Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp824616pxb; Fri, 15 Apr 2022 12:20:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxqJylXcTd2ReceeqVzXz1VfkOgceBi0BIw1PbdZSWnlBZqn0PyGeDR3OfywIp9E2yKhagr X-Received: by 2002:a17:90b:3882:b0:1cd:41c1:712a with SMTP id mu2-20020a17090b388200b001cd41c1712amr5724536pjb.72.1650050434856; Fri, 15 Apr 2022 12:20:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650050434; cv=none; d=google.com; s=arc-20160816; b=k29oNoMPj0yz+IYxoAR9kz+5Jo6LNu24kLrm5pfJseoWnm+x5cWSwKAi/Wvd+ZylyK uWjyZILXVfk1VgTayibZiXZLnW9JCOuFM9BOFzcWSS+9tE718DGJV2i9wuFusNZrFkLG dSk5kQhx7f92piyFjVVhdwVH0CUjLTYOVqMo3o2RehQjzjlJPcIOXvriHSyCeR4ouF2l /IraNesY+K2Wqk8jmAA1ndtJGxKFY5cc/FS5AQe3VKfhgQUjQYi+qbPgTIn5fG2XSBjQ uAraQeT1TyTdbHzD2KRRyXnWfkQO16oeXGsA7A4xetRGzYrZzdbVC2U1SFWwsxux1Sfp /6sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=8Tiu9GfgkD+GsqRA+j44Yw5I46wY8QuomfzRtQUPRFo=; b=USnJkG0sp0pxGCOxNsvkLGUnFUTGP0/4T6x1QKIMWJVqQCiy0a4MJXbkiMfZX/pDhS KUAAGxdS1EWl+qpPfv1FSre47HedBU3DAfKxsjW8UYuBlL7wD+I1Zaqv0tmlv5AdRH5S XNcnrS2X993u71I0Y1HAn+JxvlAh+ll1hgbKZ1rFJK+ZeI+W+96LxjDX5igcgAorvz9q VZwVH6KzfNEYR3sKdzN3U0ZGtATYsmS97ZtW32/e5sWbaUjdCQmArQ2kV8Mk1AL9EMRE uAYYhgddroFijyjrwuJRq/b/5IH1RiFOSk5E/lMAHjXdziKW+6UUOWyVeYJREyiVa1PN VUdg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=D5ENLHyI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y71-20020a638a4a000000b003816043f0f9si2106415pgd.750.2022.04.15.12.19.55; Fri, 15 Apr 2022 12:20:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=D5ENLHyI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238460AbiDMTwv (ORCPT + 99 others); Wed, 13 Apr 2022 15:52:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238464AbiDMTwc (ORCPT ); Wed, 13 Apr 2022 15:52:32 -0400 Received: from mail-il1-x12d.google.com (mail-il1-x12d.google.com [IPv6:2607:f8b0:4864:20::12d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 236852C116; Wed, 13 Apr 2022 12:50:10 -0700 (PDT) Received: by mail-il1-x12d.google.com with SMTP id d3so1787299ilr.10; Wed, 13 Apr 2022 12:50:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8Tiu9GfgkD+GsqRA+j44Yw5I46wY8QuomfzRtQUPRFo=; b=D5ENLHyIiXmfehIAfPvIzNbsh7FgNaxwTQ8E5JHc+qCJQekBE3jWYJG/5UGakpQYpt l9INOvekj/V4cZP6yRjHoUBs3DazVWY2KhnQ5QK9f7Ln/qUuxJE1IZ0faSXl1Di2Lbfe IhcYpML5tcE/4cXu4Mvsn3IOZqWVwZ+txDAjk+zFoMFHirVpo4Ld6ATJIi5aL4zXcAOv TO3YWwYuJRta8cc9uu9glKHyedWzM5Ch1XKyMWqhpI/tZ/19yfvZuivrC97s6rVAweaZ ewfdrUO9ndm9uFTZgmOn//KwW8sXPabDK21x0VGc8VjzfUnr9sNW2ElT5ijo7QjYwIpR Y94w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8Tiu9GfgkD+GsqRA+j44Yw5I46wY8QuomfzRtQUPRFo=; b=jYSBtq2x6KY9AVp1ATy8sEM7bmX9/aiYEyTJl4aYmf8Di8JIYukDNqXWHkV/6t8oud D7BNCE95Tgx1fqakYBqaceHdShkXn77O+zKHrazvivfxCz24eRD2H1vHpRrAIszRAILY SXj68yKX3Uwu4m9ymm5JAvnPHnjAMxD0cQmF1py+yIsmydOgV1O5hSzekhFTW1HJw8wC IaKcQ8kS3nyd7OkkDOTxyR0DyXSYFyFooR6JRTRYKvausM6JzwcPa1DP0RDkhMjluAU/ sPQGiio4Wk1l4KuzNxkLDZOymVN7uOgIoS2hdF/w2pK/PtCwEXkTGNOS7A4SGwpPFIom q3xA== X-Gm-Message-State: AOAM531FbP645W9eZRyKETAkPHWQNSwDbcgknIlYON78fImJ1jjuWkoD euV+0abokWwuqBYWSx/tkth72wxHRhGscXjCB5c= X-Received: by 2002:a05:6e02:18c5:b0:2cb:cdca:bed4 with SMTP id s5-20020a056e0218c500b002cbcdcabed4mr2847853ilu.239.1649879409551; Wed, 13 Apr 2022 12:50:09 -0700 (PDT) MIME-Version: 1.0 References: <20220405170356.43128-1-tadeusz.struk@linaro.org> In-Reply-To: From: Andrii Nakryiko Date: Wed, 13 Apr 2022 12:49:58 -0700 Message-ID: Subject: Re: [PATCH] bpf: Fix KASAN use-after-free Read in compute_effective_progs To: Tadeusz Struk Cc: bpf , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Networking , linux- stable , open list , syzbot+f264bffdfbd5614f3bb2@syzkaller.appspotmail.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 13, 2022 at 12:27 PM Tadeusz Struk wrote: > > On 4/13/22 12:07, Andrii Nakryiko wrote: > >> it would be ideal if detach would never fail, but it would require some kind of > >> prealloc, on attach maybe? Another option would be to minimize the probability > > We allocate new arrays in update_effective_progs() under assumption > > that we might need to grow the array because we use > > update_effective_progs() for attachment. But for detachment we know > > that we definitely don't need to increase the size, we need to remove > > existing element only, thus shrinking the size. > > > > Normally we'd reallocate the array to shrink it (and that's why we use > > update_effective_progs() and allocate memory), but we can also have a > > fallback path for detachment only to reuse existing effective arrays > > and just shift all the elements to the right from the element that's > > being removed. We'll leave NULL at the end, but that's much better > > than error out. Subsequent attachment or detachment will attempt to > > properly size and reallocate everything. > > > > So I think that should be the fix, if you'd be willing to work on it. > > That makes it much easier then. I will change it so that there is no > alloc needed on the detach path. Thanks for the clarification. Keep in mind that we probably want to do normal alloc-based detach first anyways, if it works. It will keep effective arrays minimally sized. This additional detach specific logic should be a fall back path if the normal way doesn't work. > > -- > Thanks, > Tadeusz