[PATCH bpf-next v3 0/4] Fix 32-bit arch and compat support for the kprobe_multi attach type

From: Eugene Syromiatnikov
Date: Tue May 17 2022 - 03:38:46 EST

Next message: Eugene Syromiatnikov: "[PATCH bpf-next v3 4/4] bpf_trace: pass array of u64 values in kprobe_multi.addrs"
Previous message: Tvrtko Ursulin: "Re: linux-next: Tree for May 16 (drm/i915/gt/intel_gt_sysfs_pm.c)"
Next in thread: Eugene Syromiatnikov: "[PATCH bpf-next v3 1/4] bpf_trace: check size for overflow in bpf_kprobe_multi_link_attach"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As suggested in [1], the kprobe_multi interface is to be fixed for 32-bit
architectures and compat, rather then disabled. As it turned out,
there are a couple of additional problems that are to be addressed:
- the absence of size overflow checks, leading to possible
out-of-bounds writes (addressed by the first patch; this one likely has
to be fixed in 5.18, where the version of the patch from [3]
may be preferrable, along with [4] to avoid applying the rest
of the series);
- the assumption that long has the same size as u64, which would make
cookies arrays size calculation incorrect on 32-bit architectures
(addressed by the second patch);
- the addrs array passing API, that is incompatible with compat and has
to be changed (addressed in the fourth patch): those are kernel
addresses and not user ones (as was incorrectly stated in [2]);
this change is only semantical for 64-bit user/kernelspace,
so it shouldn't impact ABI there, at least.

[1] https://lore.kernel.org/lkml/CAADnVQ+2gwhcMht4PuDnDOFKY68Wsq8QFz4Y69NBX_TLaSexQQ@xxxxxxxxxxxxxx/
[2] https://lore.kernel.org/lkml/20220510184155.GA8295@xxxxxxxxxxxxxxxxx/
[3] https://lore.kernel.org/lkml/20220516230455.GA25103@xxxxxxxxxxxxxxxxx/
[4] https://lore.kernel.org/lkml/20220506142148.GA24802@xxxxxxxxxxxxxxxxx/

v3:
- Rebased on top of bpf-next
- Removed unnecessary size/cookies_size assignments as suggested
by Yonghong Sond

v2: https://lore.kernel.org/lkml/20220516230441.GA22091@xxxxxxxxxxxxxxxxx/
- Fixed the isses reported by CI

v1: https://lore.kernel.org/lkml/20220516182657.GA28596@xxxxxxxxxxxxxxxxx/

Eugene Syromiatnikov (4):
bpf_trace: check size for overflow in bpf_kprobe_multi_link_attach
bpf_trace: support 32-bit kernels in bpf_kprobe_multi_link_attach
bpf_trace: handle compat in copy_user_syms
bpf_trace: pass array of u64 values in kprobe_multi.addrs

kernel/trace/bpf_trace.c | 67 ++++++++++++++++------
tools/lib/bpf/bpf.h | 2 +-
tools/lib/bpf/libbpf.c | 8 +--
tools/lib/bpf/libbpf.h | 2 +-
.../testing/selftests/bpf/prog_tests/bpf_cookie.c | 2 +-
.../selftests/bpf/prog_tests/kprobe_multi_test.c | 8 +--
6 files changed, 62 insertions(+), 27 deletions(-)

--
2.1.4

Next message: Eugene Syromiatnikov: "[PATCH bpf-next v3 4/4] bpf_trace: pass array of u64 values in kprobe_multi.addrs"
Previous message: Tvrtko Ursulin: "Re: linux-next: Tree for May 16 (drm/i915/gt/intel_gt_sysfs_pm.c)"
Next in thread: Eugene Syromiatnikov: "[PATCH bpf-next v3 1/4] bpf_trace: check size for overflow in bpf_kprobe_multi_link_attach"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]