From: Hao Luo <haoluo@google.com>
To: Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>
Cc: KP Singh <kpsingh@kernel.org>,
bpf@vger.kernel.org, Hao Luo <haoluo@google.com>
Subject: [PATCH bpf-next v2 0/3] bpf: Prevent writing read-only memory
Date: Mon, 25 Oct 2021 16:12:53 -0700 [thread overview]
Message-ID: <20211025231256.4030142-1-haoluo@google.com> (raw)
Currently there are two ways to modify a kernel memory in bpf programs:
1. declare a ksym of scalar type and directly modify its memory.
2. Pass a RDONLY_BUF into a helper function which will override
its arguments. For example, bpf_d_path, bpf_snprintf.
This patchset fixes these two problem. For the first, we introduce a
new reg type PTR_TO_RDONLY_MEM for the scalar typed ksym, which forbids
writing. Second, we introduce a new arg type ARG_PTR_TO_WRITABLE_MEM,
which is a proper subset of the ARG_PTR_TO_MEM and includes only those
reg types that are writable. For helper functions that may override its
argument, they should use ARG_PTR_TO_WRITABLE_MEM. For other helper
functions, they can continue using ARG_PTR_TO_MEM.
There is an alternative solution to the second problem, that is, an
ARG_PTR_TO_CONST_MEM, which represents the current ARG_PTR_TO_MEM, and
ARG_PTR_TO_MEM, which represents the ARG_PTR_TO_WRITABLE_MEM in this
patchset. But I find the naming here is too confusing. Most of the
helper functions should not override their arguments, therefore, using
ARG_PTR_TO_MEM sounds natural.
Hao Luo (3):
bpf: Prevent write to ksym memory
bpf: Introduce ARG_PTR_TO_WRITABLE_MEM
bpf/selftests: Test PTR_TO_RDONLY_MEM
include/linux/bpf.h | 15 +++++-
include/uapi/linux/bpf.h | 4 +-
kernel/bpf/cgroup.c | 2 +-
kernel/bpf/helpers.c | 6 +--
kernel/bpf/verifier.c | 54 ++++++++++++++++---
kernel/trace/bpf_trace.c | 6 +--
net/core/filter.c | 6 +--
tools/include/uapi/linux/bpf.h | 4 +-
.../selftests/bpf/prog_tests/ksyms_btf.c | 14 +++++
.../bpf/progs/test_ksyms_btf_write_check.c | 29 ++++++++++
10 files changed, 116 insertions(+), 24 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/test_ksyms_btf_write_check.c
--
2.33.0.1079.g6e70778dc9-goog
next reply other threads:[~2021-10-25 23:13 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-25 23:12 Hao Luo [this message]
2021-10-25 23:12 ` [PATCH bpf-next 1/3] bpf: Prevent write to ksym memory Hao Luo
2021-10-25 23:12 ` [PATCH bpf-next v2 2/3] bpf: Introduce ARG_PTR_TO_WRITABLE_MEM Hao Luo
2021-10-26 3:48 ` Alexei Starovoitov
2021-10-26 5:14 ` Andrii Nakryiko
2021-10-26 17:59 ` Alexei Starovoitov
2021-10-26 18:13 ` Hao Luo
2021-10-26 18:44 ` Andrii Nakryiko
2021-10-26 19:22 ` Alexei Starovoitov
2021-10-26 21:24 ` Andrii Nakryiko
2021-10-26 5:06 ` Andrii Nakryiko
2021-10-26 17:51 ` Hao Luo
2021-10-26 18:53 ` Andrii Nakryiko
2021-10-26 20:00 ` Hao Luo
2021-10-25 23:12 ` [PATCH bpf-next v2 3/3] bpf/selftests: Test PTR_TO_RDONLY_MEM Hao Luo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211025231256.4030142-1-haoluo@google.com \
--to=haoluo@google.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kpsingh@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.