All of lore.kernel.org
 help / color / mirror / Atom feed
* extended bpf_send_signal_thread with argument
@ 2021-01-31 11:14 Dmitry Vyukov
  2021-02-01  9:22 ` Peter Zijlstra
  0 siblings, 1 reply; 4+ messages in thread
From: Dmitry Vyukov @ 2021-01-31 11:14 UTC (permalink / raw)
  To: Steven Rostedt, Ingo Molnar, Alexei Starovoitov, Daniel Borkmann,
	andrii, Martin KaFai Lau, David Miller, kpsingh, John Fastabend,
	netdev, bpf, LKML, Peter Zijlstra

Hi,

I would like to send a signal from a bpf program invoked from a
perf_event. There is:

// kernel/trace/bpf_trace.c
BPF_CALL_1(bpf_send_signal_thread, u32, sig)

which is nice, but it does not allow me to pass any arguments.
I can use a bpf map indexed by pid to "pass" some additional info, but
it's messy and slow (and may cause some synchronization issues, I am
not sure yet).

Signals allow to pass additional arguments, it would be nice to expose
this to bpf programs as well. Any objections? Do you see any potential
issues with this? On the implementation side it seems to be almost
trivial to add something like this:

BPF_CALL_2(bpf_send_signal_thread_ex, u32, sig, uintptr_t sival)

However, siginfo_t is way larger and allows to pass a whole lot of
info, and the latest user-space APIs pidfd_send_signal just directly
accepts siginfo_t (and rt_tgsigqueueinfo as well). But I am not sure
how to expose it according to bpf rules. Could we do something like
(pass whatever you want, it's your business)?

BPF_CALL_2(bpf_send_signal_thread_ex, u32, sig, char siginfo[sizeof(siginfo_t)])

Does it make sense? If yes, what would be the best way to expose this?

Thanks

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: extended bpf_send_signal_thread with argument
  2021-01-31 11:14 extended bpf_send_signal_thread with argument Dmitry Vyukov
@ 2021-02-01  9:22 ` Peter Zijlstra
  2021-02-01  9:42   ` Dmitry Vyukov
  0 siblings, 1 reply; 4+ messages in thread
From: Peter Zijlstra @ 2021-02-01  9:22 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: Steven Rostedt, Ingo Molnar, Alexei Starovoitov, Daniel Borkmann,
	andrii, Martin KaFai Lau, David Miller, kpsingh, John Fastabend,
	netdev, bpf, LKML

On Sun, Jan 31, 2021 at 12:14:02PM +0100, Dmitry Vyukov wrote:
> Hi,
> 
> I would like to send a signal from a bpf program invoked from a
> perf_event. There is:

You can't. Sending signals requires sighand lock, and you're not allowed
to take locks from perf_event context.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: extended bpf_send_signal_thread with argument
  2021-02-01  9:22 ` Peter Zijlstra
@ 2021-02-01  9:42   ` Dmitry Vyukov
  2021-02-01 13:33     ` Peter Zijlstra
  0 siblings, 1 reply; 4+ messages in thread
From: Dmitry Vyukov @ 2021-02-01  9:42 UTC (permalink / raw)
  To: Peter Zijlstra
  Cc: Steven Rostedt, Ingo Molnar, Alexei Starovoitov, Daniel Borkmann,
	andrii, Martin KaFai Lau, David Miller, kpsingh, John Fastabend,
	netdev, bpf, LKML

On Mon, Feb 1, 2021 at 10:22 AM Peter Zijlstra <peterz@infradead.org> wrote:
>
> On Sun, Jan 31, 2021 at 12:14:02PM +0100, Dmitry Vyukov wrote:
> > Hi,
> >
> > I would like to send a signal from a bpf program invoked from a
> > perf_event. There is:
>
> You can't. Sending signals requires sighand lock, and you're not allowed
> to take locks from perf_event context.


Then we just found a vulnerability because there is
bpf_send_signal_thread which can be attached to perf and it passes the
verifier :)
https://elixir.bootlin.com/linux/v5.11-rc5/source/kernel/trace/bpf_trace.c#L1145

It can defer sending the signal to the exit of irq context:
https://elixir.bootlin.com/linux/v5.11-rc5/source/kernel/trace/bpf_trace.c#L1108
Perhaps this is what makes it work?

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: extended bpf_send_signal_thread with argument
  2021-02-01  9:42   ` Dmitry Vyukov
@ 2021-02-01 13:33     ` Peter Zijlstra
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Zijlstra @ 2021-02-01 13:33 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: Steven Rostedt, Ingo Molnar, Alexei Starovoitov, Daniel Borkmann,
	andrii, Martin KaFai Lau, David Miller, kpsingh, John Fastabend,
	netdev, bpf, LKML

On Mon, Feb 01, 2021 at 10:42:47AM +0100, Dmitry Vyukov wrote:
> On Mon, Feb 1, 2021 at 10:22 AM Peter Zijlstra <peterz@infradead.org> wrote:
> >
> > On Sun, Jan 31, 2021 at 12:14:02PM +0100, Dmitry Vyukov wrote:
> > > Hi,
> > >
> > > I would like to send a signal from a bpf program invoked from a
> > > perf_event. There is:
> >
> > You can't. Sending signals requires sighand lock, and you're not allowed
> > to take locks from perf_event context.
> 
> 
> Then we just found a vulnerability because there is
> bpf_send_signal_thread which can be attached to perf and it passes the
> verifier :)
> https://elixir.bootlin.com/linux/v5.11-rc5/source/kernel/trace/bpf_trace.c#L1145
> 
> It can defer sending the signal to the exit of irq context:
> https://elixir.bootlin.com/linux/v5.11-rc5/source/kernel/trace/bpf_trace.c#L1108
> Perhaps this is what makes it work?

Yes.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-02-01 13:35 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-31 11:14 extended bpf_send_signal_thread with argument Dmitry Vyukov
2021-02-01  9:22 ` Peter Zijlstra
2021-02-01  9:42   ` Dmitry Vyukov
2021-02-01 13:33     ` Peter Zijlstra

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.