[PW_SID:971692] bpf: deny trampoline attachment if args can not be located exactly on stack#526
[PW_SID:971692] bpf: deny trampoline attachment if args can not be located exactly on stack#526linux-riscv-bot wants to merge 8 commits into
Conversation
x86 allows using up to 6 registers to pass arguments between function calls. This value is hardcoded in multiple places, use a define for this value. Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
… uncertain When the target function receives more arguments than available registers, the additional arguments are passed on stack, and so the generated trampoline needs to read those to prepare the bpf context, but also to prepare the target function stack when it is in charge of calling it. This works well for scalar types, but if the value is a struct, we can not know for sure the exact struct location, as it may have been packed or manually aligned to a greater value. Prevent wrong readings by refusing trampoline attachment if the target function receives a struct on stack. While at it, move the max bpf args check in the new function. Fixes: 473e315 ("bpf, x86: allow function arguments up to 12 for TRACING") Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
…is uncertain When the target function receives more arguments than available registers, the additional arguments are passed on stack, and so the generated trampoline needs to read those to prepare the bpf context, but also to prepare the target function stack when it is in charge of calling it. This works well for scalar types, but if the value is a struct, we can not know for sure the exact struct location, as it may have been packed or manually aligned to a greater value. Prevent wrong readings by refusing trampoline attachment if the target function receives a struct on stack. While at it, move the max bpf args check in the new function. Fixes: 6801b0a ("riscv, bpf: Add 12-argument support for RV64 bpf trampoline") Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
…s uncertain When the target function receives more arguments than available registers, the additional arguments are passed on stack, and so the generated trampoline needs to read those to prepare the bpf context, but also to prepare the target function stack when it is in charge of calling it. This works well for scalar types, but if the value is a struct, we can not know for sure the exact struct location, as it may have been packed or manually aligned to a greater value. Prevent wrong readings by refusing trampoline attachment if the target function receives a struct on stack. While doing so, move the existing check (ensuring that the number of args passed on stack is not higher than MAX_NR_STACK_ARGS) into the newly created check function. Fixes: 528eb2c ("s390/bpf: Implement arch_prepare_bpf_trampoline()") Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
powerpc allows using up to 8 registers to pass arguments between function calls. This value is hardcoded in multiple places, use a define for this value. Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
…ack is uncertain When the target function receives more arguments than available registers, the additional arguments are passed on stack, and so the generated trampoline needs to read those to prepare the bpf context, but also to prepare the target function stack when it is in charge of calling it. This works well for scalar types, but if the value is a struct, we can not know for sure the exact struct location, as it may have been packed or manually aligned to a greater value. Prevent wrong readings by refusing trampoline attachment if the target function receives a struct on stack. While at it, move the max bpf args check in the new function. Fixes: d243b62 ("powerpc64/bpf: Add support for bpf trampolines") Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
… be hooked When attaching ebpf programs to functions through fentry/fexit, the generated trampolines can not really make sure about the arguments exact location on the stack if those are structures: those structures can be altered with attributes such as packed or aligned(x), but this information is not encoded in BTF. Update tracing_struct_many_args test to check that programs can not be attached on those specific functions. Not all architectures can use the same number of registers to pass arguments, so define a testing function that makes all currently supported architectures start passing arguments on stack (-> more than 8 args) Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com> Signed-off-by: Linux RISC-V bot <linux.riscv.bot@gmail.com>
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 1: "[bpf,1/7] bpf/x86: use define for max regs count used for arguments" |
|
Patch 2: "[bpf,2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 2: "[bpf,2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 2: "[bpf,2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 2: "[bpf,2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 2: "[bpf,2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 2: "[bpf,2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 2: "[bpf,2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 2: "[bpf,2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 2: "[bpf,2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 2: "[bpf,2/7] bpf/x86: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 5: "[bpf,5/7] bpf/powerpc64: use define for max regs count used for arguments" |
|
Patch 5: "[bpf,5/7] bpf/powerpc64: use define for max regs count used for arguments" |
|
Patch 5: "[bpf,5/7] bpf/powerpc64: use define for max regs count used for arguments" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 6: "[bpf,6/7] bpf/powerpc64: prevent trampoline attachment when args location on stack is uncertain" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
|
Patch 7: "[bpf,7/7] selftests/bpf: ensure that functions passing structs on stack can not be hooked" |
linux-riscv-bot
force-pushed
the
workflow__riscv__fixes
branch
from
8023d1f to
6ce2eef
Compare
2 participants
PR for series 971692 applied to workflow__riscv__fixes
Name: bpf: deny trampoline attachment if args can not be located exactly on stack
URL: https://patchwork.kernel.org/project/linux-riscv/list/?series=971692
Version: 1