leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bc23105ca0
linux/kernel/trace
History
Daniel Borkmann bc23105ca0 bpf: fix context access in tracing progs on 32 bit archs 
Wang reported that all the testcases for BPF_PROG_TYPE_PERF_EVENT
program type in test_verifier report the following errors on x86_32:

  172/p unpriv: spill/fill of different pointers ldx FAIL
  Unexpected error message!
  0: (bf) r6 = r10
  1: (07) r6 += -8
  2: (15) if r1 == 0x0 goto pc+3
  R1=ctx(id=0,off=0,imm=0) R6=fp-8,call_-1 R10=fp0,call_-1
  3: (bf) r2 = r10
  4: (07) r2 += -76
  5: (7b) *(u64 *)(r6 +0) = r2
  6: (55) if r1 != 0x0 goto pc+1
  R1=ctx(id=0,off=0,imm=0) R2=fp-76,call_-1 R6=fp-8,call_-1 R10=fp0,call_-1 fp-8=fp
  7: (7b) *(u64 *)(r6 +0) = r1
  8: (79) r1 = *(u64 *)(r6 +0)
  9: (79) r1 = *(u64 *)(r1 +68)
  invalid bpf_context access off=68 size=8

  378/p check bpf_perf_event_data->sample_period byte load permitted FAIL
  Failed to load prog 'Permission denied'!
  0: (b7) r0 = 0
  1: (71) r0 = *(u8 *)(r1 +68)
  invalid bpf_context access off=68 size=1

  379/p check bpf_perf_event_data->sample_period half load permitted FAIL
  Failed to load prog 'Permission denied'!
  0: (b7) r0 = 0
  1: (69) r0 = *(u16 *)(r1 +68)
  invalid bpf_context access off=68 size=2

  380/p check bpf_perf_event_data->sample_period word load permitted FAIL
  Failed to load prog 'Permission denied'!
  0: (b7) r0 = 0
  1: (61) r0 = *(u32 *)(r1 +68)
  invalid bpf_context access off=68 size=4

  381/p check bpf_perf_event_data->sample_period dword load permitted FAIL
  Failed to load prog 'Permission denied'!
  0: (b7) r0 = 0
  1: (79) r0 = *(u64 *)(r1 +68)
  invalid bpf_context access off=68 size=8

Reason is that struct pt_regs on x86_32 doesn't fully align to 8 byte
boundary due to its size of 68 bytes. Therefore, bpf_ctx_narrow_access_ok()
will then bail out saying that off & (size_default - 1) which is 68 & 7
doesn't cleanly align in the case of sample_period access from struct
bpf_perf_event_data, hence verifier wrongly thinks we might be doing an
unaligned access here though underlying arch can handle it just fine.
Therefore adjust this down to machine size and check and rewrite the
offset for narrow access on that basis. We also need to fix corresponding
pe_prog_is_valid_access(), since we hit the check for off % size != 0
(e.g. 68 % 8 -> 4) in the first and last test. With that in place, progs
for tracing work on x86_32.

Reported-by: Wang YanQing <udknight@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Tested-by: Wang YanQing <udknight@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2018-06-03 07:46:56 -07:00
..
blktrace.c blktrace: fix trace mutex deadlock 2017-11-27 12:03:58 -07:00
bpf_trace.c bpf: fix context access in tracing progs on 32 bit archs 2018-06-03 07:46:56 -07:00
ftrace.c ftrace: Have set_graph_* files have normal file modes 2018-05-03 11:55:31 -04:00
Kconfig tracing: Add inter-event blurb to HIST_TRIGGERS config option 2018-03-10 16:06:05 -05:00
Makefile Tracing updates for 4.15: 2017-11-17 14:58:01 -08:00
power-traces.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ring_buffer_benchmark.c ring-buffer: Have ring_buffer_alloc_read_page() return error on offline CPU 2017-08-02 14:23:02 -04:00
ring_buffer.c ring-buffer: Add set/clear_current_oom_origin() during allocations 2018-04-06 08:56:52 -04:00
rpm-traces.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_benchmark.c trace: Eliminate cond_resched_rcu_qs() in favor of cond_resched() 2017-12-04 10:28:58 -08:00
trace_benchmark.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_branch.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_clock.c tracing: Hide global trace clock from lockdep 2018-04-06 08:56:52 -04:00
trace_entries.h tracing: Fix missing tab for hwlat_detector print format 2018-04-25 10:28:46 -04:00
trace_event_perf.c perf/core: Fix perf_uprobe_init() 2018-04-10 07:33:10 +02:00
trace_events_filter_test.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_events_filter.c tracing: Fix regex_match_front() to not over compare the test string 2018-05-11 10:56:42 -04:00
trace_events_hist.c tracing: Add field modifier parsing hist error for hist triggers 2018-04-26 21:39:58 -04:00
trace_events_trigger.c tracing: Add variable reference handling to hist triggers 2018-03-10 16:05:58 -05:00
trace_events.c tracing: Make sure the parsed string always terminates with '\0' 2018-01-23 15:57:28 -05:00
trace_export.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_functions_graph.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_functions.c tracing: Update stack trace skipping for ORC unwinder 2018-01-23 15:57:00 -05:00
trace_hwlat.c trace: make trace_hwlat timestamp y2038 safe 2017-05-08 17:15:15 -07:00
trace_irqsoff.c tracing: Add support for preempt and irq enable/disable events 2017-10-10 18:58:43 -04:00
trace_kdb.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_kprobe.c bpf: introduce bpf subcommand BPF_TASK_FD_QUERY 2018-05-24 18:18:19 -07:00
trace_mmiotrace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_nop.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_output.c sched/debug: Rename task-state printing helpers 2017-10-10 11:43:29 +02:00
trace_output.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_printk.c treewide: Align function definition open/close braces 2018-03-26 11:13:09 +02:00
trace_probe.c tracing: probeevent: Fix to support minus offset from symbol 2018-03-23 12:02:37 -04:00
trace_probe.h Merge branch 'perf/urgent' into perf/core 2018-03-29 16:03:48 +02:00
trace_sched_switch.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_sched_wakeup.c Merge branch 'linus' into sched/core, to pick up fixes 2017-11-08 10:17:15 +01:00
trace_selftest_dynamic.c ftrace: Mark function tracer test functions noinline/noclone 2018-01-23 15:57:29 -05:00
trace_selftest.c Tracing updates for 4.15: 2017-11-17 14:58:01 -08:00
trace_seq.c
trace_stack.c tracing: Fix the file mode of stack tracer 2018-05-03 11:58:05 -04:00
trace_stat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_stat.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
trace_syscalls.c Tracing updates for 4.15: 2017-11-17 14:58:01 -08:00
trace_uprobe.c bpf: introduce bpf subcommand BPF_TASK_FD_QUERY 2018-05-24 18:18:19 -07:00
trace.c Revert: Unify CLOCK_MONOTONIC and CLOCK_BOOTTIME 2018-04-26 14:53:32 +02:00
trace.h tracing: Rewrite filter logic to be simpler and faster 2018-03-14 12:35:39 -04:00
tracing_map.c tracing: Add per-element variable support to tracing_map 2018-03-10 16:05:53 -05:00
tracing_map.h tracing: Add per-element variable support to tracing_map 2018-03-10 16:05:53 -05:00