can replace it with the simple '!prog->valid_id' check, let me know. It's your code, you should maintain it how you want; I just want to make sure we are generating audit records correctly. > > > > > I'm not seeing any other comments, so I'll go ahead with putting > > > > > together a v2 that sets an invalid flag/bit and I'll post that for > > > > > further discussion/review. -- paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2022-12-23 15:30 UTC|newest] Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-12-22 0:13 [PATCH] bpf: restore the ebpf audit UNLOAD id field Paul Moore 2022-12-22 0:13 ` Paul Moore 2022-12-22 17:19 ` sdf 2022-12-22 17:19 ` sdf 2022-12-22 19:03 ` Paul Moore 2022-12-22 19:03 ` Paul Moore 2022-12-22 19:40 ` sdf 2022-12-22 19:40 ` sdf 2022-12-22 19:59 ` Paul Moore 2022-12-22 19:59 ` Paul Moore 2022-12-22 20:07 ` Paul Moore 2022-12-22 20:07 ` Paul Moore 2022-12-22 21:27 ` Stanislav Fomichev 2022-12-22 21:27 ` Stanislav Fomichev 2022-12-23 15:30 ` Paul Moore [this message] 2022-12-23 15:30 ` Paul Moore 2022-12-22 23:20 ` Jiri Olsa 2022-12-22 23:20 ` Jiri Olsa 2022-12-23 15:37 ` Paul Moore 2022-12-23 15:37 ` Paul Moore 2022-12-23 15:58 ` Paul Moore 2022-12-23 15:58 ` Paul Moore 2022-12-23 18:03 ` Jiri Olsa 2022-12-23 18:03 ` Jiri Olsa
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAHC9VhTdRC8VqrnnHaM=jBtrgdb2KrqM7-4Z==qcQTosbXfJMg@mail.gmail.com' \ --to=paul@paul-moore.com \ --cc=ast@kernel.org \ --cc=bpf@vger.kernel.org \ --cc=burn.alting@iinet.net.au \ --cc=linux-audit@redhat.com \ --cc=sdf@google.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.