Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3685351pxb;
        Mon, 1 Feb 2021 01:46:51 -0800 (PST)
X-Google-Smtp-Source: ABdhPJx01pLVaRdURZq1NwlxhnRlAlPZGYZvu2whVrxVznEvvJ89idTtsMMBix6GMzspSQ+n3ehH
X-Received: by 2002:a50:cd8c:: with SMTP id p12mr5820005edi.114.1612172811062;
        Mon, 01 Feb 2021 01:46:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612172811; cv=none;
        d=google.com; s=arc-20160816;
        b=0u8VU95iYVUPOzqXNSF6D0bVPEM8biRd/He5fVwJuLm4G3cY3Gc4KBICVfX2Svs842
         rr/6uLXevotemRh513rpp/0Grlp7alasTci6m2cSAXMSuWrOEILpXOCmu0XVbOApo8HC
         dTbrjBmAA3hR+M60B5fHpTtZe+O/LFrj5BDVAG5CjI+jZBHYHvmY2iJyUlUCXowKJ0oi
         YMCzJy7BDMSlgwycSuwtrfsbqeeW9Va+1lxYLy6IWOOf/pNQrOlYawAHg9AJZeetYjVL
         7BO87QW73MLf8PHtC0G3Yxu0uXn/QwiWoocqxFmCxWrDdKure/TZxOaHuaRbhT48mnji
         zmFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=2sHxy9y8qkhEHifIfAe0m1ot0K1d3d52OFzD+qlpuBU=;
        b=BDIuv+VoB2HvZXBKoO6wZ2MhyZaZzvky2jM7cCkrVoD640updMvwZ6A2YeWD8AQ7sr
         CBmfovW6bX8hER0uLFnHAcWMaMQOblEZAu1tML1O5VIli4uZiC+ZAM00qcgwO67+0i4E
         dAIejdibP5udpdfwSxhf0nsP4gSdqGsreDMTXwixLP26hy3V5tnAGJPXdcOoAi2E/322
         9hdJBXXINxYnHVaBb8xEwvnOedMcgW1yaY6pQCtKh0SqumjNFiO+WsB7c8Bsen1+5nRC
         DGbiuFyzynEVhmL9qfe5G7Z3MoiOyAwwaeKtgP6vs5xje2M010UhGkITvhD9V9iI2L+m
         Fr3w==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=NeM9ON29;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id hr3si9986391ejc.380.2021.02.01.01.46.26;
        Mon, 01 Feb 2021 01:46:51 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=NeM9ON29;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232957AbhBAJnn (ORCPT <rfc822;lkml.akiyano@gmail.com>
        + 99 others); Mon, 1 Feb 2021 04:43:43 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51932 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232772AbhBAJnk (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 1 Feb 2021 04:43:40 -0500
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 19F6FC06174A
        for <linux-kernel@vger.kernel.org>; Mon,  1 Feb 2021 01:43:00 -0800 (PST)
Received: by mail-qt1-x831.google.com with SMTP id z9so11749077qtv.6
        for <linux-kernel@vger.kernel.org>; Mon, 01 Feb 2021 01:43:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=2sHxy9y8qkhEHifIfAe0m1ot0K1d3d52OFzD+qlpuBU=;
        b=NeM9ON292bcd64Kcp1z5gL6seKO2huIT0uTkbIjuDyCv8g/B7hwOeO2OAamF9B2PEc
         ZbN3rq15lpmLJV5JUh3CfnQHd9b+YxMq+YDouvd5MsK+lD7L2Ow3FVdaW+XRHlDYD6/H
         WZVypjR7q4M6jZJbuSPLfv9fUnKjSsyRt/TTmDaYdWR/7zYJd72RrYEMvq0o33pqO4K5
         lbJBbkeRyO6N0No28SuLusfI0yy55S87qcE434y+K2PqoQt/6gIeyePbUOOuP/aymnBk
         7oPVPDckhy2fDc1Q/7+/etMpeJc8jE+vtf1E7T6slmA1BWrTkBsk9g0LTJujxL+N2liU
         63PQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=2sHxy9y8qkhEHifIfAe0m1ot0K1d3d52OFzD+qlpuBU=;
        b=mP1NAgCjhnTCX5r2oyw8wcOQ8khL36+2zDpMrcECG3szsbkFtFliRoUXis5u0NtA+Y
         BcdFSchkxmGP4oDuokacrNIJk05llfWQV+NKG4KGGc8r0VxBfkIXqktoU89y3cZo7hae
         uprG9UykjwJY+fNzFadFIlPf+efWGBKAQVEeD9AnnZm8UxyWdhUnMC3P/Nw2ApORxOsI
         GDcxHdha8rZWtLjWUDtN0w3AS6aIcUAEDuQtu2Ta+xgropTkobBjxJd9KISGf4WCQZSu
         J+bGbxAt6UShLrWLKRqq7MY9SIKUbfDUcF9z0y8fAcnLAGGyH2SLOY9ftxQ6POSYfWGu
         rNKg==
X-Gm-Message-State: AOAM532GHXNv8vR3n9bsGvr/0COpUxHTGZ5EpgIjluMURcv3zHkSsQXZ
        uNIS3gMXGJ6bqc2Sf91aUd5aVFEXYghwpJsgQVqp2g==
X-Received: by 2002:ac8:480b:: with SMTP id g11mr14124931qtq.290.1612172579083;
 Mon, 01 Feb 2021 01:42:59 -0800 (PST)
MIME-Version: 1.0
References: <CACT4Y+a7UBQpAY4vwT8Od0JhwbwcDrbJXZ_ULpPfJZ42Ew-yCQ@mail.gmail.com>
 <YBfIUwtK+QqVlfRt@hirez.programming.kicks-ass.net>
In-Reply-To: <YBfIUwtK+QqVlfRt@hirez.programming.kicks-ass.net>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Mon, 1 Feb 2021 10:42:47 +0100
Message-ID: <CACT4Y+Yq69nvj2KZUQrYqtyu+Low+jCCcH++U_vuiHkhezQHGw@mail.gmail.com>
Subject: Re: extended bpf_send_signal_thread with argument
To:     Peter Zijlstra <peterz@infradead.org>
Cc:     Steven Rostedt <rostedt@goodmis.org>,
        Ingo Molnar <mingo@redhat.com>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>, andrii@kernel.org,
        Martin KaFai Lau <kafai@fb.com>,
        David Miller <davem@davemloft.net>, kpsingh@kernel.org,
        John Fastabend <john.fastabend@gmail.com>,
        netdev <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Feb 1, 2021 at 10:22 AM Peter Zijlstra <peterz@infradead.org> wrote:
>
> On Sun, Jan 31, 2021 at 12:14:02PM +0100, Dmitry Vyukov wrote:
> > Hi,
> >
> > I would like to send a signal from a bpf program invoked from a
> > perf_event. There is:
>
> You can't. Sending signals requires sighand lock, and you're not allowed
> to take locks from perf_event context.


Then we just found a vulnerability because there is
bpf_send_signal_thread which can be attached to perf and it passes the
verifier :)
https://elixir.bootlin.com/linux/v5.11-rc5/source/kernel/trace/bpf_trace.c#L1145

It can defer sending the signal to the exit of irq context:
https://elixir.bootlin.com/linux/v5.11-rc5/source/kernel/trace/bpf_trace.c#L1108
Perhaps this is what makes it work?