From patchwork Fri Nov 23 18:34:55 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Hutchings X-Patchwork-Id: 1002506 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=codethink.co.uk Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 431lNW0lNNz9s3q for ; Sat, 24 Nov 2018 05:35:07 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2395356AbeKXFUZ (ORCPT ); Sat, 24 Nov 2018 00:20:25 -0500 Received: from imap1.codethink.co.uk ([176.9.8.82]:60741 "EHLO imap1.codethink.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730102AbeKXFUZ (ORCPT ); Sat, 24 Nov 2018 00:20:25 -0500 Received: from cpc118554-reig6-2-0-cust775.6-3.cable.virginm.net ([86.18.95.8] helo=xylophone.i.decadent.org.uk) by imap1.codethink.co.uk with esmtpsa (Exim 4.84_2 #1 (Debian)) id 1gQGI5-0001K6-0V; Fri, 23 Nov 2018 18:34:57 +0000 Date: Fri, 23 Nov 2018 18:34:55 +0000 From: Ben Hutchings To: Alexei Starovoitov , Daniel Borkmann Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/3] bpf/verifier: Log instruction patching when verbose logging is enabled Message-ID: <20181123183455.qjokyt6zpa2yck6s@xylophone.i.decadent.org.uk> References: <20181123183356.5q4bu47zpj5wdufb@xylophone.i.decadent.org.uk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20181123183356.5q4bu47zpj5wdufb@xylophone.i.decadent.org.uk> User-Agent: NeoMutt/20170113 (1.7.2) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org User-space does not have access to the patched eBPF code, but we need to be able to test that patches are being applied. Therefore log distinct messages for each case that requires patching. Signed-off-by: Ben Hutchings --- kernel/bpf/verifier.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 4ce049cd30a3..ea4bc796e545 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5844,6 +5844,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) verbose(env, "bpf verifier is misconfigured\n"); return -EINVAL; } else if (cnt) { + verbose(env, "patching in prologue\n"); new_prog = bpf_patch_insn_data(env, 0, insn_buf, cnt); if (!new_prog) return -ENOMEM; @@ -5892,6 +5893,9 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) }; cnt = ARRAY_SIZE(patch); + verbose(env, + "patching in sanitization against SSB at %d\n", + i + delta); new_prog = bpf_patch_insn_data(env, i + delta, patch, cnt); if (!new_prog) return -ENOMEM; @@ -5973,6 +5977,7 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) } } + verbose(env, "patching explicit ctx access at %d\n", i + delta); new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt); if (!new_prog) return -ENOMEM; @@ -6225,6 +6230,8 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env) cnt = ARRAY_SIZE(mask_and_mod) - (is64 ? 1 : 0); } + verbose(env, "patching in divide-by-zero check at %d\n", + i + delta); new_prog = bpf_patch_insn_data(env, i + delta, patchlet, cnt); if (!new_prog) return -ENOMEM; @@ -6244,6 +6251,8 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env) return -EINVAL; } + verbose(env, "patching implicit ctx access at %d\n", + i + delta); new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt); if (!new_prog) return -ENOMEM; @@ -6307,6 +6316,8 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env) map)->index_mask); insn_buf[2] = *insn; cnt = 3; + verbose(env, "patching in tail-call bounds check at %d", + i + delta); new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt); if (!new_prog) return -ENOMEM; @@ -6342,6 +6353,8 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env) return -EINVAL; } + verbose(env, "patching in map lookup at %d", + i + delta); new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt); if (!new_prog) From patchwork Fri Nov 23 18:35:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Hutchings X-Patchwork-Id: 1002507 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=codethink.co.uk Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 431lNh5b7Nz9s0t for ; Sat, 24 Nov 2018 05:35:16 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2395396AbeKXFUd (ORCPT ); Sat, 24 Nov 2018 00:20:33 -0500 Received: from imap1.codethink.co.uk ([176.9.8.82]:60761 "EHLO imap1.codethink.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728267AbeKXFUc (ORCPT ); Sat, 24 Nov 2018 00:20:32 -0500 Received: from cpc118554-reig6-2-0-cust775.6-3.cable.virginm.net ([86.18.95.8] helo=xylophone.i.decadent.org.uk) by imap1.codethink.co.uk with esmtpsa (Exim 4.84_2 #1 (Debian)) id 1gQGIC-0001Ki-Pf; Fri, 23 Nov 2018 18:35:04 +0000 Date: Fri, 23 Nov 2018 18:35:03 +0000 From: Ben Hutchings To: Alexei Starovoitov , Daniel Borkmann Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/3] selftests/bpf: Add the ability to test for a log message on success Message-ID: <20181123183503.v3gl42innv4zbilw@xylophone.i.decadent.org.uk> References: <20181123183356.5q4bu47zpj5wdufb@xylophone.i.decadent.org.uk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20181123183356.5q4bu47zpj5wdufb@xylophone.i.decadent.org.uk> User-Agent: NeoMutt/20170113 (1.7.2) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This is needed to test that code is being patched when it should be. Signed-off-by: Ben Hutchings --- tools/testing/selftests/bpf/test_verifier.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c index 0f3f97a401c9..e71b7f2e5f17 100644 --- a/tools/testing/selftests/bpf/test_verifier.c +++ b/tools/testing/selftests/bpf/test_verifier.c @@ -76,6 +76,8 @@ struct bpf_test { int fixup_percpu_cgroup_storage[MAX_FIXUPS]; const char *errstr; const char *errstr_unpriv; + const char *infostr; + const char *infostr_unpriv; uint32_t retval, retval_unpriv; enum { UNDEF, @@ -14232,7 +14234,7 @@ static void do_test_single(struct bpf_test *test, bool unpriv, int prog_len, prog_type = test->prog_type; struct bpf_insn *prog = test->insns; int map_fds[MAX_NR_MAPS]; - const char *expected_err; + const char *expected_err, *expected_info; uint32_t expected_val; uint32_t retval; int i, err; @@ -14253,6 +14255,8 @@ static void do_test_single(struct bpf_test *test, bool unpriv, test->result_unpriv : test->result; expected_err = unpriv && test->errstr_unpriv ? test->errstr_unpriv : test->errstr; + expected_info = unpriv && test->infostr_unpriv ? + test->infostr_unpriv : test->infostr; expected_val = unpriv && test->retval_unpriv ? test->retval_unpriv : test->retval; @@ -14272,6 +14276,11 @@ static void do_test_single(struct bpf_test *test, bool unpriv, strerror(errno)); goto fail_log; } + if (expected_info && !strstr(bpf_vlog, expected_info)) { + printf("FAIL\nMissing expected info message!\n\tEXP: %s\n\tRES: %s\n", + expected_info, bpf_vlog); + goto fail_log; + } } else { if (fd_prog >= 0) { printf("FAIL\nUnexpected success to load!\n"); From patchwork Fri Nov 23 18:35:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Hutchings X-Patchwork-Id: 1002508 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=codethink.co.uk Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 431lNq5FLyz9s0t for ; Sat, 24 Nov 2018 05:35:23 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2437168AbeKXFUl (ORCPT ); Sat, 24 Nov 2018 00:20:41 -0500 Received: from imap1.codethink.co.uk ([176.9.8.82]:60779 "EHLO imap1.codethink.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2395385AbeKXFUk (ORCPT ); Sat, 24 Nov 2018 00:20:40 -0500 Received: from cpc118554-reig6-2-0-cust775.6-3.cable.virginm.net ([86.18.95.8] helo=xylophone.i.decadent.org.uk) by imap1.codethink.co.uk with esmtpsa (Exim 4.84_2 #1 (Debian)) id 1gQGIK-0001LL-HD; Fri, 23 Nov 2018 18:35:12 +0000 Date: Fri, 23 Nov 2018 18:35:10 +0000 From: Ben Hutchings To: Alexei Starovoitov , Daniel Borkmann Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 3/3] selftests/bpf: Add test case for defence against SSB exploitation Message-ID: <20181123183510.irdednmxibfal5mu@xylophone.i.decadent.org.uk> References: <20181123183356.5q4bu47zpj5wdufb@xylophone.i.decadent.org.uk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20181123183356.5q4bu47zpj5wdufb@xylophone.i.decadent.org.uk> User-Agent: NeoMutt/20170113 (1.7.2) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Test that the defence added by commit af86ca4e3088 "bpf: Prevent memory disambiguation attack" is actually being applied. Signed-off-by: Ben Hutchings --- tools/testing/selftests/bpf/test_verifier.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c index e71b7f2e5f17..ca21a63541b0 100644 --- a/tools/testing/selftests/bpf/test_verifier.c +++ b/tools/testing/selftests/bpf/test_verifier.c @@ -13927,6 +13927,21 @@ static struct bpf_test tests[] = { .result = ACCEPT, }, { + "reference tracking: defend against SSB exploitation", + .insns = { + BPF_MOV32_IMM(BPF_REG_2, 1), + /* stack[-1] = (integer) 1 */ + BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -8), + /* stack[-1] = (pointer) context */ + BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_1, -8), + BPF_MOV32_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .infostr_unpriv = "patching in sanitization against SSB at 2", + .result_unpriv = ACCEPT, + .result = ACCEPT, + }, + { "calls: ctx read at start of subprog", .insns = { BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),