From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@linux.dev, song@kernel.org, yhs@fb.com,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com,
haoluo@google.com, jolsa@kernel.org, mykolal@fb.com,
shuah@kernel.org, davem@davemloft.net, edumazet@google.com,
kuba@kernel.org, pabeni@redhat.com, jakub@cloudflare.com
Cc: bpf@vger.kernel.org, netdev@vger.kernel.org,
linux-kselftest@vger.kernel.org, cgroups@vger.kernel.org,
linux-kernel@vger.kernel.org, houtao1@huawei.com,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH 0/7] bpf: Add fd modes check for map iter and extend libbpf
Date: Tue, 6 Sep 2022 19:02:54 +0200 [thread overview]
Message-ID: <20220906170301.256206-1-roberto.sassu@huaweicloud.com> (raw)
From: Roberto Sassu <roberto.sassu@huawei.com>
Add a missing fd modes check in map iterators, potentially causing
unauthorized map writes by eBPF programs attached to the iterator. Use this
patch set as an opportunity to start a discussion with the cgroup
developers about whether a security check is missing or not for their
iterator.
Also, extend libbpf with the _opts variant of bpf_*_get_fd_by_id(). Only
bpf_map_get_fd_by_id_opts() is really useful in this patch set, to ensure
that the creation of a map iterator fails with a read-only fd.
Add all variants in this patch set for symmetry with
bpf_map_get_fd_by_id_opts(), and because all the variants share the same
opts structure. Also, add all the variants here, to shrink the patch set
fixing map permissions requested by bpftool, so that the remaining patches
are only about the latter.
Finally, extend the bpf_iter test with the read-only fd check, and test
each _opts variant of bpf_*_get_fd_by_id().
Roberto Sassu (7):
bpf: Add missing fd modes check for map iterators
libbpf: Define bpf_get_fd_opts and introduce
bpf_map_get_fd_by_id_opts()
libbpf: Introduce bpf_prog_get_fd_by_id_opts()
libbpf: Introduce bpf_btf_get_fd_by_id_opts()
libbpf: Introduce bpf_link_get_fd_by_id_opts()
selftests/bpf: Ensure fd modes are checked for map iters and destroy
links
selftests/bpf: Add tests for _opts variants of libbpf
include/linux/bpf.h | 2 +-
kernel/bpf/inode.c | 2 +-
kernel/bpf/map_iter.c | 3 +-
kernel/bpf/syscall.c | 8 +-
net/core/bpf_sk_storage.c | 3 +-
net/core/sock_map.c | 3 +-
tools/lib/bpf/bpf.c | 47 +++++-
tools/lib/bpf/bpf.h | 16 ++
tools/lib/bpf/libbpf.map | 10 +-
tools/lib/bpf/libbpf_version.h | 2 +-
.../selftests/bpf/prog_tests/bpf_iter.c | 34 +++-
.../bpf/prog_tests/libbpf_get_fd_opts.c | 145 ++++++++++++++++++
.../bpf/progs/test_libbpf_get_fd_opts.c | 49 ++++++
13 files changed, 309 insertions(+), 15 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/libbpf_get_fd_opts.c
create mode 100644 tools/testing/selftests/bpf/progs/test_libbpf_get_fd_opts.c
--
2.25.1
next reply other threads:[~2022-09-06 17:41 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-06 17:02 Roberto Sassu [this message]
2022-09-06 17:02 ` [PATCH 1/7] bpf: Add missing fd modes check for map iterators Roberto Sassu
2022-09-06 18:21 ` Alexei Starovoitov
2022-09-07 8:02 ` Roberto Sassu
2022-09-07 16:02 ` Alexei Starovoitov
2022-09-08 13:58 ` Roberto Sassu
2022-09-08 15:17 ` Alexei Starovoitov
2022-09-06 17:02 ` [PATCH 2/7] libbpf: Define bpf_get_fd_opts and introduce bpf_map_get_fd_by_id_opts() Roberto Sassu
2022-09-06 17:02 ` [PATCH 3/7] libbpf: Introduce bpf_prog_get_fd_by_id_opts() Roberto Sassu
2022-09-06 17:02 ` [PATCH 4/7] libbpf: Introduce bpf_btf_get_fd_by_id_opts() Roberto Sassu
2022-09-06 17:02 ` [PATCH 5/7] libbpf: Introduce bpf_link_get_fd_by_id_opts() Roberto Sassu
2022-09-06 17:03 ` [PATCH 6/7] selftests/bpf: Ensure fd modes are checked for map iters and destroy links Roberto Sassu
2022-09-06 17:03 ` [PATCH 7/7] selftests/bpf: Add tests for _opts variants of libbpf Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220906170301.256206-1-roberto.sassu@huaweicloud.com \
--to=roberto.sassu@huaweicloud.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=cgroups@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=haoluo@google.com \
--cc=houtao1@huawei.com \
--cc=jakub@cloudflare.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=mykolal@fb.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=roberto.sassu@huawei.com \
--cc=sdf@google.com \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).