From: Paul Moore <paul@paul-moore.com>
To: Stanislav Fomichev <sdf@google.com>
Cc: linux-audit@redhat.com, bpf@vger.kernel.org,
Alexei Starovoitov <ast@kernel.org>,
Burn Alting <burn.alting@iinet.net.au>
Subject: Re: [PATCH] bpf: restore the ebpf audit UNLOAD id field
Date: Fri, 23 Dec 2022 10:30:08 -0500 [thread overview]
Message-ID: <CAHC9VhTdRC8VqrnnHaM=jBtrgdb2KrqM7-4Z==qcQTosbXfJMg@mail.gmail.com> (raw)
In-Reply-To: <CAKH8qBszD=PYO_nVjYUTnj7UXVcBvA95meULQGs53eyo9xfD+A@mail.gmail.com>
On Thu, Dec 22, 2022 at 4:28 PM Stanislav Fomichev <sdf@google.com> wrote:
> On Thu, Dec 22, 2022 at 12:07 PM Paul Moore <paul@paul-moore.com> wrote:
> > On Thu, Dec 22, 2022 at 2:59 PM Paul Moore <paul@paul-moore.com> wrote:
> > > On Thu, Dec 22, 2022 at 2:40 PM <sdf@google.com> wrote:
> > > > On 12/22, Paul Moore wrote:
> > > > > On Thu, Dec 22, 2022 at 12:19 PM <sdf@google.com> wrote:
> > > > > > On 12/21, Paul Moore wrote:
...
> > > FWIW, the currently-work-in-progress v2 patch adds a getter for the ID
> > > with a WARN() check to flag callers who are trying to access a
> > > bad/free'd bpf_prog. Unfortunately it touches a decent chunk of code,
> > > but I think it might be a nice additional check at runtime.
> > >
> > > +u32 bpf_prog_get_id(const struct bpf_prog *prog)
> > > +{
> > > + if (WARN(!prog->valid_id, "Attempting to use invalid eBPF program"))
> > > + return 0;
> > > + return prog->aux->__id;
> > > +}
> >
> > I should add that the getter is currently a static inline in bpf.h.
>
> I don't see why we need to WARN on !valid_id, but I might be missing something.
> There are no places currently where we report 'id == 0' to the
> userspace, so we only need to take care of the offloaded case that
> resets id to zero early (instead of resetting it during regular
> __bpf_prog_put path).
I put the WARN there, in place of a normal 'if (!prog->valid_id)', as
an extra runtime check/debug-tool for those who have CONFIG_BUG
enabled. I'm sure everything works properly now with respect to not
using a bpf_prog reference after it has been free'd/released, but
mistakes do happen - look at the regression/bug that started this
thread :)
If you really don't want the WARN() there, I can replace it with the
simple '!prog->valid_id' check, let me know. It's your code, you
should maintain it how you want; I just want to make sure we are
generating audit records correctly.
> > > > > I'm not seeing any other comments, so I'll go ahead with putting
> > > > > together a v2 that sets an invalid flag/bit and I'll post that for
> > > > > further discussion/review.
--
paul-moore.com
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <paul@paul-moore.com>
To: Stanislav Fomichev <sdf@google.com>
Cc: bpf@vger.kernel.org, linux-audit@redhat.com,
Burn Alting <burn.alting@iinet.net.au>,
Alexei Starovoitov <ast@kernel.org>
Subject: Re: [PATCH] bpf: restore the ebpf audit UNLOAD id field
Date: Fri, 23 Dec 2022 10:30:08 -0500 [thread overview]
Message-ID: <CAHC9VhTdRC8VqrnnHaM=jBtrgdb2KrqM7-4Z==qcQTosbXfJMg@mail.gmail.com> (raw)
In-Reply-To: <CAKH8qBszD=PYO_nVjYUTnj7UXVcBvA95meULQGs53eyo9xfD+A@mail.gmail.com>
On Thu, Dec 22, 2022 at 4:28 PM Stanislav Fomichev <sdf@google.com> wrote:
> On Thu, Dec 22, 2022 at 12:07 PM Paul Moore <paul@paul-moore.com> wrote:
> > On Thu, Dec 22, 2022 at 2:59 PM Paul Moore <paul@paul-moore.com> wrote:
> > > On Thu, Dec 22, 2022 at 2:40 PM <sdf@google.com> wrote:
> > > > On 12/22, Paul Moore wrote:
> > > > > On Thu, Dec 22, 2022 at 12:19 PM <sdf@google.com> wrote:
> > > > > > On 12/21, Paul Moore wrote:
...
> > > FWIW, the currently-work-in-progress v2 patch adds a getter for the ID
> > > with a WARN() check to flag callers who are trying to access a
> > > bad/free'd bpf_prog. Unfortunately it touches a decent chunk of code,
> > > but I think it might be a nice additional check at runtime.
> > >
> > > +u32 bpf_prog_get_id(const struct bpf_prog *prog)
> > > +{
> > > + if (WARN(!prog->valid_id, "Attempting to use invalid eBPF program"))
> > > + return 0;
> > > + return prog->aux->__id;
> > > +}
> >
> > I should add that the getter is currently a static inline in bpf.h.
>
> I don't see why we need to WARN on !valid_id, but I might be missing something.
> There are no places currently where we report 'id == 0' to the
> userspace, so we only need to take care of the offloaded case that
> resets id to zero early (instead of resetting it during regular
> __bpf_prog_put path).
I put the WARN there, in place of a normal 'if (!prog->valid_id)', as
an extra runtime check/debug-tool for those who have CONFIG_BUG
enabled. I'm sure everything works properly now with respect to not
using a bpf_prog reference after it has been free'd/released, but
mistakes do happen - look at the regression/bug that started this
thread :)
If you really don't want the WARN() there, I can replace it with the
simple '!prog->valid_id' check, let me know. It's your code, you
should maintain it how you want; I just want to make sure we are
generating audit records correctly.
> > > > > I'm not seeing any other comments, so I'll go ahead with putting
> > > > > together a v2 that sets an invalid flag/bit and I'll post that for
> > > > > further discussion/review.
--
paul-moore.com
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2022-12-23 15:30 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-22 0:13 [PATCH] bpf: restore the ebpf audit UNLOAD id field Paul Moore
2022-12-22 0:13 ` Paul Moore
2022-12-22 17:19 ` sdf
2022-12-22 17:19 ` sdf
2022-12-22 19:03 ` Paul Moore
2022-12-22 19:03 ` Paul Moore
2022-12-22 19:40 ` sdf
2022-12-22 19:40 ` sdf
2022-12-22 19:59 ` Paul Moore
2022-12-22 19:59 ` Paul Moore
2022-12-22 20:07 ` Paul Moore
2022-12-22 20:07 ` Paul Moore
2022-12-22 21:27 ` Stanislav Fomichev
2022-12-22 21:27 ` Stanislav Fomichev
2022-12-23 15:30 ` Paul Moore [this message]
2022-12-23 15:30 ` Paul Moore
2022-12-22 23:20 ` Jiri Olsa
2022-12-22 23:20 ` Jiri Olsa
2022-12-23 15:37 ` Paul Moore
2022-12-23 15:37 ` Paul Moore
2022-12-23 15:58 ` Paul Moore
2022-12-23 15:58 ` Paul Moore
2022-12-23 18:03 ` Jiri Olsa
2022-12-23 18:03 ` Jiri Olsa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHC9VhTdRC8VqrnnHaM=jBtrgdb2KrqM7-4Z==qcQTosbXfJMg@mail.gmail.com' \
--to=paul@paul-moore.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=burn.alting@iinet.net.au \
--cc=linux-audit@redhat.com \
--cc=sdf@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.